Adding server input (#60)

* adding server input

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* update command

Signed-off-by: David Wertenteil <dwertent@armosec.io>

---------

Signed-off-by: David Wertenteil <dwertent@armosec.io>

.github/workflows/example-fix-commit.yaml

@@ -19,8 +19,9 @@ jobs:
       uses: tj-actions/changed-files@v35
     - uses: kubescape/github-action@main
       with:
-        account: ${{secrets.KUBESCAPE_ACCOUNT}}
-        accessKey: ${{secrets.KUBESCAPE_ACCESS_TOKEN}}
+        account: ${{ secrets.KUBESCAPE_ACCOUNT }}
+        accessKey: ${{ secrets.KUBESCAPE_ACCESS_TOKEN }}
+        server: ${{ vars.KUBESCAPE_SERVER }}
         files: ${{ steps.changed-files.outputs.all_changed_files }}
         fixFiles: true
         format: "sarif"

.github/workflows/example-fix-pr-review.yaml

@@ -21,6 +21,7 @@ jobs:
       with:
         account: ${{secrets.KUBESCAPE_ACCOUNT}}
         accessKey: ${{secrets.KUBESCAPE_ACCESS_TOKEN}}
+        server: ${{ vars.KUBESCAPE_SERVER }}
         files: ${{ steps.changed-files.outputs.all_changed_files }}
         fixFiles: true
         format: "sarif"

.github/workflows/example-scan-image.yaml

@@ -25,6 +25,7 @@ jobs:
         # Kubescape Portal credentials
         # account: ${{secrets.KUBESCAPE_ACCOUNT}}
         # accessKey: ${{secrets.KUBESCAPE_ACCESS_TOKEN}}
+        # server: ${{ vars.KUBESCAPE_SERVER }}
     - name: Upload Kubescape scan results to Github Code Scanning
       uses: github/codeql-action/upload-sarif@v2
       with:

.github/workflows/example-scan.yaml

@@ -17,6 +17,7 @@ jobs:
         # Kubescape Portal credentials
         account: ${{secrets.KUBESCAPE_ACCOUNT}}
         accessKey: ${{secrets.KUBESCAPE_ACCESS_TOKEN}}
+        server: ${{ vars.KUBESCAPE_SERVER }}
         # # Optional - Scan a specific path. Default will scan all
         # files: "examples/*.yaml"
     - name: Upload Kubescape scan results to Github Code Scanning

README.md

@@ -28,6 +28,7 @@ jobs:
         # # Optional: Specify the Kubescape Portal credentials 
         # account: ${{secrets.KUBESCAPE_ACCOUNT}}
         # accessKey: ${{secrets.KUBESCAPE_ACCESS_KEY}}
+        # server: ${{ vars.KUBESCAPE_SERVER }}
         # # Optional: Scan a specific path. Default will scan the whole repository
         # files: "examples/*.yaml"
     - name: Upload Kubescape scan results to Github Code Scanning
@@ -67,6 +68,7 @@ jobs:
       with:
         account: ${{secrets.KUBESCAPE_ACCOUNT}}
         accessKey: ${{secrets.KUBESCAPE_ACCESS_KEY}}
+        server: ${{ vars.KUBESCAPE_SERVER }}
         files: ${{ steps.changed-files.outputs.all_changed_files }}
         fixFiles: true
         format: "sarif"
@@ -106,6 +108,7 @@ jobs:
       with:
         account: ${{secrets.KUBESCAPE_ACCOUNT}}
         accessKey: ${{secrets.KUBESCAPE_ACCESS_KEY}}
+        server: ${{ vars.KUBESCAPE_SERVER }}
         files: ${{ steps.changed-files.outputs.all_changed_files }}
         fixFiles: true
         format: "sarif"
@@ -168,6 +171,7 @@ jobs:
         # Kubescape Portal credentials
         # account: ${{secrets.KUBESCAPE_ACCOUNT}}
         # accessKey: ${{secrets.KUBESCAPE_ACCESS_KEY}}
+        # server: ${{ vars.KUBESCAPE_SERVER }}
     - name: Upload Kubescape scan results to Github Code Scanning
       uses: github/codeql-action/upload-sarif@v2
       with:
@@ -182,8 +186,9 @@ jobs:
 | outputFile | Name of the output file where the scan result will be stored without the extension. | No (default is `results`) |
 | frameworks | Security framework(s) to scan the files against. Multiple frameworks can be specified separated by a comma with no spaces. Example - `nsa,devopsbest`. Run `kubescape list frameworks` in the [Kubescape CLI](https://hub.armo.cloud/docs/installing-kubescape) to get a list of all frameworks. Either frameworks have to be specified or controls. | No |
 | controls | Security control(s) to scan the files against. Multiple controls can be specified separated by a comma with no spaces. Example - `Configured liveness probe,Pods in default namespace`. Run `kubescape list controls` in the [Kubescape CLI](https://hub.armo.cloud/docs/installing-kubescape) to get a list of all controls. You can use either the complete control name or the control ID such as `C-0001` to specify the control you want use. You must specify either the control(s) or the framework(s) you want used in the scan. | No |
-| account | Account ID for [Kubescape cloud](https://cloud.armosec.io/). Used for custom configuration, such as frameworks, control configuration, etc. | No |
-| accessKey | AccessLKey for [Kubescape cloud](https://cloud.armosec.io/). Used for custom configuration, such as frameworks, control configuration, etc. | No |
+| account | account ID for integrating with a third-party server  | No |
+| accessKey | access-key for integrating with a third-party server  | No |
+| server | URL for integrating with a third-party server | No |
 | failedThreshold | Failure threshold is the percent above which the command fails and returns exit code 1 (default 0 i.e, action fails if any control fails) | No (default 0) |
 | severityThreshold | Severity threshold is the severity of a failed control at or above which the command terminates with an exit code 1 (default is `high`, i.e. the action fails if any High severity control fails) | No |
 | verbose | Display all of the input resources and not only failed resources. Default is off | No |
@@ -218,6 +223,7 @@ jobs:
         # Specify the Kubescape cloud account ID
         account: ${{secrets.KUBESCAPE_ACCOUNT}}
         accessKey: ${{secrets.KUBESCAPE_ACCESS_KEY}}
+        server: ${{ vars.KUBESCAPE_SERVER }}
     - name: Upload Kubescape scan results to Github Code Scanning
       uses: github/codeql-action/upload-sarif@v2
       with:

action.yml

@@ -53,13 +53,18 @@ inputs:
     required: false
   account:
     description: |
-      Account ID for the Kubescape SaaS.
-      Used for custom configuration, such as frameworks, control configuration, etc.
+      Kubescape Portal client id.
+      Use for integrating with third-party servers.
     required: false
   accessKey:
     description: |
-      AccessKey for the Kubescape SaaS.
-      Used for custom configuration, such as frameworks, control configuration, etc.
+      Kubescape Portal accessKey.
+      Use for integrating with third-party servers.
+    required: false
+  server:
+    description: |
+      Kubescape Portal URL.
+      Use for integrating with third-party servers.
     required: false
   exceptions:
     description: |

entrypoint.sh

@@ -100,6 +100,7 @@ output_file=$([ -n "${INPUT_OUTPUTFILE}" ] && echo "${INPUT_OUTPUTFILE}" || echo
 
 account_opt=$([ -n "${INPUT_ACCOUNT}" ] && echo --account "${INPUT_ACCOUNT}" || echo "")
 access_key_opt=$([ -n "${INPUT_ACCESSKEY}" ] && echo --access-key "${INPUT_ACCESSKEY}" || echo "")
+server_opt=$([ -n "${INPUT_SERVER}" ] && echo --server "${INPUT_SERVER}" || echo "")
 
 # If account ID is empty, we load artifacts from the local path, otherwise we
 # load from the cloud (this will enable custom framework support)
@@ -159,7 +160,7 @@ if [ -n "${INPUT_IMAGE}" ]; then
 fi
 
 # TODO: include artifacts_opt once https://github.com/kubescape/kubescape/issues/1040 is resolved
-scan_command="kubescape scan ${image_subcmd} ${frameworks_cmd} ${controls_cmd} ${scan_input} ${account_opt} ${fail_threshold_opt} ${compliance_threshold_opt} ${severity_threshold_opt} --format ${output_formats} --output ${output_file} ${verbose} ${exceptions} ${controls_config}"
+scan_command="kubescape scan ${image_subcmd} ${frameworks_cmd} ${controls_cmd} ${scan_input} ${account_opt} ${access_key_opt} ${server_opt} ${fail_threshold_opt} ${compliance_threshold_opt} ${severity_threshold_opt} --format ${output_formats} --output ${output_file} ${verbose} ${exceptions} ${controls_config}"
 
 echo "${scan_command}"
 eval "${scan_command}"