search

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
https://aquasecurity.github.io/trivy
Apache License 2.0
23.19k stars 2.29k forks source link

Separate Kubernetes cluster scanning into a plugin #5017

Open knqyf263 opened 1 year ago

knqyf263 commented 1 year ago

Background

Currently, Trivy can scan Kubernetes clusters and AWS accounts. There are plans to further extend its functionalities, such as adding Azure scanning. It's essential to redefine Trivy's core functionality: Trivy is designed to find security issues, such as vulnerabilities and misconfigurations, in generated artifacts and code repositories. Therefore, the scanning of running environments should be separated as plugins.

Proposal

We propose separating Trivy's Kubernetes cluster scanning feature into a distinct plugin. The source code for this functionality should be placed in aquasecurity/trivy-kubernetes as an independent command. This setup would allow it to be used both as a standalone tool and as a Trivy plugin. Users who only need the K8s cluster scanning can install trivy-kubernetes without having to install Trivy. To ensure that users' workflow utilizing the trivy k8s command isn't disrupted, executing the trivy k8s command should transparently install and run the plugin.

thapabishwa commented 1 year ago

Any estimate of when this feature will be ready?

knqyf263 commented 1 year ago

Any estimate of when this feature will be ready?

No ETA now.