Add support to scan memory file system

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

https://aquasecurity.github.io/trivy

Apache License 2.0

23.36k stars 2.31k forks source link

Add support to scan memory file system #2389

Open josedonizetti opened 2 years ago

josedonizetti commented 2 years ago

Trivy-operator currently uses defsec for policy scanning. We want to move it to use trivy directly, but for this we would need trivy to expose a way to scan memory Filesystem. This would also help trivy k8s which has to store resources to disk and use ScanFilesystem to get a report, by supporting memoryFS we can avoid the IO time of writing k8s resources back and forth from disk.

@chen-keinan @knqyf263 @liamg @itaysk wdyt?

knqyf263 commented 2 years ago

Totally agree! One challenge is we use 3rd party library for fast filesystem walking. It allows file traversal in parallel. Otherwise, scanning file system takes very long time. https://github.com/aquasecurity/trivy/blob/b944ac628616b892d2c1cb085c1bae63128de45d/pkg/fanal/walker/fs.go#L7

Looks like it doesn't support fs.FS. We have to manage it.

github-actions[bot] commented 2 years ago

This issue is stale because it has been labeled with inactivity.