Keyboard Time: 15 mins, Automation Wait Time: 8 mins
Scenarios: Instructor-Led, Self-Paced
Open ‘yourpersonalgroup/world-greetings-env-1’
On the upper right of the Project page, Click Web IDE
In the left side file browser, Click update-manifests.gitlab-ci.yml
You will be editing YAML - be careful that tabbing is properly aligned. Only removing the comment character (“#”) should result in proper tabbing.
Under include: uncomment - template: Security/SAST-IaC.latest.gitlab-ci.yml which should make the section look like this.:
include:
- local: .gitlab/ci_templates/git-push.yaml
- template: Security/SAST-IaC.latest.gitlab-ci.yml
Under variables: uncomment the variables: heading and the two variable which should make the section look like this:
variables:
SCAN_KUBERNETES_MANIFESTS: "true"
KUBESEC_HELM_CHARTS_PATH: $CI_PROJECT_DIR/constructed-manifests/
In the left side file browser, Click packages/hello-world/base/deployment.yaml
At the bottom of the file edit the securityContext: section to look like this (be sure to keep the same indentation starting by not moving the existing keyword securityContext and indenting sub levels by two spaces):
securityContext:
capabilities:
add:
- SYS_ADMIN
Click Create commit…
Select Commit to main branch (this is not the default)
Under ‘Commit Message’, Type [skip ci] Adding Manifest Security Scanning
Click Commit
Below the Create commit… button, in the status bar, Click [the pipeline #]
Expand the Downstream pipeline with the great than arrow (>).
Under the new stage ‘Test‘, Locate the new job kics-iac-sast
Click kics-iac-sast
Near the bottom of the log, Locate gl-sast-report.json : found 1 files and directories
On the left navigation, Click Security & Compliance => Vulnerability report
If there are not any vulnerabilities listed, you can examine the page for Last updated followed by an elapsed time and a clickable pipeline id reference.