Kubernetes Vulnerability Exporter

A Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy

Abstract

! This project is under development.

Vulnerability exporter scan and export vulnerabilities of images and nodes in kubernetes cluster.

Inspirated by kube-trivy-expoter.

Image Scan

Image Scan scans for vulnerabilities in container images of workloads deployed in kubernetes.

trivy_image_vulnerabilities{namespace="argocd", fixedVersion="0.3.3", image="ghcr.io/dexidp/dex:v2.27.0", installedVersion="v0.3.2",layer="sha256:d8d076827e5aadd843d9da261228639f575be6e840b463e99381e6d861be90fc", pkgName="golang.org/x/text", severity="HIGH", vulnerabilityId="CVE-2020-14040", workloadKind="Deployment", workloadName="argocd-dex-server"}

View metrics by using Grafana

Node Scan

Image Scan scans vulnerabilities of the nodes of kuberntes cluster.

trivy_node_vulnerabilities{fixedVersion="0.12.3", installedVersion="0.12.2",nodeName="master-node", pkgName="Flask", severity="HIGH" vulnerabilityId="CVE-2018-1000656"}

View metrics by using Grafana

Installation

$ kubectl apply -k deploy