Skip to content

Add trivy k8s scan support #1411

New issue
New issue
Closed
#1694
Closed
Add trivy k8s scan support#1411
#1694
Labels
enhancementNew feature or requestscannerImplement or update a security scanner
Milestone
v4.1.0
@floriandreher

Description

@floriandreher
floriandreher
opened on Oct 17, 2022

➹ New Feature implementation request

Hi,
could we add support for trivy k8s scans, so that users could easily scan their kubernetes config via secureCodeBox?
I think, that it should be easy to trigger such a scan with something like that:

apiVersion: execution.securecodebox.io/v1
kind: ScanType
metadata:
  name: trivy-k8s
spec:
  extractResults:
    location: /home/securecodebox/trivy-results.json
    type: trivy-json
  jobTemplate:
    spec:
      backoffLimit: 3
      template:
        spec:
          containers:
            - command:
                - trivy
                - k8s
          serviceAccountName : <some-account-used-to-query-the-k8s-api>

apiVersion: "execution.securecodebox.io/v1"
kind: Scan
metadata:
  name: "rbac-trivy-k8s"
spec:
  scanType: "trivy-k8s"
  parameters:
    - "--security-checks=rbac"
    - "all"
    - "--report=all"
    - "--format=json"
    - "--output=/home/securecodebox/trivy-results.json"

However, i am not sure if the parser can handle the ouput.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestscannerImplement or update a security scanner

    Type

    No type

    Projects

    secureCodeBox

    Status

    Done

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions