Better support for Helm templates in Kubesec analyzer
Problem to solve
Our kubesec analyzer scans Kubernetes manifests, but cannot scan Helm templates. It is possible to compile those Helm templates and then scan the output, as @theoretick demonstrates here.
We should incorporate this functionality into our kubesec analyzer so that the customer doesn't have to do anything to get this benefit.
Intended users
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- Sidney (Systems Administrator)
- Sam (Security Analyst)
Further details
From: gitlab-org/security-products/analyzers/kubesec!1 (comment 242132931)
According to https://kubernetes.io/blog/2018/04/24/kubernetes-application-survey-results-2018/ helm is used by 64% of kubernetes users and while it will increase the base size I think it could be quite useful. I'm thinking ideally user shouldn't need the pre-compilation approach and instead move the contents of
compile_manifests
into abefore_script
block
Links / references
Release Post: gitlab-com/www-gitlab-com!52655 (merged)