The operator-trivy module: FAQ

This feature is available in Enterprise Edition only.

The functionality of the module might significantly change. Compatibility with future versions is not guaranteed.

How to view all resources that have not passed CIS compliance checks?

kubectl get clustercompliancereports.aquasecurity.github.io cis -ojson | 
  jq '.status.detailReport.results | map(select(.checks | map(.success) | all | not))'

How to view resources that have not passed a specific CIS compliance check?

By check id:

check_id="5.7.3"
kubectl get clustercompliancereports.aquasecurity.github.io cis -ojson | 
  jq --arg check_id "$check_id" '.status.detailReport.results | map(select(.id == $check_id))'

By check description:

check_desc="Apply Security Context to Your Pods and Containers"
kubectl get clustercompliancereports.aquasecurity.github.io cis -ojson |
  jq --arg check_desc "$check_desc" '.status.detailReport.results | map(select(.description == $check_desc))'

The operator-trivy module: FAQ

How to view all resources that have not passed CIS compliance checks?

How to view resources that have not passed a specific CIS compliance check?

Request trial access

Thank you

Error

Request callback

Thank you

Something went wrong

Book your sessions

Thank you

Error

Request demo

Thank you

Error

Get the PCI SSC Compliance Report

Thank you

Error