Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/hnts/vulnerability-exporter

A Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy
https://github.com/hnts/vulnerability-exporter

kubernetes prometheus prometheus-exporter trivy vulnerability-management

Last synced: 11 days ago
JSON representation

A Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy

Lists

README 

        
# Kubernetes Vulnerability Exporter

A Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy



## Abstract

**! This project is under development.**



Vulnerability exporter scan and export vulnerabilities of images and nodes in kubernetes cluster.



Inspirated by [kube-trivy-expoter](https://github.com/kaidotdev/kube-trivy-exporter).



### Image Scan

```Image Scan``` scans for vulnerabilities in container images of workloads deployed in kubernetes.



```

trivy_image_vulnerabilities{namespace="argocd", fixedVersion="0.3.3", image="ghcr.io/dexidp/dex:v2.27.0", installedVersion="v0.3.2",layer="sha256:d8d076827e5aadd843d9da261228639f575be6e840b463e99381e6d861be90fc", pkgName="golang.org/x/text", severity="HIGH", vulnerabilityId="CVE-2020-14040", workloadKind="Deployment", workloadName="argocd-dex-server"}

```



#### View metrics by using Grafana

![image_scan_metrics](images/image_scan.png)



### Node Scan

```Image Scan``` scans vulnerabilities of the nodes of kuberntes cluster.



```

trivy_node_vulnerabilities{fixedVersion="0.12.3", installedVersion="0.12.2",nodeName="master-node", pkgName="Flask", severity="HIGH" vulnerabilityId="CVE-2018-1000656"}

```



#### View metrics by using Grafana

![node_scan_metrics](images/node_scan.png)



## Installation

```

$ kubectl apply -k deploy

```