Trivy Operator

License: Apache 2.0

We use Trivy to actively scan all images in running clusters. Scan results are available by querying report objects in Kubernetes, through Headlamp, in Grafana dashboards, and with a CI building block. Trivy also keeps track of CIS Benchmark compliance.

Links

• Code: https://github.com/aquasecurity/trivy-operator

• Releases: https://github.com/aquasecurity/trivy-operator/releases

• Documentation:

  • General Documentation: https://aquasecurity.github.io/trivy-operator/
  • Upgrade Documentation: https://aquasecurity.github.io/trivy-operator/latest/getting-started/installation/upgrade/

• Helm:

  • Chart: https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm

• Implementation:

  • Install Trivy

  https://code.vt.edu/it-common-platform/infrastructure/eks-cluster/-/blob/main/cluster-bootstrap/utils/trivy/trivy-operator.tf

  • Allow user access to Trivy reports

  https://code.vt.edu/it-common-platform/platform-support/helm-charts/landlord/-/blob/master/templates/clusterrole-operator.yaml#L49

Viewing Vulnerabilities

Examples of how to view vulnerabilities can be found in the user documentation.

Update Concerns

• There is no official upgrade path. We normally taint the Trivy Helm release in Terraform to uninstall and reinstall the latest version.