The operator-trivy module: FAQ

You are viewing the documentation for an unreleased version of Deckhouse. You may choose the appropriate release channel from the versions menu or go to the latest stable Deckhouse version.

This feature is available in Enterprise Edition only.

This feature is actively developed. It might significantly change in the future.

How to view all resources that have not passed CIS compliance checks?

kubectl get clustercompliancereports.aquasecurity.github.io cis -ojson | 
  jq '.status.detailReport.results | map(select(.checks | map(.success) | all | not))'

How to view resources that have not passed a specific CIS compliance check?

By check id:

check_id="5.7.3"
kubectl get clustercompliancereports.aquasecurity.github.io cis -ojson | 
  jq --arg check_id "$check_id" '.status.detailReport.results | map(select(.id == $check_id))'

By check description:

check_desc="Apply Security Context to Your Pods and Containers"
kubectl get clustercompliancereports.aquasecurity.github.io cis -ojson |
  jq --arg check_desc "$check_desc" '.status.detailReport.results | map(select(.description == $check_desc))'

The operator-trivy module: FAQ

How to view all resources that have not passed CIS compliance checks?

How to view resources that have not passed a specific CIS compliance check?

Request trial access

Thank you

Error

Request callback

Thank you

Something went wrong

Book your sessions

Thank you

Error

Request demo

Thank you

Error

Get the PCI SSC Compliance Report

Thank you

Error