{"id":13533331,"url":"https://github.com/aquasecurity/trivy-operator","last_synced_at":"2025-05-13T00:29:31.070Z","repository":{"id":36981264,"uuid":"489865430","full_name":"aquasecurity/trivy-operator","owner":"aquasecurity","description":"Kubernetes-native security toolkit","archived":false,"fork":false,"pushed_at":"2024-10-28T16:20:23.000Z","size":40465,"stargazers_count":1254,"open_issues_count":111,"forks_count":209,"subscribers_count":7,"default_branch":"main","last_synced_at":"2024-10-29T15:10:36.637Z","etag":null,"topics":["cloud-native","golang","kubernetes","misconfiguration","octoberfest","operator","security","security-tools","vulnerability-detection","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"https://aquasecurity.github.io/trivy-operator/latest","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aquasecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-08T06:31:32.000Z","updated_at":"2024-10-29T14:58:09.000Z","dependencies_parsed_at":"2023-11-12T21:21:56.577Z","dependency_job_id":"a2137057-a468-4c26-9ccb-958022a17ff5","html_url":"https://github.com/aquasecurity/trivy-operator","commit_stats":{"total_commits":1025,"total_committers":95,"mean_commits":"10.789473684210526","dds":0.5326829268292683,"last_synced_commit":"19a438da0d13743688ba20169712ae1304ecc71a"},"previous_names":[],"tags_count":117,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aquasecurity%2Ftrivy-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aquasecurity%2Ftrivy-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aquasecurity%2Ftrivy-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aquasecurity%2Ftrivy-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aquasecurity","download_url":"https://codeload.github.com/aquasecurity/trivy-operator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247941704,"owners_count":21022038,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-native","golang","kubernetes","misconfiguration","octoberfest","operator","security","security-tools","vulnerability-detection","vulnerability-scanners"],"created_at":"2024-08-01T07:01:18.784Z","updated_at":"2025-05-13T00:29:31.056Z","avatar_url":"https://github.com/aquasecurity.png","language":"Go","funding_links":[],"categories":["Kubernetes","security-tools","Go","🕵️ Phase 6: Runtime \u0026 Threat Detection","Point-of-use validations","Tools","Open Source Projects","Kubernetes Security"],"sub_categories":["Vulnerability information exchange","Kubernetes","Runtime Security"],"readme":"![Trivy-operator logo](docs/images/trivy-operator-logo.png)\n\n\u003e Kubernetes-native security toolkit. ([Documentation](https://aquasecurity.github.io/trivy-operator/latest))\n\n[![GitHub Release][release-img]][release]\n[![Build Action][action-build-img]][action-build]\n[![Release snapshot Action][action-release-snapshot-img]][action-release-snapshot]\n[![Go Report Card][report-card-img]][report-card]\n[![GitHub All Releases][github-all-releases-img]][release]\n\u003ca href=\"https://slack.aquasec.com/?_ga=2.51428586.2119512742.1655808394-1739877964.1641199050\"\u003e\n\u003cimg src=\"https://img.shields.io/static/v1?label=Slack\u0026message=Join+our+Community\u0026color=4a154b\u0026logo=slack\"\u003e\n\u003c/a\u003e\n[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/trivy-operator)](https://artifacthub.io/packages/helm/trivy-operator/trivy-operator)\n\n# Introduction\n\nThe Trivy Operator leverages [Trivy](https://github.com/aquasecurity/trivy) to continuously scan your Kubernetes cluster for security issues. The scans are summarised in security reports as Kubernetes [Custom Resource Definitions], which become accessible through the Kubernetes API. The Operator does this by watching Kubernetes for state changes and automatically triggering security scans in response. For example, a vulnerability scan is initiated when a new Pod is created.\nThis way, users can find and view the risks that relate to different resources in a `Kubernetes-native` way.\n\n## In-cluster Security Scans\n\nThe Trivy Operator automatically generates and updates security reports. These reports are generated in response to new workload and other changes on a Kubernetes cluster, generating the following reports:\n\n- Vulnerability Scans: Automated vulnerability scanning for Kubernetes workloads, control-plane and node components (api-server, controller-manager, kubelet and etc)\n- ConfigAudit Scans: Automated configuration audits for Kubernetes resources with predefined rules or custom Open Policy Agent (OPA) policies.\n- Exposed Secret Scans: Automated secret scans which find and detail the location of exposed Secrets within your cluster.\n- RBAC scans: Role Based Access Control scans provide detailed information on the access rights of the different resources installed.\n- K8s core component infra assessment scan Kubernetes infra core components (etcd,apiserver,scheduler,controller-manager and etc) setting and configuration.\n- k8s outdated api validation - a configaudit check will validate if the resource api has been deprecated and planned for removal\n- Compliance reports\n  - NSA, CISA Kubernetes Hardening Guidance v1.1 cybersecurity technical report is produced.\n  - CIS Kubernetes Benchmark v1.23 cybersecurity technical report is produced.\n  - Kubernetes pss-baseline, Pod Security Standards\n  - Kubernetes pss-restricted, Pod Security Standards\n- SBOM (Software Bill of Materials genertations) for Kubernetes workloads.\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"docs/images/trivy-operator-overview.png\" alt=\"Trivy-operator Overview\"/\u003e\n\u003c/p\u003e\n\n_Please [star ⭐](https://github.com/aquasecurity/trivy-operator/stargazers) the repo if you want us to continue developing and improving trivy-operator! 😀_\n\n## Usage\n\nThe official [Documentation] provides detailed installation, configuration, troubleshooting, and quick start guides.\n\nYou can install the Trivy-operator Operator with [Static YAML Manifests] and follow the [Getting Started][getting-started-operator]\nguide to see how vulnerability and configuration audit reports are generated automatically.\n\n### Quick Start\n\nThe Trivy Operator can be installed easily through the [Helm Chart](https://aquasecurity.github.io/trivy-operator/latest/getting-started/installation/helm/).\nThe Helm Chart can be downloaded by one of the two options:\n\n#### Option 1: Install from traditional helm chart repository\n\nAdd the Aqua chart repository:\n\n```sh\n   helm repo add aqua https://aquasecurity.github.io/helm-charts/\n   helm repo update\n```\n\nInstall the Helm Chart:\n\n```sh\n   helm install trivy-operator aqua/trivy-operator \\\n     --namespace trivy-system \\\n     --create-namespace \\\n     --version 0.28.1\n```\n\n#### Option 2: Install from OCI registry (supported in Helm v3.8.0+)\n\nInstall the Helm Chart:\n\n```sh\n   helm install trivy-operator oci://ghcr.io/aquasecurity/helm-charts/trivy-operator \\\n     --namespace trivy-system \\\n     --create-namespace \\\n     --version 0.28.1\n```\n\nThis will install the Trivy Helm Chart into the `trivy-system` namespace and start triggering the scans.\n\n## Status\n\nAlthough we are trying to keep new releases backward compatible with previous versions, this project is still incubating,\nand some APIs and [Custom Resource Definitions] may change.\n\n## Contributing\n\nAt this early stage we would love your feedback on the overall concept of Trivy-Operator. Over time, we'd love to see\ncontributions integrating different security tools so that users can access security information in standard,\nKubernetes-native ways.\n\n- See [Contributing] for information about setting up your development environment, and the contribution workflow that\n  we expect.\n- Please ensure that you are following our [Code Of Conduct](https://github.com/aquasecurity/community/blob/main/CODE_OF_CONDUCT.md) during any interaction with the Aqua projects and their community.\n\n---\n\nTrivy-Operator is an [Aqua Security](https://aquasec.com) open source project.  \nLearn about our [Open Source Work and Portfolio].  \nJoin the community, and talk to us about any matter in [GitHub Discussions] or [Slack].\n\n[release-img]: https://img.shields.io/github/release/aquasecurity/trivy-operator.svg?logo=github\n[release]: https://github.com/aquasecurity/trivy-operator/releases\n[action-build-img]: https://github.com/aquasecurity/trivy-operator/actions/workflows/build.yaml/badge.svg\n[action-build]: https://github.com/aquasecurity/trivy-operator/actions/workflows/build.yaml\n[action-release-snapshot-img]: https://github.com/aquasecurity/trivy-operator/actions/workflows/release-snapshot.yaml/badge.svg\n[action-release-snapshot]: https://github.com/aquasecurity/trivy-operator/actions/workflows/release-snapshot.yaml\n[report-card-img]: https://goreportcard.com/badge/github.com/aquasecurity/trivy-operator\n[report-card]: https://goreportcard.com/report/github.com/aquasecurity/trivy-operator\n[github-all-releases-img]: https://img.shields.io/github/downloads/aquasecurity/trivy-operator/total?logo=github\n[Contributing]: CONTRIBUTING.md\n[GitHub Discussions]: https://github.com/aquasecurity/trivy-operator/discussions\n[Slack]: https://slack.aquasec.com/\n[Open Source Work and Portfolio]: https://www.aquasec.com/products/open-source-projects/\n[Custom Resource Definitions]: https://aquasecurity.github.io/trivy-operator/latest/docs/crds/\n[Documentation]: https://aquasecurity.github.io/trivy-operator/latest\n[Static YAML Manifests]: https://aquasecurity.github.io/trivy-operator/latest/getting-started/installation/kubectl/\n[getting-started-operator]: https://aquasecurity.github.io/trivy-operator/latest/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faquasecurity%2Ftrivy-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faquasecurity%2Ftrivy-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faquasecurity%2Ftrivy-operator/lists"}