The operator-trivy module

Available in: EE

Experimental version. The functionality may undergo significant changes. Compatibility with future versions is not guaranteed.

The module allows you to run a regular vulnerability scans of user images in runtime on known CVEs. The module uses the Trivy project. Public databases are used for scanning vulnerabilities.

Scanning is performed every 24 hours in namespaces that contain the label security-scanning.deckhouse.io/enabled="". If there are no namespaces with this label in the cluster, the default namespace is scanned.

Once a namespace with the label security-scanning.deckhouse.io/enabled="" is detected in the cluster, scanning of the default namespace stops. To re-enable scanning for the default namespace, use the following command to set the label to the namespace:

kubectl label namespace default security-scanning.deckhouse.io/enabled=""

The operator-trivy module

Request trial access

Thank you

Error

Request callback

Thank you

Something went wrong

Book your sessions

Thank you

Error

Request demo

Thank you

Error

Get the PCI SSC Compliance Report

Thank you

Error