-
Notifications
You must be signed in to change notification settings - Fork 824
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Making image scan results available in the cluster #668
Comments
Can you please assign me for this issue? |
Just did :) Please be in touch with @dwertent about implementation guidlines |
ok sure |
Hi @slashben I would also like to contribute to this issue. |
I want to work on this issue , please assign and guide me regarding it . |
@slashben can you me assign me this project i love to contribute |
@npneeraj , @satvik2131 , @Aman123lug , this issue has already been assigned to someone. If you want to check with him, please reach out directly to @kushagra-gupta01 |
@kushagra-gupta01 hey man, can I work with you on this issue? |
@kushagra-gupta01 Can we collab on this issue? |
This issue is a feature request related to the Kubevuln component. Currently, Kubevuln runs as a microservice that receives an image as input. The Kubevuln scans the image (using Grype) and submits the results to the kubescape SaaS.
Once we complete this, we can update the Kubescape so it will load the image scanning results CRD's instead of downloading them from the Kubescape SaaS. |
Thankyou @dwertent for the explaination, it surely clears many things :) |
@kushagra-gupta01 can I work with you on this feature. I'm clear about reqs & implementation regarding this. @slashben |
should CRD changes be part of kubevuln project or separate repository |
I have created spdx format CRD for initial implementation, there are multiple formats of sbom output. I'm writing a parser to parse output of sbom generated and convert to crd object. is this approach correct ? |
@dwertent @slashben I want to work on this issue #669. but above issue is related to it so I am also trying to scan image results. I scanned image and it's SBOM in json format using grype and syft. can you provide me setup guidance of kubevuln with grype to scan images. I generated sbom of image and then scanned it with grype |
@slashben I'm not sure this is the right place for the feature request. |
It can be moved from my POV
…On Thu, Nov 10, 2022 at 7:09 AM David Wertenteil ***@***.***> wrote:
@slashben <https://github.com/slashben> I'm not sure this is the right
place for the feature request.
This has more to do with Kubevuln than with Kubescape.
—
Reply to this email directly, view it on GitHub
<#668 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AODLOPR6XU5FRMXR3JXL6WTWHR7P7ANCNFSM57PDRFLQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
I was on vacation due to Diwali festival over here, will resume my work on this. |
Closing this issue since it is not related directly to Kubescape as described here. Supporting this issue will require refactoring the Kubevuln component. We will open a separate design document for this. |
Description
Kubescape microservices scanning container images for vulnerabilities in the cluster. The results today are posted to ARMO cloud (https://cloud.armosec.io). They should be kept in the cluster to make it available for other applications as well. Even kubescape scanner could use the results locally without the need of coming through the ARMO cloud APIs.
Describe the solution you'd like
I would like Kubescape microservices to keep relevnt image scan results as CRDs in the cluster. Every new scan report should be stored (together with the SBOM) in CRDs and old results for the same workloads could be discarded (as well as reports which does not have corresponding images in the cluster anymore).
Additional context
This would enable feeding the results to Prometheus as well.
The text was updated successfully, but these errors were encountered: