Continuous Cluster Scanning with Trivy-Operator
Continuous Cluster Scanning with Trivy-Operator
Deploy Trivy-Operator for continuous security assessment:
# Custom resource definitions for scan reports
apiVersion: aquasecurity.github.io/v1alpha1
kind: VulnerabilityReport
metadata:
name: deployment-nginx-nginx
namespace: default
spec:
artifact:
repository: nginx
tag: "1.21"
scanner:
name: Trivy
vendor: Aqua Security
version: "0.45.0"
---
# ConfigAuditReport for misconfiguration scanning
apiVersion: aquasecurity.github.io/v1alpha1
kind: ConfigAuditReport
metadata:
name: deployment-nginx
namespace: default
spec:
scanner:
name: Trivy
vendor: Aqua Security
summary:
criticalCount: 2
highCount: 5
mediumCount: 8
lowCount: 3
Query scan results using kubectl:
# View vulnerability reports
kubectl get vulnerabilityreports -A
# Get detailed vulnerability information
kubectl describe vulnerabilityreport deployment-nginx-nginx -n default
# Export all vulnerability reports
kubectl get vulnerabilityreports -A -o json > cluster-vulns.json
# Find high-risk workloads
kubectl get vulnerabilityreports -A -o json | \
jq -r '.items[] | select(.report.summary.criticalCount > 0) |
"\(.metadata.namespace)/\(.metadata.name): \(.report.summary.criticalCount) critical"'
# Check compliance status
kubectl get configauditreports -A -o wide