Skip to content

masahiro331/kube-trivy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.circleci
.circleci
 
 
cmd/kubetrivy
cmd/kubetrivy
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
crd.yaml
crd.yaml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
goreleaser.yml
goreleaser.yml
 
 
update-generate-code.sh
update-generate-code.sh
 
 

Repository files navigation

A Simple and Comprehensive Vulnerability Scanner for Kubernetes

Abstract

KubeTrivy is a extends trivy for kubernetes. KubeTrivy is a simple and comprehensive vulnerability scanner for Kubernetes. KubeTrivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn etc.). KubeTrivy is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify an image name of container on kubernetes.

Check the about Trivy

Features

  • Detect comprehensive vulnerabilities
    • OS packages (Alpine, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, Debian and Ubuntu)
    • Application dependencies (Bundler, Composer, Pipenv, Poetry, npm, yarn and Cargo)
  • Managing vulnerabilities using kubectl command
    • Create a CRD on your Kubernetes
    • Get vulnerability info kubectl get vulnerability or kubetrivy get ${resourceName}
  • Extend Trivy features
    • kubetrivy is compatible with trivy's local DB.
    • kubetrivy is compatible with trivy's command options.

Install Mac

$ brew tap masahiro331/kube-tirvy
$ brew install kube-trivy
$ kubetrivy -h

Install

$ go get -u github.com/masahiro331/kube-trivy
$ kubetrivy -h

Quick Start

Install CRD

$ cat << EOS > crd.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: vulnerabilities.kubetrivy.io
spec:
  group: kubetrivy.io
  version: v1
  names:
    kind: Vulnerability
    plural: vulnerabilities
  scope: Namespaced
  additionalPrinterColumns:
  - name: UNKNOWN
    type: integer
    description: The total of vulnerabilities launched by the kubetrivy
    JSONPath: .spec.statistics.UNKNOWN
  - name: LOW
    type: integer
    description: The total of vulnerabilities launched by the kubetrivy
    JSONPath: .spec.statistics.LOW
  - name: MEDIUM
    type: integer
    description: The total of vulnerabilities launched by the kubetrivy
    JSONPath: .spec.statistics.MEDIUM
  - name: HIGH
    type: integer
    description: The total of vulnerabilities launched by the kubetrivy
    JSONPath: .spec.statistics.HIGH
  - name: CRITICAL
    type: integer
    description: The total of vulnerabilities launched by the kubetrivy
    JSONPath: .spec.statistics.CRITICAL
EOS

$ kubectl apply -f crd.yaml
$ kubectl get vulnerability

Basic

$ kubetrivy -n default scan
$ kubetrivy -n default scan
$ kubectl get vulnerability -n default
$ kubetrivy -n default get ${resourceName}

About

Trivy for Kubernetes

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

5 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases 1

v0.1.0 Latest
Aug 14, 2019

Packages

No packages published

Contributors 2

  •  
  •  

Languages