github-actions[bot]
commented
1 year ago This issue is stale because it has been labeled with inactivity.
Open erikgb opened 2 years ago
github-actions[bot]
commented
1 year ago This issue is stale because it has been labeled with inactivity.
rickymulder
commented
5 months ago +1
vadimisakanov
commented
1 week ago +1
We are building an image-scanner K8s-operator, and all our clusters runs Openshift. Inspired by trivy-operator, which we cannot use for various reasons, we schedule scan jobs to scan container images currently in use by workloads in the cluster.
While the operator works, it could be optimized if trivy supported CRI-O, which is the CRI implementation that Openshift uses. This would allow us to scan the image pulled from the nodes image registry, by scheduling the scan job on the node that runs the pod in question.
Related issues: https://github.com/aquasecurity/trivy/issues/1282, https://github.com/aquasecurity/trivy/issues/851, https://github.com/aquasecurity/trivy-operator/issues/101