K8s security scanner

From UVOO Tech Wiki
Revision as of 16:54, 4 April 2023 by Busk (talk | contribs)
Jump to navigation Jump to search

https://github.com/aquasecurity/trivy

https://aquasecurity.github.io/trivy/v0.33/tutorials/kubernetes/cluster-scanning/

Trivy on Microk8s

microk8s enable community
microk8s enable trivy
kubectl get pod -n trivy-system

It might take awhile for trivy to adjust pods to your k8s size but when all pods are in a healthy state run 

kubectl get vulnerabilityreports --all-namespaces -o wide

To blow out namespace 

kubectl delete all --all -n test

Get reports 

Inspect created VulnerabilityReports by:

    kubectl get vulnerabilityreports --all-namespaces -o wide

Inspect created ConfigAuditReports by:

    kubectl get configauditreports --all-namespaces -o wide

Inspect the work log of trivy-operator by:

    kubectl logs -n trivy-system deployment/trivy-operator
Retrieved from "https://tech.uvoo.io/index.php?title=K8s_security_scanner&oldid=3968"