Skip to main content

kube-bench CI/CD integration with Snapsec VM

Use kube-bench in your CI pipeline (or as part of your cluster security checks) to run Kubernetes CIS benchmark tests and then push the findings into Snapsec VM using a simple webhook. This guide shows you, step by step, how to:
  1. Run kube-bench in your GitHub Actions or GitLab CI pipeline.
  2. Generate a JSON report.
  3. Send that JSON report directly to Snapsec VM using a webhook.
You do not need to be a CI/CD expert to follow this guide.

1. Prerequisites

  • Access to a Kubernetes cluster or node where kube-bench can run.
  • kube-bench available in your CI or cluster environment (container image or binary).
  • Snapsec:
    • An Assessment in Snapsec VM where kube-bench findings will be stored.
    • Assessment ID (<assessment-id>)
    • API key (<your-api-key>)
  • curl available in the environment running kube-bench.

2. Create an assessment in Snapsec VM

Before you send any results, create a dedicated assessment in Snapsec VM that will hold the kube-bench findings:
  1. Log in to the Snapsec UI.
  2. Go to the VM / Assessments section.
  3. Click New Assessment and give it a clear name, for example:
    • kube-bench - Cluster A
  4. Save the assessment and copy its Assessment ID value.
You will use this Assessment ID in the webhook URL in the next steps.

3. Generate kube-bench JSON report

On a node (or in CI) where Kubernetes config is available: 
kube-bench --json > kube-bench.json
This writes the CIS benchmark results as JSON to kube-bench.json. You can try this locally first to confirm it works before adding it to your CI.

4. Push kube-bench JSON directly to Snapsec VM via webhook

curl -X POST "https://suite.snapsec.co/csm/api/import/<assessment-id>/nuclei-scanning" \
     -H "x-api-key: <your-api-key>" \
     -H "Content-Type: application/json" \
     -d @kube-bench.json \
     -k
Important: Replace <assessment-id> with your actual Assessment ID and <your-api-key> with your API key. Note on the -k flag: This flag tells curl to perform an “insecure” SSL transfer, which bypasses certificate validation. You may need this for local or development environments. Remove it if your endpoint has a valid SSL certificate.
Below are example CI configurations.

5. GitHub Actions example

name: kube-bench to Snapsec

on:
  workflow_dispatch:

jobs:
  kube-bench-snapsec:
    runs-on: ubuntu-latest

    steps:
      - name: Run kube-bench
        uses: aquasecurity/[email protected]
        with:
          json: true
          output-file: kube-bench.json

      - name: Push to Snapsec
        env:
          SNAPSEC_ASSESSMENT_ID: ${{ secrets.SNAPSEC_ASSESSMENT_ID }}
          SNAPSEC_API_KEY: ${{ secrets/SNAPSEC_API_KEY }}
        run: |
          curl -X POST "https://suite.snapsec.co/csm/api/import/${SNAPSEC_ASSESSMENT_ID}/nuclei-scanning" \
               -H "x-api-key: ${SNAPSEC_API_KEY}" \
               -H "Content-Type: application/json" \
               -d @kube-bench.json \
               -k

6. GitLab CI example

kube_bench_to_snapsec:
  image: aquasec/kube-bench:latest
  stage: test
  script:
    - kube-bench --json > kube-bench.json
    - >
      curl -X POST
      "https://suite.snapsec.co/csm/api/import/${SNAPSEC_ASSESSMENT_ID}/nuclei-scanning"
      -H "x-api-key: ${SNAPSEC_API_KEY}"
      -H "Content-Type: application/json"
      -d @kube-bench.json
      -k
  variables:
    SNAPSEC_ASSESSMENT_ID: "$SNAPSEC_ASSESSMENT_ID"
    SNAPSEC_API_KEY: "$SNAPSEC_API_KEY"
  only:
    - merge_requests
    - main
With these examples, kube-bench results from CIS checks can be uploaded straight into Snapsec VM.

*** Add File: /Users/imran/Desktop/suite-docs/integrations/vm/cloudsploit.mdx

title: CloudSploit description: Step-by-step guide to run CloudSploit in GitHub or GitLab CI and push findings into Snapsec VM via webhook. mode: wide

CloudSploit CI/CD integration with Snapsec VM

Use CloudSploit to scan your cloud accounts for misconfigurations and then push the findings into Snapsec VM using a webhook. This guide shows you, step by step, how to:
  1. Run CloudSploit in your GitHub Actions or GitLab CI pipeline.
  2. Generate a JSON report.
  3. Send that JSON report directly to Snapsec VM using a webhook.

1. Prerequisites

  • CloudSploit CLI (or Docker image) available in your CI environment.
  • Cloud provider credentials configured for CloudSploit (AWS, Azure, GCP, etc.).
  • Snapsec:
    • An Assessment in Snapsec VM where CloudSploit findings will be stored.
    • Assessment ID (<assessment-id>)
    • API key (<your-api-key>)
  • curl available.

2. Create an assessment in Snapsec VM

Create an assessment such as CloudSploit - Cloud Posture and copy its Assessment ID.

3. Generate CloudSploit JSON report

Example using the CloudSploit CLI: 
cloudsploit scan --json > cloudsploit.json
You can pass additional flags for account, regions, or plugins as needed.

4. Push CloudSploit JSON directly to Snapsec VM via webhook

curl -X POST "https://suite.snapsec.co/csm/api/import/<assessment-id>/nuclei-scanning" \
     -H "x-api-key: <your-api-key>" \
     -H "Content-Type: application/json" \
     -d @cloudsploit.json \
     -k
Important: Replace <assessment-id> and <your-api-key> with real values.
The -k flag allows insecure SSL in dev; remove it for production.

5. GitHub Actions example

name: CloudSploit to Snapsec

on:
  schedule:
    - cron: "0 2 * * *"

jobs:
  cloudsploit-snapsec:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install CloudSploit
        run: npm install -g @cloudsploit/scan

      - name: Run CloudSploit
        run: cloudsploit scan --json > cloudsploit.json

      - name: Push to Snapsec
        env:
          SNAPSEC_ASSESSMENT_ID: ${{ secrets.SNAPSEC_ASSESSMENT_ID }}
          SNAPSEC_API_KEY: ${{ secrets.SNAPSEC_API_KEY }}
        run: |
          curl -X POST "https://suite.snapsec.co/csm/api/import/${SNAPSEC_ASSESSMENT_ID}/nuclei-scanning" \
               -H "x-api-key: ${SNAPSEC_API_KEY}" \
               -H "Content-Type: application/json" \
               -d @cloudsploit.json \
               -k

6. GitLab CI example

cloudsploit_to_snapsec:
  image: node:20
  stage: test
  script:
    - npm install -g @cloudsploit/scan
    - cloudsploit scan --json > cloudsploit.json
    - >
      curl -X POST
      "https://suite.snapsec.co/csm/api/import/${SNAPSEC_ASSESSMENT_ID}/nuclei-scanning"
      -H "x-api-key: ${SNAPSEC_API_KEY}"
      -H "Content-Type: application/json"
      -d @cloudsploit.json
      -k
  variables:
    SNAPSEC_ASSESSMENT_ID: "$SNAPSEC_ASSESSMENT_ID"
    SNAPSEC_API_KEY: "$SNAPSEC_API_KEY"
  only:
    - merge_requests
    - main

*** Add File: /Users/imran/Desktop/suite-docs/integrations/vm/kics.mdx

title: KICS description: Step-by-step guide to run KICS in GitHub or GitLab CI and push findings into Snapsec VM via webhook. mode: wide

KICS CI/CD integration with Snapsec VM

Use KICS (Keeping Infrastructure as Code Secure) to scan Terraform, Kubernetes, Docker, and other IaC files, then push the findings into Snapsec VM. This guide shows you, step by step, how to:
  1. Run KICS in your GitHub Actions or GitLab CI pipeline.
  2. Generate a JSON report.
  3. Send that JSON report directly to Snapsec VM using a webhook.

1. Prerequisites

  • Repositories containing IaC files (Terraform, CloudFormation, Kubernetes manifests, etc.).
  • KICS available in CI (Docker image or binary).
  • Snapsec:
    • An Assessment in Snapsec VM where KICS findings will be stored.
    • Assessment ID (<assessment-id>)
    • API key (<your-api-key>)
  • curl available.

2. Create an assessment in Snapsec VM

Create an assessment like KICS - IaC and copy its Assessment ID.

3. Generate KICS JSON report

Example using the official KICS Docker image scanning the current repo: 
docker run --rm -v "$PWD":/workspace checkmarx/kics:latest scan \
  -p /workspace \
  -o /workspace \
  -f json \
  --output-name kics
This writes a JSON report named kics.json in the current directory.

4. Push KICS JSON directly to Snapsec VM via webhook

curl -X POST "https://suite.snapsec.co/csm/api/import/<assessment-id>/nuclei-scanning" \
     -H "x-api-key: <your-api-key>" \
     -H "Content-Type: application/json" \
     -d @kics.json \
     -k
Replace <assessment-id> / <your-api-key> and remove -k once SSL is properly configured.

5. GitHub Actions example

name: KICS to Snapsec

on:
  push:
    branches: [ main ]
  pull_request:

jobs:
  kics-snapsec:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Run KICS
        run: |
          docker run --rm -v "$PWD":/workspace checkmarx/kics:latest scan \
            -p /workspace \
            -o /workspace \
            -f json \
            --output-name kics

      - name: Push to Snapsec
        env:
          SNAPSEC_ASSESSMENT_ID: ${{ secrets.SNAPSEC_ASSESSMENT_ID }}
          SNAPSEC_API_KEY: ${{ secrets.SNAPSEC_API_KEY }}
        run: |
          curl -X POST "https://suite.snapsec.co/csm/api/import/${SNAPSEC_ASSESSMENT_ID}/nuclei-scanning" \
               -H "x-api-key: ${SNAPSEC_API_KEY}" \
               -H "Content-Type: application/json" \
               -d @kics.json \
               -k

6. GitLab CI example

kics_to_snapsec:
  image: docker:24
  stage: test
  services:
    - docker:24-dind
  script:
    - docker run --rm -v "$PWD":/workspace checkmarx/kics:latest scan -p /workspace -o /workspace -f json --output-name kics
    - >
      curl -X POST
      "https://suite.snapsec.co/csm/api/import/${SNAPSEC_ASSESSMENT_ID}/nuclei-scanning"
      -H "x-api-key: ${SNAPSEC_API_KEY}"
      -H "Content-Type: application/json"
      -d @kics.json
      -k
  variables:
    SNAPSEC_ASSESSMENT_ID: "$SNAPSEC_ASSESSMENT_ID"
    SNAPSEC_API_KEY: "$SNAPSEC_API_KEY"
  only:
    - merge_requests
    - main

*** Add File: /Users/imran/Desktop/suite-docs/integrations/vm/tfsec.mdx

title: TFSec description: Step-by-step guide to run TFSec in GitHub or GitLab CI and push findings into Snapsec VM via webhook. mode: wide

TFSec CI/CD integration with Snapsec VM

Use TFSec to statically analyze Terraform code for security misconfigurations and then push findings into Snapsec VM. This guide shows you, step by step, how to:
  1. Run TFSec in your GitHub Actions or GitLab CI pipeline.
  2. Generate a JSON report.
  3. Send that JSON report directly to Snapsec VM using a webhook.

1. Prerequisites

  • Terraform code in your repository.
  • TFSec installed (CLI or Docker image).
  • Snapsec:
    • An Assessment in Snapsec VM where TFSec findings will be stored.
    • Assessment ID (<assessment-id>)
    • API key (<your-api-key>)
  • curl available.

2. Create an assessment in Snapsec VM

Create an assessment like TFSec - Terraform and copy its Assessment ID.

3. Generate TFSec JSON report

tfsec . --format json --out tfsec.json
You can try this locally first to confirm it works before wiring it into CI.

4. Push TFSec JSON directly to Snapsec VM via webhook

curl -X POST "https://suite.snapsec.co/csm/api/import/<assessment-id>/nuclei-scanning" \
     -H "x-api-key: <your-api-key>" \
     -H "Content-Type: application/json" \
     -d @tfsec.json \
     -k
Replace placeholders and remove -k once SSL is fully trusted.

5. GitHub Actions example

name: TFSec to Snapsec

on:
  push:
    branches: [ main ]
  pull_request:

jobs:
  tfsec-snapsec:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Run TFSec
        uses: aquasecurity/tfsec-action@v1
        with:
          format: "json"
          out: "tfsec.json"

      - name: Push to Snapsec
        env:
          SNAPSEC_ASSESSMENT_ID: ${{ secrets.SNAPSEC_ASSESSMENT_ID }}
          SNAPSEC_API_KEY: ${{ secrets.SNAPSEC_API_KEY }}
        run: |
          curl -X POST "https://suite.snapsec.co/csm/api/import/${SNAPSEC_ASSESSMENT_ID}/nuclei-scanning" \
               -H "x-api-key: ${SNAPSEC_API_KEY}" \
               -H "Content-Type: application/json" \
               -d @tfsec.json \
               -k

6. GitLab CI example

tfsec_to_snapsec:
  image: aquasec/tfsec:latest
  stage: test
  script:
    - tfsec . --format json --out tfsec.json
    - >
      curl -X POST
      "https://suite.snapsec.co/csm/api/import/${SNAPSEC_ASSESSMENT_ID}/nuclei-scanning"
      -H "x-api-key: ${SNAPSEC_API_KEY}"
      -H "Content-Type: application/json"
      -d @tfsec.json
      -k
  variables:
    SNAPSEC_ASSESSMENT_ID: "$SNAPSEC_ASSESSMENT_ID"
    SNAPSEC_API_KEY: "$SNAPSEC_API_KEY"
  only:
    - merge_requests
    - main