https://github.com/sovereigncloudstack/security-k8s-scan-pipeline
Security scanning focused on the Kubernetes container layer
https://github.com/sovereigncloudstack/security-k8s-scan-pipeline
security
Last synced: 20 days ago
JSON representation
Security scanning focused on the Kubernetes container layer
- Host: GitHub
- URL: https://github.com/sovereigncloudstack/security-k8s-scan-pipeline
- Owner: SovereignCloudStack
- License: apache-2.0
- Archived: true
- Created: 2024-06-12T10:38:26.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-10-29T17:22:05.000Z (over 1 year ago)
- Last Synced: 2026-02-11T06:54:33.003Z (about 2 months ago)
- Topics: security
- Homepage: https://scs.community/
- Size: 21.9 MB
- Stars: 0
- Watchers: 6
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# security-k8s-scan-pipeline
Security scanning of Kubernetes
## Introduction
This repository contains the code necessary to run trivy container scan in a infraestructure.
Have the code to deploy trivy operator into a Kubernetes cluster and to deploy trivy-defectdojo-reporter.
## Trivy container
With the trivy container we use the scanner to obtain the vulnerabilities at misconfiguration and compliance level, these reports which are not fully compatible with defect dojo are stored as zuul artifacts.
## Trivy operator
With the official trivy operator which gives us more information about the vulnerabilities that can be found within our cluster, the advantage of using the operator on the container is that we get immediate information once any component is deployed in kubernetes whether it is an application or not, this will generate a report that in turn thanks to another tool will be sent immediately to defect dojo for traceability.
## Trivy defect dojo reporter
The reporter operator is used to be able to send the reports directly to defect dojo and in this same one to have the traceability of the vulnerabilities obtained immediately, the reports that we send are those of vulnerabilityreports, rbacassessmentreports, infraassessmentreports, configauditreports, exposedsecretreports. These reports have been previously generated thanks to the trivy operator.