From f7b7e8a50a6b0a95a555d7413f35380382c9c1bf Mon Sep 17 00:00:00 2001
From: maria-reynoso <ortega.reynoso@gmail.com>
Date: Tue, 31 Dec 2024 14:16:59 +0100
Subject: [PATCH] Add scan pipeline

---
 .github/workflows/scan.yaml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/workflows/scan.yaml

diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
new file mode 100644
index 0000000..2a48aaa
--- /dev/null
+++ b/.github/workflows/scan.yaml
@@ -0,0 +1,20 @@
+name: Kubescape scanning for misconfigurations
+on: [push, pull_request]
+jobs:
+  kubescape:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: kubescape/github-action@main
+      continue-on-error: true
+      with:
+        format: sarif
+        outputFile: results.sarif
+        # Optional: Specify the Kubescape cloud account ID
+        # account: ${{secrets.KUBESCAPE_ACCOUNT}}
+        # # Optional: Scan a specific path. Default will scan the whole repository
+        # files: "examples/*.yaml"
+    - name: Upload Kubescape scan results to Github Code Scanning
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: results.sarif
\ No newline at end of file