Difference between revisions of "K8s security scanner"
Jump to navigation
Jump to search
| Line 11: | Line 11: | ||
``` | ``` | ||
kubectl get vulnerabilityreports --all-namespaces -o wide | kubectl get vulnerabilityreports --all-namespaces -o wide | ||
| + | ``` | ||
| + | To blow out namespace | ||
| + | ``` | ||
| + | kubectl delete all --all -n test | ||
``` | ``` | ||
Revision as of 16:43, 4 April 2023
https://github.com/aquasecurity/trivy
Trivy on Microk8s
microk8s enable community microk8s enable trivy kubectl get pod -n trivy-system
It might take awhile for trivy to adjust pods to your k8s size but when all pods are in a healthy state run
kubectl get vulnerabilityreports --all-namespaces -o wide
To blow out namespace
kubectl delete all --all -n test
Get reports
Inspect created VulnerabilityReports by:
kubectl get vulnerabilityreports --all-namespaces -o wide
Inspect created ConfigAuditReports by:
kubectl get configauditreports --all-namespaces -o wide
Inspect the work log of trivy-operator by:
kubectl logs -n trivy-system deployment/trivy-operator