{"id":20126444,"url":"https://github.com/sovereigncloudstack/security-k8s-scan-pipeline","last_synced_at":"2026-03-19T14:02:45.106Z","repository":{"id":245089070,"uuid":"814099085","full_name":"SovereignCloudStack/security-k8s-scan-pipeline","owner":"SovereignCloudStack","description":"Security scanning focused on the Kubernetes container layer","archived":true,"fork":false,"pushed_at":"2024-10-29T17:22:05.000Z","size":22977,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":6,"default_branch":"main","last_synced_at":"2026-02-11T06:54:33.003Z","etag":null,"topics":["security"],"latest_commit_sha":null,"homepage":"https://scs.community/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SovereignCloudStack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-06-12T10:38:26.000Z","updated_at":"2025-12-16T14:21:09.000Z","dependencies_parsed_at":"2024-09-05T12:54:57.049Z","dependency_job_id":"dac0e24c-c521-475b-bd7f-e55c76e8316f","html_url":"https://github.com/SovereignCloudStack/security-k8s-scan-pipeline","commit_stats":null,"previous_names":["sovereigncloudstack/security-k8s-scan-pipeline"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/SovereignCloudStack/security-k8s-scan-pipeline","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SovereignCloudStack%2Fsecurity-k8s-scan-pipeline","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SovereignCloudStack%2Fsecurity-k8s-scan-pipeline/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SovereignCloudStack%2Fsecurity-k8s-scan-pipeline/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SovereignCloudStack%2Fsecurity-k8s-scan-pipeline/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SovereignCloudStack","download_url":"https://codeload.github.com/SovereignCloudStack/security-k8s-scan-pipeline/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SovereignCloudStack%2Fsecurity-k8s-scan-pipeline/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30709737,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-19T05:29:31.190Z","status":"ssl_error","status_checked_at":"2026-03-19T05:28:25.821Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["security"],"created_at":"2024-11-13T20:16:09.066Z","updated_at":"2026-03-19T14:02:45.067Z","avatar_url":"https://github.com/SovereignCloudStack.png","language":null,"readme":"# security-k8s-scan-pipeline\nSecurity scanning of Kubernetes\n\n## Introduction\n\nThis repository contains the code necessary to run trivy container scan in a infraestructure.\nHave the code to deploy trivy operator into a Kubernetes cluster and to deploy trivy-defectdojo-reporter.\n\n## Trivy container\n\nWith the trivy container we use the scanner to obtain the vulnerabilities at misconfiguration and compliance level, these reports which are not fully compatible with defect dojo are stored as zuul artifacts.\n\n## Trivy operator\n\nWith the official trivy operator which gives us more information about the vulnerabilities that can be found within our cluster, the advantage of using the operator on the container is that we get immediate information once any component is deployed in kubernetes whether it is an application or not, this will generate a report that in turn thanks to another tool will be sent immediately to defect dojo for traceability.\n\n## Trivy defect dojo reporter\n\nThe reporter operator is used to be able to send the reports directly to defect dojo and in this same one to have the traceability of the vulnerabilities obtained immediately, the reports that we send are those of vulnerabilityreports, rbacassessmentreports, infraassessmentreports, configauditreports, exposedsecretreports. These reports have been previously generated thanks to the trivy operator.","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsovereigncloudstack%2Fsecurity-k8s-scan-pipeline","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsovereigncloudstack%2Fsecurity-k8s-scan-pipeline","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsovereigncloudstack%2Fsecurity-k8s-scan-pipeline/lists"}