Trivy-operator v0.7.0 Released! #704
chen-keinan
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
⎈ Scan Kubernetes cluster components 🔧 (#653 )
Kubernetes Infrastructure assessment helps you check Kubernetes core components (such as etcd, apiserver, scheduler, controller-manager) for security and misconfiguration issues. The current infra checks are based on the CIS Benchmark for Kubernetes.
Infrastructure assessment creates a report based on a new CRD
InfraAssessmentReport
.Here's an example of an Infra Assessment Report with a violation on the api-server that needs to ensure
--authorization-mode
argument is not set toAlwaysAllow
.💻 Automatic in-cluster embedded trivy-server (#692)
Trivy has a client/server mode that moves the vulnerability analysis work to a remote server, where a single vulnerability database can be maintained (instead of every scan pulling it's own local copy of the database). You can read more about it in the Trivy docs.
In this release we introduce a new experimental mode of Trivy Operator that works with Trivy's client/server mode by default. It will be installed and maintained automatically by Trivy Operator. The benefits of this new mode are:
You can enable client\server mode with the
operator.builtInTrivyServer
flag. For example:Other Notable changes
Notable fixes
Beta Was this translation helpful? Give feedback.
All reactions