github-actions[bot]
commented
1 year ago This issue is stale because it has been labeled with inactivity.
Open yoseio opened 1 year ago
github-actions[bot]
commented
1 year ago This issue is stale because it has been labeled with inactivity.
masahiro331
commented
1 year ago @2shiori17
Now, Trivy provided 2 ways to scan AWS images.
EBS snapshot scans are accelerated by using AWS's Direct API to scan only the blocks we need. I would like to use the same method in GCP, is there a similar API?
yoseio
commented
1 year ago As far as I know, GCP does not have such an API, so Trivy has to download the whole disk when scanning. However, it would be very useful if Trivy could do all the work required to scan a GCE.
masahiro331
commented
1 year ago @2shiori17
Thank you for quick response. Is there a document that shows the image format used by GCE? (sorry, I don't research) Is it QCOW2, VMDK or other formats?
yoseio
commented
1 year ago According to GCP documentation, valid formats are vmdk, vhdx, vpc, vdi and qcow2.
masahiro331
commented
1 year ago Thank you for your research.
https://cloud.google.com/compute/images/create-use-custom-image.svg
Seeing this image gave me a better understanding.
It seems that custom images created by Google can be referenced via Google Storage.
After investigating the Google Storage API, it seems that the http range parameter can be used for object get. By using this, it may be possible to implement something like the EBS Direct API.
https://cloud.google.com/storage/docs/json_api/v1/parameters#range
yoseio
commented
1 year ago I will make a PoC to try it out.
github-actions[bot]
commented
1 year ago This issue is stale because it has been labeled with inactivity.
Trivy can scan local VM images and EC2, but it would be great to support GCE scanning.