Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/masahiro331/kube-trivy
Trivy for Kubernetes
https://github.com/masahiro331/kube-trivy
Last synced: about 1 month ago
JSON representation
Trivy for Kubernetes
- Host: GitHub
- URL: https://github.com/masahiro331/kube-trivy
- Owner: masahiro331
- License: agpl-3.0
- Created: 2019-05-19T12:10:40.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-08-14T07:06:09.000Z (about 5 years ago)
- Last Synced: 2024-07-04T09:25:12.055Z (2 months ago)
- Language: Go
- Size: 209 KB
- Stars: 5
- Watchers: 3
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
A Simple and Comprehensive Vulnerability Scanner for Kubernetes
# Abstract
`KubeTrivy` is a extends trivy for kubernetes.
`KubeTrivy` is a simple and comprehensive vulnerability scanner for Kubernetes.
`KubeTrivy` detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn etc.).
`KubeTrivy` is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify an image name of container on kubernetes.Check the about [Trivy](https://github.com/knqyf263/trivy)
# Features
- Detect comprehensive vulnerabilities
- OS packages (Alpine, **Red Hat Universal Base Image**, Red Hat Enterprise Linux, CentOS, Debian and Ubuntu)
- **Application dependencies** (Bundler, Composer, Pipenv, Poetry, npm, yarn and Cargo)
- Managing vulnerabilities using kubectl command
- Create a CRD on your Kubernetes
- Get vulnerability info `kubectl get vulnerability` or `kubetrivy get ${resourceName}`
- Extend Trivy features
- kubetrivy is compatible with trivy's local DB.
- kubetrivy is compatible with trivy's command options.# Install Mac
```
$ brew tap masahiro331/kube-tirvy
$ brew install kube-trivy
$ kubetrivy -h
```# Install
```
$ go get -u github.com/masahiro331/kube-trivy
$ kubetrivy -h
```# Quick Start
## Install CRD
```
$ cat << EOS > crd.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: vulnerabilities.kubetrivy.io
spec:
group: kubetrivy.io
version: v1
names:
kind: Vulnerability
plural: vulnerabilities
scope: Namespaced
additionalPrinterColumns:
- name: UNKNOWN
type: integer
description: The total of vulnerabilities launched by the kubetrivy
JSONPath: .spec.statistics.UNKNOWN
- name: LOW
type: integer
description: The total of vulnerabilities launched by the kubetrivy
JSONPath: .spec.statistics.LOW
- name: MEDIUM
type: integer
description: The total of vulnerabilities launched by the kubetrivy
JSONPath: .spec.statistics.MEDIUM
- name: HIGH
type: integer
description: The total of vulnerabilities launched by the kubetrivy
JSONPath: .spec.statistics.HIGH
- name: CRITICAL
type: integer
description: The total of vulnerabilities launched by the kubetrivy
JSONPath: .spec.statistics.CRITICAL
EOS$ kubectl apply -f crd.yaml
$ kubectl get vulnerability
```## Basic
```
$ kubetrivy -n default scan
$ kubetrivy -n default scan
$ kubectl get vulnerability -n default
$ kubetrivy -n default get ${resourceName}
```