Integrate Kyverno with Vulnetix. Use the Kyverno CLI to validate Kubernetes manifests against policies offline, generate policy reports, and upload findings to Vulnetix.
CLI toolJSONSARIF
Install & scan
$ # Via Homebrew brew install kyverno # Via Krew (kubectl plugin manager) kubectl krew install kyverno # Download binary curl -LO https://github.com/kyverno/kyverno/releases/latest/download/kyverno-cli_linux_x86_64.tar.gz tar xvf kyverno-cli_linux_x86_64.tar.gz && sudo mv kyverno /usr/local/bin/ $ kyverno apply ./policies/ --resource ./manifests/ --policy-report -o json > kyverno-report.json
Run Kyverno in CI
Scan on every push and upload the results to Vulnetix:
- name: Install Kyverno CLI
run: |
curl -LO https://github.com/kyverno/kyverno/releases/latest/download/kyverno-cli_linux_x86_64.tar.gz
tar xvf kyverno-cli_linux_x86_64.tar.gz && sudo mv kyverno /usr/local/bin/
- name: Validate Kubernetes manifests
run: kyverno apply ./policies/ --resource ./manifests/ --policy-report -o json > kyverno-report.json
- name: Upload to Vulnetix
run: vulnetix upload --file kyverno-report.json
Centralise Kyverno results in Vulnetix
Upload Kyverno JSON, SARIF output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.