Trivy-Operator operate trivy security tool on the Kubernetes cluster and incorporate it outputs into Kubernetes CRDs (Custom Resource Definitions) and from there, making security reports accessible through the Kubernetes API
IntroductionKubernetes-native security toolkit. (Documentation)
The Trivy Operator leverages Trivy to continuously scan your Kubernetes cluster for security issues. The scans are summarised in security reports as Kubernetes Custom Resource Definitions, which become accessible through the Kubernetes API. The Operator does this by watching Kubernetes for state changes and automatically triggering security scans in response. For example, a vulnerability scan is initiated when a new Pod is created.
This way, users can find and view the risks that relate to different resources in a Kubernetes-native
way.
The Trivy Operator automatically generates and updates security reports. These reports are generated in response to new workload and other changes on a Kubernetes cluster, generating the following reports:
Please star ⭐ the repo if you want us to continue developing and improving trivy-operator! 😀
Usage
The official Documentation provides detailed installation, configuration, troubleshooting, and quick start guides.
You can install the Trivy-operator Operator with Static YAML Manifests and follow the Getting Started guide to see how vulnerability and configuration audit reports are generated automatically.
Quick Start
The Trivy Operator can be installed easily through the Helm Chart:
Add the Aqua chart repository:
helm repo add aqua https://aquasecurity.github.io/helm-charts/ helm repo update
Install the Helm Chart:
helm install trivy-operator aqua/trivy-operator \ --namespace trivy-system \ --create-namespace \ --version 0.18.4
This will install the Trivy Helm Chart into the trivy-system
namespace and start triggering the scans.
Status
Although we are trying to keep new releases backward compatible with previous versions, this project is still incubating, and some APIs and Custom Resource Definitions may change.
Contributing
At this early stage we would love your feedback on the overall concept of Trivy-Operator. Over time, we'd love to see contributions integrating different security tools so that users can access security information in standard, Kubernetes-native ways.
Trivy-Operator is an Aqua Security open source project.
Learn about our Open Source Work and Portfolio.
Join the community, and talk to us about any matter in GitHub Discussions or Slack.
Twice a month we will interview people behind open source businesses. We will talk about how they are building a business on top of open source projects.
We'll never share your email with anyone else.