Separate Kubernetes cluster scanning into a plugin #5017
Labels
target/kubernetes
Issues relating to kubernetes cluster scanning
Comments
knqyf263
added
the
target/kubernetes
knqyf263
changed the title
This was referenced Aug 20, 2023
|
Any estimate of when this feature will be ready? |
No ETA now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
Currently, Trivy can scan Kubernetes clusters and AWS accounts. There are plans to further extend its functionalities, such as adding Azure scanning. It's essential to redefine Trivy's core functionality: Trivy is designed to find security issues, such as vulnerabilities and misconfigurations, in generated artifacts and code repositories. Therefore, the scanning of running environments should be separated as plugins.
Proposal
We propose separating Trivy's Kubernetes cluster scanning feature into a distinct plugin. The source code for this functionality should be placed in aquasecurity/trivy-kubernetes as an independent command. This setup would allow it to be used both as a standalone tool and as a Trivy plugin. Users who only need the K8s cluster scanning can install
trivy-kuberneteswithout having to install Trivy. To ensure that users' workflow utilizing thetrivy k8scommand isn't disrupted, executing thetrivy k8scommand should transparently install and run the plugin.The text was updated successfully, but these errors were encountered: