Trivy Operator#
License: Apache 2.0
We use Trivy to actively scan all images in running clusters. Scan results are available by querying report objects in Kubernetes, through Headlamp, in Grafana dashboards, and with a CI building block. Trivy also keeps track of CIS Benchmark compliance.
Links#
-
Releases: https://github.com/aquasecurity/trivy-operator/releases
-
Documentation:
- General Documentation: https://aquasecurity.github.io/trivy-operator/
- Upgrade Documentation: https://aquasecurity.github.io/trivy-operator/latest/getting-started/installation/upgrade/
-
Helm:
-
Implementation:
- Install Trivy
- Allow user access to Trivy reports
Viewing Vulnerabilities#
Examples of how to view vulnerabilities can be found in the user documentation.
Update Concerns#
- Use the following script to download the CRDs of the Helm chart version you're targeting and add them here: https://code.vt.edu/it-common-platform/infrastructure/eks-cluster/-/tree/main/cluster-bootstrap/files/trivy_crds
#!/bin/bash set -euo pipefail # Get the latest release version of Trivy Operator (e.g., v0.25.0) LATEST_VERSION=$(curl -s https://api.github.com/repos/aquasecurity/trivy-operator/releases/latest | jq -r '.tag_name') echo "Latest Trivy Operator version: ${LATEST_VERSION}" # Get the list of CRD file names from GitHub API CRD_LIST=$(curl -s "https://api.github.com/repos/aquasecurity/trivy-operator/contents/deploy/helm/crds?ref=${LATEST_VERSION}" | jq -r '.[].name') # Download each CRD to current directory for crd in ${CRD_LIST}; do echo "Downloading: ${crd}" curl -sSL -o "./${crd}" "https://raw.githubusercontent.com/aquasecurity/trivy-operator/${LATEST_VERSION}/deploy/helm/crds/${crd}" done echo "✅ All CRDs downloaded to current directory."