Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
KICS.io example pipeline (tested with version 1.4.9)
###
# Example Azure DevOps pipeline accompanying blogpost: https://peterrombouts.nl/2021/05/13/static-code-analysis-of-infrastructure-as-code/
# Tested up until Kics.io version 1.4.9
###
trigger:
- none
pool:
vmImage: 'ubuntu-20.04'
stages:
- stage: kics
displayName: kics
jobs:
- job: runKics
displayName: runKics
steps:
- script: |
get_latest_kics_release() {
curl --silent "https://api.github.com/repos/Checkmarx/kics/releases/latest" | jq -r .tag_name
}
OS=$(uname -s)
LATEST_TAG=$(get_latest_kics_release)
LATEST_VERSION=${LATEST_TAG#v}
PACKAGE_NAME=kics_${LATEST_VERSION}_${OS}_x64.tar.gz
TARGET_DIR=/home/vsts/kics
mkdir -p ${TARGET_DIR}
wget -q -c https://github.com/Checkmarx/kics/releases/download/${LATEST_TAG}/${PACKAGE_NAME} -O - | tar -xz -C ${TARGET_DIR}
echo '--- START SCANNING $(PWD) ---'
${TARGET_DIR}/kics scan --no-progress -p $(PWD) -o $(PWD)
TOTAL_SEVERITY_COUNTER=`jq -r .total_counter $(PWD)/results.json`
SEVERITY_COUNTER_HIGH=`jq -r .severity_counters.HIGH $(PWD)/results.json`
SEVERITY_COUNTER_MEDIUM=`jq -r .severity_counters.MEDIUM $(PWD)/results.json`
SEVERITY_COUNTER_LOW=`jq -r .severity_counters.LOW $(PWD)/results.json`
SEVERITY_COUNTER_INFO=`jq -r .severity_counters.INFO $(PWD)/results.json`
echo "TOTAL SEVERITY COUNTER $TOTAL_SEVERITY_COUNTER"
if [ "$SEVERITY_COUNTER_HIGH" -ge "1" ]; then
echo "##vso[task.logissue type=error;]Please fix all $SEVERITY_COUNTER_HIGH HIGH SEVERITY COUNTERS";
exit 1;
fi
if [ "$TOTAL_SEVERITY_COUNTER" -ge "1" ]; then
echo "##vso[task.logissue type=warning;]Please review the output json for $TOTAL_SEVERITY_COUNTER issues";
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment