Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hnts/vulnerability-exporter
A Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy
https://github.com/hnts/vulnerability-exporter
kubernetes prometheus prometheus-exporter trivy vulnerability-management
Last synced: about 1 month ago
JSON representation
A Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy
- Host: GitHub
- URL: https://github.com/hnts/vulnerability-exporter
- Owner: hnts
- License: mit
- Created: 2022-01-17T03:23:53.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-01-30T03:25:08.000Z (over 2 years ago)
- Last Synced: 2024-07-04T09:25:17.190Z (2 months ago)
- Topics: kubernetes, prometheus, prometheus-exporter, trivy, vulnerability-management
- Language: Go
- Homepage:
- Size: 497 KB
- Stars: 26
- Watchers: 3
- Forks: 2
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Kubernetes Vulnerability Exporter
A Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy## Abstract
**! This project is under development.**Vulnerability exporter scan and export vulnerabilities of images and nodes in kubernetes cluster.
Inspirated by [kube-trivy-expoter](https://github.com/kaidotdev/kube-trivy-exporter).
### Image Scan
```Image Scan``` scans for vulnerabilities in container images of workloads deployed in kubernetes.```
trivy_image_vulnerabilities{namespace="argocd", fixedVersion="0.3.3", image="ghcr.io/dexidp/dex:v2.27.0", installedVersion="v0.3.2",layer="sha256:d8d076827e5aadd843d9da261228639f575be6e840b463e99381e6d861be90fc", pkgName="golang.org/x/text", severity="HIGH", vulnerabilityId="CVE-2020-14040", workloadKind="Deployment", workloadName="argocd-dex-server"}
```#### View metrics by using Grafana
![image_scan_metrics](images/image_scan.png)### Node Scan
```Image Scan``` scans vulnerabilities of the nodes of kuberntes cluster.```
trivy_node_vulnerabilities{fixedVersion="0.12.3", installedVersion="0.12.2",nodeName="master-node", pkgName="Flask", severity="HIGH" vulnerabilityId="CVE-2018-1000656"}
```#### View metrics by using Grafana
![node_scan_metrics](images/node_scan.png)## Installation
```
$ kubectl apply -k deploy
```