List of Google Cloud Platform (GCP) Permissions required to run Trivy for kubernetes security scanning

[fernandogont]

Question

Hi,

I'm trying to run Trivy for kubernetes security scanning. Is there official documentation of the GCP privileges/permissions that would be required for that?

Any clues?

Thanks!
Fernando

Target

Kubernetes

Scanner

Vulnerability

Output Format

None

Mode

None

Operating System

MacOS Sonoma

Version

Version: 0.52.2
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-06-24 18:11:15.08361159 +0000 UTC
  NextUpdate: 2024-06-25 00:11:15.083611369 +0000 UTC
  DownloadedAt: 2024-06-24 19:09:48.966879 +0000 UTC
Java DB:
  Version: 1
  UpdatedAt: 2024-06-24 01:05:28.435237398 +0000 UTC
  NextUpdate: 2024-06-27 01:05:28.435237228 +0000 UTC
  DownloadedAt: 2024-06-24 15:13:53.758019 +0000 UTC
Check Bundle:
  Digest: sha256:cfb65621a1f55d9d099c4c28931b252716fcda8bba5081eb43f1001668e79d85
  DownloadedAt: 2024-06-24 15:11:21.684638 +0000 UTC

[chen-keinan]

@fernandogont currently there is no specific docs for it.
I'll open an issue to add it.
in meanwhile it require:

• permission to list resources
• permission to create namespace if needed
• deploy and execute a job within the namespace
• delete a job within the namespace

[chen-keinan]

opened an issue #7060