Continuous Cluster Scanning with Trivy-Operator

Continuous Cluster Scanning with Trivy-Operator

Deploy Trivy-Operator for continuous security assessment:

# Custom resource definitions for scan reports
apiVersion: aquasecurity.github.io/v1alpha1
kind: VulnerabilityReport
metadata:
  name: deployment-nginx-nginx
  namespace: default
spec:
  artifact:
    repository: nginx
    tag: "1.21"
  scanner:
    name: Trivy
    vendor: Aqua Security
    version: "0.45.0"
---
# ConfigAuditReport for misconfiguration scanning
apiVersion: aquasecurity.github.io/v1alpha1
kind: ConfigAuditReport
metadata:
  name: deployment-nginx
  namespace: default
spec:
  scanner:
    name: Trivy
    vendor: Aqua Security
  summary:
    criticalCount: 2
    highCount: 5
    mediumCount: 8
    lowCount: 3

Query scan results using kubectl:

# View vulnerability reports
kubectl get vulnerabilityreports -A

# Get detailed vulnerability information
kubectl describe vulnerabilityreport deployment-nginx-nginx -n default

# Export all vulnerability reports
kubectl get vulnerabilityreports -A -o json > cluster-vulns.json

# Find high-risk workloads
kubectl get vulnerabilityreports -A -o json | \
  jq -r '.items[] | select(.report.summary.criticalCount > 0) | 
  "\(.metadata.namespace)/\(.metadata.name): \(.report.summary.criticalCount) critical"'

# Check compliance status
kubectl get configauditreports -A -o wide