Sample private source scan

Define the resources

Create sample-private-source-scan.yaml and ensure you enter a valid private SSH key value in the secret:

---
apiVersion: v1
kind: Secret
metadata:
  name: secret-ssh-auth
type: kubernetes.io/ssh-auth
stringData:
  ssh-privatekey: <insert your PEM-encoded ssh private key>

---
apiVersion: scanning.apps.tanzu.vmware.com/v1beta1
kind: SourceScan
metadata:
  name: sample-private-source-scan
spec:
  git:
    url: <git clone via ssh>
    revision: <branch, tag or commit digest>
    knownHosts: |
      <known host>
      <another host etc>
  scanTemplate: private-source-scan-template

(Optional) Set up a watch

Before deploying, set up a watch in another terminal to see things process, which will be quick:

watch kubectl get scantemplates,scanpolicies,sourcescans,imagescans,pods,jobs

For more information, see Observing and Troubleshooting.

Deploy the resources

kubectl apply -f sample-private-source-scan.yaml

View the scan status

Once the scan has completed, run:

kubectl describe sourcescan sample-private-source-scan

Notice the Status.Conditions includes a Reason: JobFinished and Message: The scan job finished.

For more information, see Viewing and Understanding Scan Status Conditions.

Clean up

kubectl delete -f sample-private-source-scan.yaml

View vulnerability reports

After completing the scans, query the Supply Chain Security Tools - Store to view your vulnerability results.

check-circle-line exclamation-circle-line close-line
Scroll to top icon