Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
KICS.io example pipeline
trigger:
- none
pool:
vmImage: 'ubuntu-20.04'
stages:
- stage: kics
displayName: kics
jobs:
- job: runKics
displayName: runKics
steps:
- script: |
get_latest_kics_release() {
curl --silent "https://api.github.com/repos/Checkmarx/kics/releases/latest" |
jq .tag_name |
sed -E 's/"//g'
}
OS=$(uname -s) # Linux
LATEST_TAG=$(get_latest_kics_release) # v1.3.2
LATEST_VERSION=${LATEST_TAG#v}
PACKAGE_NAME=kics_${LATEST_VERSION}_${OS}_x64.tar.gz
TARGET_DIR=/home/vsts/kics
mkdir -p ${TARGET_DIR}
wget -q -c https://github.com/Checkmarx/kics/releases/download/${LATEST_TAG}/${PACKAGE_NAME} -O - | tar -xz -C ${TARGET_DIR}
echo '--- START SCANNING $(PWD) ---'
${TARGET_DIR}/kics scan --no-progress -p $(PWD) -o $(PWD)/results.json
TOTAL_SEVERITY_COUNTER=`jq .total_counter $(PWD)/results.json`
SEVERITY_COUNTER_HIGH=`jq .severity_counters.HIGH $(PWD)/results.json`
SEVERITY_COUNTER_MEDIUM=`jq .severity_counters.MEDIUM $(PWD)/results.json`
SEVERITY_COUNTER_LOW=`jq .severity_counters.LOW $(PWD)/results.json`
SEVERITY_COUNTER_INFO=`jq .severity_counters.INFO $(PWD)/results.json`
echo "TOTAL SEVERITY COUNTER $TOTAL_SEVERITY_COUNTER"
if [ "$SEVERITY_COUNTER_HIGH" -ge "1" ]; then
echo "##vso[task.logissue type=error;]Please fix all $SEVERITY_COUNTER_HIGH HIGH SEVERITY COUNTERS";
exit 1;
fi
if [ "$TOTAL_SEVERITY_COUNTER" -ge "1" ]; then
echo "##vso[task.logissue type=warning;]Please review the output json for $TOTAL_SEVERITY_COUNTER issues";
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment