Configuring integration with TeamCity CI/CD

To configure integration with TeamCity CI/CD:

  1. Copy the API token on the My profile page to authorize the Kaspersky Container Security API in TeamCity.
  2. In the settings menu in the TeamCity web interface, select Build Configuration HomeParameters.
  3. Click Add new parameters to add the values of the following environment variables:
    • API_TOKEN— specify the copied value of the Kaspersky Container Security API token.
    • API_BASE_URL — specify the URL of Kaspersky Container Security.
    • RUST_BACKTRACE — If necessary, specify full to use backtracing.
    • SKIP_API_SERVER_VALIDATION — specify true if you are using a self-signed certificate or if you need to skip authentication of the receiving server using the CA certificate of the Ingress controller.
    • COMPANY_EXT_REGISTRY_USERNAME – specify the account name in the registry of the scanned image.
    • COMPANY_EXT_REGISTRY_PASSWORD – specify the password for the registry of the scanned image.
    • COMPANY_EXT_REGISTRY_TLS_CERT – specify details of the certificate for secure connection to the registry.

      The certificate details are specified as a string in the .PEM format:
      -----BEGIN CERTIFICATE-----\n... <certificate details> ...\n-----END CERTIFICATE-----.

    • HTTP_PROXY – a proxy server for HTTP requests
    • HTTPS_PROXY – a proxy server for HTTPS requests
    • NO_PROXY – domains or appropriate domain masks to be excluded from proxying
  4. Go to the Build Configuration HomeBuild Step: Command Line section and click Add build step to add a build step.
  5. In the window that opens, specify the following settings of the build step:
    • In the Runner type drop-down list, select Command Line.
    • In the Run drop-down list, select Custom script.
    • In the Custom script field, specify the path to the container for scanning (for example, /bin/sh /entrypoint.sh nginx:latest).
  6. Under Docker Settings, specify the following settings:
    • In the Run step within Docker container field, specify the address of the scanner in the Docker registry. For example, company.gitlab.cloud.net:5050/companydev/example/scanner:v2.0.0-with-db.
    • In the Additional docker run arguments field, increase the privilege value to --privileged.
  7. Click Save to save the settings.
  8. Click Run in the upper-right corner of the page to start the build.
  9. If necessary, download the scan results artifact, which is available on the Artifacts tab on the build scan results page in the TeamCity web interface.
Page top