Integrate KICS with Bitbucket Pipelines¶
You can integrate KICS into Bitbucket Pipelines CI/CD.
This provides you the ability to run KICS scans in your Bitbucket repositories and streamline vulnerabilities and misconfiguration checks to your infrastructure as code (IaC).
Example configuration¶
image: atlassian/default-image:2
pipelines:
default:
- step:
name: 'Cx KICS'
script:
- LATEST_KICS_TAG=$(curl --silent "https://api.github.com/repos/Checkmarx/kics/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
- LATEST_KICS_VERSION=${LATEST_KICS_TAG#v}
- wget -q -c "https://github.com/Checkmarx/kics/releases/download/${LATEST_KICS_TAG}/kics_${LATEST_KICS_VERSION}_linux_x64.tar.gz" -O - | tar -xz --directory /usr/bin &>/dev/null
- kics -q /usr/bin/assets/queries -p ${PWD} -o ${PWD}/kics-results.json
- TOTAL_SEVERITY_COUNTER=`grep '"totalCounter"':' ' ${PWD}/kics-results.json | awk {'print $2'}`
- export SEVERITY_COUNTER_HIGH=`grep '"HIGH"':' ' ${PWD}/kics-results.json | awk {'print $2'} | sed 's/.$//'`
- SEVERITY_COUNTER_MEDIUM=`grep '"INFO"':' ' ${PWD}/kics-results.json | awk {'print $2'} | sed 's/.$//'`
- SEVERITY_COUNTER_LOW=`grep '"LOW"':' ' ${PWD}/kics-results.json | awk {'print $2'} | sed 's/.$//'`
- SEVERITY_COUNTER_INFO=`grep '"MEDIUM"':' ' ${PWD}/kics-results.json | awk {'print $2'} | sed 's/.$//'`
- echo "TOTAL SEVERITY COUNTER $TOTAL_SEVERITY_COUNTER"
- if [ "$SEVERITY_COUNTER_HIGH" -ge "1" ];then echo "Please fix all $SEVERITY_COUNTER_HIGH HIGH SEVERITY COUNTERS" && exit 1;fi
artifacts:
- kics-results.json