Add Trivy as Vulnerability plugin

undistro / zora

Zora is an open source solution that helps you achieve compliance with Kubernetes best practices recommended by industry-leading frameworks. By scanning your cluster with multiple plugins, Zora identifies potential issues, misconfigurations, and vulnerabilities.

https://getup.io/opensource/zora-oss

Apache License 2.0

278 stars 23 forks source link

Add Trivy as Vulnerability plugin #228

Closed matheusfm closed 10 months ago

matheusfm commented 1 year ago

Description

Add Trivy as Vulnerability plugin.

How has this been tested?

These changes can be tested by installing Zora version 0.7.0-rc7

helm repo update undistro
helm upgrade --install zora undistro/zora \
  -n zora-system \
  --create-namespace \
  --wait \
  --set clusterName=$(kubectl config current-context) \
  --version 0.7.0-rc7

Then one Cluster and two ClusterScans will already be available in zora-system namespace.

kubectl get cluster,scan -n zora-system

Checklist

[x] I have labeled this PR with the relevant Type labels
[x] I have documented my code (if applicable)
[x] My changes are covered by tests

matheusfm commented 12 months ago

Zora helm chart 0.7.0-rc4 is released to test the latest changes

matheusfm commented 11 months ago

Zora 0.7.0-rc6 has been released.

Now, Zora chart allows --set 'scan.plugins.trivy.ignoreUnfixed=true' and --set 'scan.plugins.trivy.ignoreDescriptions=true', which can be helpful if the vulnerability report exceeds the etcd request payload limit (error example below).

2023-09-26T14:18:02Z    ERROR   worker  failed to run worker    {"error": "failed to create VulnerabilityReport \"kind-kind-usdockerpkgdevgooglesamplescontainersgkegbfrontendsha256dc8de8e0d569d2f828b187528c9317bd6b605c273ac5a282aebe471f630420fc-rzntw\": etcdserver: request is too large"}

matheusfm commented 10 months ago

Zora 0.7.0-rc7 has been released.