Use Case:
I am running the trivy operator in a cluster and want to integrate with other systems in a standard format (such as cyclonedx) for sbom / vulnerability reporting.
Proposal:
Support the formats available in the trivy cli in the operator image scan that produces the VulnerabilityReport CRD, maybe as a an extra field on the existing CRD in order to stay backwards compatible that just contains a blob output of the format specified through operator configuration.
I'm happy to spend some more time thinking this through and putting together a more detailed proposal and maybe a PR if there is interest in this!
Use Case: I am running the trivy operator in a cluster and want to integrate with other systems in a standard format (such as cyclonedx) for sbom / vulnerability reporting.
Proposal: Support the formats available in the trivy cli in the operator image scan that produces the
VulnerabilityReportCRD, maybe as a an extra field on the existing CRD in order to stay backwards compatible that just contains a blob output of the format specified through operator configuration.I'm happy to spend some more time thinking this through and putting together a more detailed proposal and maybe a PR if there is interest in this!