Monitoring vulnerabilities in docker images

Build & Deploy

Docker Image

$ ./build.image.sh [repository:tag]
...

Deploy

Set github token and image tag in deploy/kubernetes/deployment.yaml, then kubectl apply -f deploy/kubernetes.

Usage

Every 5 minutes, the script will be executed, It will get image list from all namespaces with the label trivy=true, and then scan this images with trivy, finally we will get metrics on http://[pod-ip]:9115/metrics like this:

# HELP so_vulnerabilities so_vulnerabilities
# TYPE so_vulnerabilities gauge
so_vulnerabilities{hook="trivy-scanner.py",image="nginx:1.19.6-alpine",severity="CRITICAL"} 0
so_vulnerabilities{hook="trivy-scanner.py",image="nginx:1.19.6-alpine",severity="HIGH"} 4
so_vulnerabilities{hook="trivy-scanner.py",image="nginx:1.19.6-alpine",severity="LOW"} 2
so_vulnerabilities{hook="trivy-scanner.py",image="nginx:1.19.6-alpine",severity="MEDIUM"} 4
so_vulnerabilities{hook="trivy-scanner.py",image="nginx:1.19.6-alpine",severity="UNKNOWN"} 0

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
deploy		deploy
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
TODO.md		TODO.md
build.image.sh		build.image.sh
trivy-scanner.py		trivy-scanner.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Monitoring vulnerabilities in docker images

Build & Deploy

Docker Image

Deploy

Usage

About

Releases

Packages

Languages

License

fleeto/trivy-scanner

Folders and files

Latest commit

History

Repository files navigation

Monitoring vulnerabilities in docker images

Build & Deploy

Docker Image

Deploy

Usage

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages