Open josedonizetti opened 2 years ago
Totally agree! One challenge is we use 3rd party library for fast filesystem walking. It allows file traversal in parallel. Otherwise, scanning file system takes very long time. https://github.com/aquasecurity/trivy/blob/b944ac628616b892d2c1cb085c1bae63128de45d/pkg/fanal/walker/fs.go#L7
Looks like it doesn't support fs.FS. We have to manage it.
This issue is stale because it has been labeled with inactivity.
Trivy-operator currently uses defsec for policy scanning. We want to move it to use trivy directly, but for this we would need trivy to expose a way to scan memory Filesystem. This would also help
trivy k8s
which has to store resources to disk and useScanFilesystem
to get a report, by supporting memoryFS we can avoid the IO time of writing k8s resources back and forth from disk.@chen-keinan @knqyf263 @liamg @itaysk wdyt?