admin/aquasecurity-trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2026-02-12 03:33:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
b2cd35a7262eb4f63c43db6bfa2eeec14be24da4
aquasecurity-trivy/dev/tutorials/kubernetes/cluster-scanning/index.html

4070 lines
85 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI">
<link rel="canonical" href="https://aquasecurity.github.io/trivy/dev/tutorials/kubernetes/cluster-scanning/">
<link rel="icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.3.0, mkdocs-material-8.3.9">
<title>Cluster Scanning - Trivy</title>
<link rel="stylesheet" href="../../../assets/stylesheets/main.1d29e8d0.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/palette.cbb835fc.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("../../..",location),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="" data-md-color-primary="none" data-md-color-accent="none">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#kubernetes-scanning-tutorial" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<div data-md-component="outdated" hidden>
<aside class="md-banner md-banner--warning">
<div class="md-banner__inner md-grid md-typeset">
You're not viewing the latest version.
<a href="../../../..">
<strong>Click here to go to latest.</strong>
</a>
</div>
<script>var el=document.querySelector("[data-md-component=outdated]"),outdated=__md_get("__outdated",sessionStorage);!0===outdated&&el&&(el.hidden=!1)</script>
</aside>
</div>
<header class="md-header md-header--lifted" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../../.." title="Trivy" class="md-header__button md-logo" aria-label="Trivy" data-md-component="logo">
<img src="../../../imgs/logo-white.svg" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Trivy
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Cluster Scanning
</span>
</div>
</div>
</div>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/aquasecurity/trivy" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.1.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
</div>
<div class="md-source__repository">
GitHub
</div>
</a>
</div>
</nav>
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-tabs__inner md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../../.." class="md-tabs__link">
Getting Started
</a>
</li>
<li class="md-tabs__item">
<a href="../../overview/" class="md-tabs__link md-tabs__link--active">
Tutorials
</a>
</li>
<li class="md-tabs__item">
<a href="../../../docs/" class="md-tabs__link">
Docs
</a>
</li>
<li class="md-tabs__item">
<a href="../../../ecosystem/" class="md-tabs__link">
Ecosystem
</a>
</li>
<li class="md-tabs__item">
<a href="../../../community/principles/" class="md-tabs__link">
Contributing
</a>
</li>
</ul>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../../.." title="Trivy" class="md-nav__button md-logo" aria-label="Trivy" data-md-component="logo">
<img src="../../../imgs/logo-white.svg" alt="logo">
</a>
Trivy
</label>
<div class="md-nav__source">
<a href="https://github.com/aquasecurity/trivy" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.1.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
</div>
<div class="md-source__repository">
GitHub
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_1" type="checkbox" id="__nav_1" >
<label class="md-nav__link" for="__nav_1">
Getting Started
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Getting Started" data-md-level="1">
<label class="md-nav__title" for="__nav_1">
<span class="md-nav__icon md-icon"></span>
Getting Started
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../.." class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../../../getting-started/installation/" class="md-nav__link">
Installation
</a>
</li>
<li class="md-nav__item">
<a href="../../../getting-started/signature-verification/" class="md-nav__link">
Signature Verification
</a>
</li>
<li class="md-nav__item">
<a href="../../../getting-started/faq/" class="md-nav__link">
FAQ
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2" type="checkbox" id="__nav_2" checked>
<label class="md-nav__link" for="__nav_2">
Tutorials
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Tutorials" data-md-level="1">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Tutorials
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../overview/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_2" type="checkbox" id="__nav_2_2" >
<label class="md-nav__link" for="__nav_2_2">
CI/CD
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="CI/CD" data-md-level="2">
<label class="md-nav__title" for="__nav_2_2">
<span class="md-nav__icon md-icon"></span>
CI/CD
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../integrations/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../../integrations/github-actions/" class="md-nav__link">
GitHub Actions
</a>
</li>
<li class="md-nav__item">
<a href="../../integrations/circleci/" class="md-nav__link">
CircleCI
</a>
</li>
<li class="md-nav__item">
<a href="../../integrations/travis-ci/" class="md-nav__link">
Travis CI
</a>
</li>
<li class="md-nav__item">
<a href="../../integrations/gitlab-ci/" class="md-nav__link">
GitLab CI
</a>
</li>
<li class="md-nav__item">
<a href="../../integrations/bitbucket/" class="md-nav__link">
Bitbucket Pipelines
</a>
</li>
<li class="md-nav__item">
<a href="../../integrations/aws-codepipeline/" class="md-nav__link">
AWS CodePipeline
</a>
</li>
<li class="md-nav__item">
<a href="../../integrations/aws-security-hub/" class="md-nav__link">
AWS Security Hub
</a>
</li>
<li class="md-nav__item">
<a href="../../integrations/azure-devops/" class="md-nav__link">
Azure
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_3" type="checkbox" id="__nav_2_3" checked>
<label class="md-nav__link" for="__nav_2_3">
Kubernetes
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Kubernetes" data-md-level="2">
<label class="md-nav__title" for="__nav_2_3">
<span class="md-nav__icon md-icon"></span>
Kubernetes
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
Cluster Scanning
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
Cluster Scanning
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#prerequisites" class="md-nav__link">
Prerequisites
</a>
</li>
<li class="md-nav__item">
<a href="#cluster-scanning" class="md-nav__link">
Cluster Scanning
</a>
</li>
<li class="md-nav__item">
<a href="#trivy-operator" class="md-nav__link">
Trivy Operator
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../kyverno/" class="md-nav__link">
Kyverno
</a>
</li>
<li class="md-nav__item">
<a href="../gitops/" class="md-nav__link">
GitOps
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_4" type="checkbox" id="__nav_2_4" >
<label class="md-nav__link" for="__nav_2_4">
Misconfiguration
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Misconfiguration" data-md-level="2">
<label class="md-nav__title" for="__nav_2_4">
<span class="md-nav__icon md-icon"></span>
Misconfiguration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../misconfiguration/terraform/" class="md-nav__link">
Terraform scanning
</a>
</li>
<li class="md-nav__item">
<a href="../../misconfiguration/custom-checks/" class="md-nav__link">
Custom Checks with Rego
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_5" type="checkbox" id="__nav_2_5" >
<label class="md-nav__link" for="__nav_2_5">
Signing
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Signing" data-md-level="2">
<label class="md-nav__title" for="__nav_2_5">
<span class="md-nav__icon md-icon"></span>
Signing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../signing/vuln-attestation/" class="md-nav__link">
Vulnerability Scan Record Attestation
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_6" type="checkbox" id="__nav_2_6" >
<label class="md-nav__link" for="__nav_2_6">
Shell
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Shell" data-md-level="2">
<label class="md-nav__title" for="__nav_2_6">
<span class="md-nav__icon md-icon"></span>
Shell
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../shell/shell-completion/" class="md-nav__link">
Completion
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_7" type="checkbox" id="__nav_2_7" >
<label class="md-nav__link" for="__nav_2_7">
Additional Resources
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Additional Resources" data-md-level="2">
<label class="md-nav__title" for="__nav_2_7">
<span class="md-nav__icon md-icon"></span>
Additional Resources
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../additional-resources/references/" class="md-nav__link">
Additional Resources
</a>
</li>
<li class="md-nav__item">
<a href="../../additional-resources/community/" class="md-nav__link">
Community References
</a>
</li>
<li class="md-nav__item">
<a href="../../additional-resources/cks/" class="md-nav__link">
CKS Reference
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3" type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3">
Docs
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Docs" data-md-level="1">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Docs
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_2" type="checkbox" id="__nav_3_2" >
<label class="md-nav__link" for="__nav_3_2">
Target
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Target" data-md-level="2">
<label class="md-nav__title" for="__nav_3_2">
<span class="md-nav__icon md-icon"></span>
Target
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/target/container_image/" class="md-nav__link">
Container Image
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/target/filesystem/" class="md-nav__link">
Filesystem
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/target/rootfs/" class="md-nav__link">
Rootfs
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/target/repository/" class="md-nav__link">
Code Repository
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/target/vm/" class="md-nav__link">
Virtual Machine Image
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/target/kubernetes/" class="md-nav__link">
Kubernetes
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/target/aws/" class="md-nav__link">
AWS
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/target/sbom/" class="md-nav__link">
SBOM
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_3" type="checkbox" id="__nav_3_3" >
<label class="md-nav__link" for="__nav_3_3">
Scanner
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Scanner" data-md-level="2">
<label class="md-nav__title" for="__nav_3_3">
<span class="md-nav__icon md-icon"></span>
Scanner
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/scanner/vulnerability/" class="md-nav__link">
Vulnerability
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_3_2" type="checkbox" id="__nav_3_3_2" >
<label class="md-nav__link" for="__nav_3_3_2">
Misconfiguration
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Misconfiguration" data-md-level="3">
<label class="md-nav__title" for="__nav_3_3_2">
<span class="md-nav__icon md-icon"></span>
Misconfiguration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/scanner/misconfiguration/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_3_2_2" type="checkbox" id="__nav_3_3_2_2" >
<label class="md-nav__link" for="__nav_3_3_2_2">
Policy
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Policy" data-md-level="4">
<label class="md-nav__title" for="__nav_3_3_2_2">
<span class="md-nav__icon md-icon"></span>
Policy
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/scanner/misconfiguration/check/builtin/" class="md-nav__link">
Built-in Checks
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/scanner/misconfiguration/check/exceptions/" class="md-nav__link">
Exceptions
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_3_2_3" type="checkbox" id="__nav_3_3_2_3" >
<label class="md-nav__link" for="__nav_3_3_2_3">
Custom Checks
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Custom Checks" data-md-level="4">
<label class="md-nav__title" for="__nav_3_3_2_3">
<span class="md-nav__icon md-icon"></span>
Custom Checks
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/scanner/misconfiguration/custom/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/scanner/misconfiguration/custom/data/" class="md-nav__link">
Data
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/scanner/misconfiguration/custom/combine/" class="md-nav__link">
Combine
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/scanner/misconfiguration/custom/selectors/" class="md-nav__link">
Selectors
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/scanner/misconfiguration/custom/schema/" class="md-nav__link">
Schemas
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/scanner/misconfiguration/custom/testing/" class="md-nav__link">
Testing
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/scanner/misconfiguration/custom/debug/" class="md-nav__link">
Debugging Policies
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/scanner/misconfiguration/custom/contribute-checks/" class="md-nav__link">
Contribute Checks
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../docs/scanner/secret/" class="md-nav__link">
Secret
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/scanner/license/" class="md-nav__link">
License
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_4" type="checkbox" id="__nav_3_4" >
<label class="md-nav__link" for="__nav_3_4">
Coverage
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Coverage" data-md-level="2">
<label class="md-nav__title" for="__nav_3_4">
<span class="md-nav__icon md-icon"></span>
Coverage
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/coverage/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_4_2" type="checkbox" id="__nav_3_4_2" >
<label class="md-nav__link" for="__nav_3_4_2">
OS
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="OS" data-md-level="3">
<label class="md-nav__title" for="__nav_3_4_2">
<span class="md-nav__icon md-icon"></span>
OS
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/alma/" class="md-nav__link">
AlmaLinux
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/alpine/" class="md-nav__link">
Alpine Linux
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/amazon/" class="md-nav__link">
Amazon Linux
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/cbl-mariner/" class="md-nav__link">
CBL-Mariner
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/centos/" class="md-nav__link">
CentOS
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/chainguard/" class="md-nav__link">
Chainguard
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/conda/" class="md-nav__link">
Conda
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/debian/" class="md-nav__link">
Debian
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/oracle/" class="md-nav__link">
Oracle Linux
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/photon/" class="md-nav__link">
Photon OS
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/rhel/" class="md-nav__link">
Red Hat
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/rocky/" class="md-nav__link">
Rocky Linux
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/suse/" class="md-nav__link">
SUSE
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/ubuntu/" class="md-nav__link">
Ubuntu
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/wolfi/" class="md-nav__link">
Wolfi
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/google-distroless/" class="md-nav__link">
Google Distroless (Images)
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/os/bitnami/" class="md-nav__link">
Bitnami (Images)
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_4_3" type="checkbox" id="__nav_3_4_3" >
<label class="md-nav__link" for="__nav_3_4_3">
Language
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Language" data-md-level="3">
<label class="md-nav__title" for="__nav_3_4_3">
<span class="md-nav__icon md-icon"></span>
Language
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/coverage/language/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/language/c/" class="md-nav__link">
C/C++
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/language/dart/" class="md-nav__link">
Dart
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/language/dotnet/" class="md-nav__link">
.NET
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/language/elixir/" class="md-nav__link">
Elixir
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/language/golang/" class="md-nav__link">
Go
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/language/java/" class="md-nav__link">
Java
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/language/nodejs/" class="md-nav__link">
Node.js
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/language/php/" class="md-nav__link">
PHP
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/language/python/" class="md-nav__link">
Python
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/language/ruby/" class="md-nav__link">
Ruby
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/language/rust/" class="md-nav__link">
Rust
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/language/swift/" class="md-nav__link">
Swift
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/language/julia/" class="md-nav__link">
Julia
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_4_4" type="checkbox" id="__nav_3_4_4" >
<label class="md-nav__link" for="__nav_3_4_4">
IaC
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="IaC" data-md-level="3">
<label class="md-nav__title" for="__nav_3_4_4">
<span class="md-nav__icon md-icon"></span>
IaC
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/coverage/iac/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/iac/azure-arm/" class="md-nav__link">
Azure ARM Template
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/iac/cloudformation/" class="md-nav__link">
CloudFormation
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/iac/docker/" class="md-nav__link">
Docker
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/iac/helm/" class="md-nav__link">
Helm
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/iac/kubernetes/" class="md-nav__link">
Kubernetes
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/iac/terraform/" class="md-nav__link">
Terraform
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../docs/coverage/kubernetes/" class="md-nav__link">
Kubernetes
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_5" type="checkbox" id="__nav_3_5" >
<label class="md-nav__link" for="__nav_3_5">
Configuration
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Configuration" data-md-level="2">
<label class="md-nav__title" for="__nav_3_5">
<span class="md-nav__icon md-icon"></span>
Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/configuration/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/configuration/filtering/" class="md-nav__link">
Filtering
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/configuration/skipping/" class="md-nav__link">
Skipping Files
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/configuration/reporting/" class="md-nav__link">
Reporting
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/configuration/cache/" class="md-nav__link">
Cache
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/configuration/db/" class="md-nav__link">
DB
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/configuration/others/" class="md-nav__link">
Others
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_6" type="checkbox" id="__nav_3_6" >
<label class="md-nav__link" for="__nav_3_6">
Supply Chain
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Supply Chain" data-md-level="2">
<label class="md-nav__title" for="__nav_3_6">
<span class="md-nav__icon md-icon"></span>
Supply Chain
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/supply-chain/sbom/" class="md-nav__link">
SBOM
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_6_2" type="checkbox" id="__nav_3_6_2" >
<label class="md-nav__link" for="__nav_3_6_2">
Attestation
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Attestation" data-md-level="3">
<label class="md-nav__title" for="__nav_3_6_2">
<span class="md-nav__icon md-icon"></span>
Attestation
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/supply-chain/attestation/sbom/" class="md-nav__link">
SBOM
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/supply-chain/attestation/vuln/" class="md-nav__link">
Cosign Vulnerability Scan Record
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/supply-chain/attestation/rekor/" class="md-nav__link">
SBOM Attestation in Rekor
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../docs/supply-chain/vex/" class="md-nav__link">
VEX
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_7" type="checkbox" id="__nav_3_7" >
<label class="md-nav__link" for="__nav_3_7">
Compliance
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Compliance" data-md-level="2">
<label class="md-nav__title" for="__nav_3_7">
<span class="md-nav__icon md-icon"></span>
Compliance
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/compliance/compliance/" class="md-nav__link">
Built-in Compliance
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/compliance/contrib-compliance/" class="md-nav__link">
Custom Compliance
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_8" type="checkbox" id="__nav_3_8" >
<label class="md-nav__link" for="__nav_3_8">
Plugins
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Plugins" data-md-level="2">
<label class="md-nav__title" for="__nav_3_8">
<span class="md-nav__icon md-icon"></span>
Plugins
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/plugin/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/plugin/user-guide/" class="md-nav__link">
User guide
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/plugin/developer-guide/" class="md-nav__link">
Developer guide
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_9" type="checkbox" id="__nav_3_9" >
<label class="md-nav__link" for="__nav_3_9">
Advanced
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Advanced" data-md-level="2">
<label class="md-nav__title" for="__nav_3_9">
<span class="md-nav__icon md-icon"></span>
Advanced
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/advanced/modules/" class="md-nav__link">
Modules
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/advanced/air-gap/" class="md-nav__link">
Air-Gapped Environment
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_9_3" type="checkbox" id="__nav_3_9_3" >
<label class="md-nav__link" for="__nav_3_9_3">
Container Image
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Container Image" data-md-level="3">
<label class="md-nav__title" for="__nav_3_9_3">
<span class="md-nav__icon md-icon"></span>
Container Image
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/advanced/container/embed-in-dockerfile/" class="md-nav__link">
Embed in Dockerfile
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/advanced/container/unpacked-filesystem/" class="md-nav__link">
Unpacked container image filesystem
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_9_3_3" type="checkbox" id="__nav_3_9_3_3" >
<label class="md-nav__link" for="__nav_3_9_3_3">
Private Docker Registries
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Private Docker Registries" data-md-level="4">
<label class="md-nav__title" for="__nav_3_9_3_3">
<span class="md-nav__icon md-icon"></span>
Private Docker Registries
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/advanced/private-registries/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/advanced/private-registries/docker-hub/" class="md-nav__link">
Docker Hub
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/advanced/private-registries/ecr/" class="md-nav__link">
AWS ECR (Elastic Container Registry)
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/advanced/private-registries/gcr/" class="md-nav__link">
GCR (Google Container Registry)
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/advanced/private-registries/acr/" class="md-nav__link">
ACR (Azure Container Registry)
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/advanced/private-registries/self/" class="md-nav__link">
Self-Hosted
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_10" type="checkbox" id="__nav_3_10" >
<label class="md-nav__link" for="__nav_3_10">
References
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="References" data-md-level="2">
<label class="md-nav__title" for="__nav_3_10">
<span class="md-nav__icon md-icon"></span>
References
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_10_1" type="checkbox" id="__nav_3_10_1" >
<label class="md-nav__link" for="__nav_3_10_1">
Configuration
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Configuration" data-md-level="3">
<label class="md-nav__title" for="__nav_3_10_1">
<span class="md-nav__icon md-icon"></span>
Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_10_1_1" type="checkbox" id="__nav_3_10_1_1" >
<label class="md-nav__link" for="__nav_3_10_1_1">
CLI
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="CLI" data-md-level="4">
<label class="md-nav__title" for="__nav_3_10_1_1">
<span class="md-nav__icon md-icon"></span>
CLI
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_aws/" class="md-nav__link">
AWS
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_config/" class="md-nav__link">
Config
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_convert/" class="md-nav__link">
Convert
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_filesystem/" class="md-nav__link">
Filesystem
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_image/" class="md-nav__link">
Image
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_kubernetes/" class="md-nav__link">
Kubernetes
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_10_1_1_8" type="checkbox" id="__nav_3_10_1_1_8" >
<label class="md-nav__link" for="__nav_3_10_1_1_8">
Module
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Module" data-md-level="5">
<label class="md-nav__title" for="__nav_3_10_1_1_8">
<span class="md-nav__icon md-icon"></span>
Module
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_module/" class="md-nav__link">
Module
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_module_install/" class="md-nav__link">
Module Install
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_module_uninstall/" class="md-nav__link">
Module Uninstall
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_10_1_1_9" type="checkbox" id="__nav_3_10_1_1_9" >
<label class="md-nav__link" for="__nav_3_10_1_1_9">
Plugin
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Plugin" data-md-level="5">
<label class="md-nav__title" for="__nav_3_10_1_1_9">
<span class="md-nav__icon md-icon"></span>
Plugin
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_plugin/" class="md-nav__link">
Plugin
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_plugin_info/" class="md-nav__link">
Plugin Info
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_plugin_install/" class="md-nav__link">
Plugin Install
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_plugin_list/" class="md-nav__link">
Plugin List
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_plugin_run/" class="md-nav__link">
Plugin Run
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_plugin_uninstall/" class="md-nav__link">
Plugin Uninstall
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_plugin_update/" class="md-nav__link">
Plugin Update
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_plugin_upgrade/" class="md-nav__link">
Plugin Upgrade
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_plugin_search/" class="md-nav__link">
Plugin Search
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_repository/" class="md-nav__link">
Repository
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_rootfs/" class="md-nav__link">
Rootfs
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_sbom/" class="md-nav__link">
SBOM
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_server/" class="md-nav__link">
Server
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_version/" class="md-nav__link">
Version
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/cli/trivy_vm/" class="md-nav__link">
VM
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/configuration/config-file/" class="md-nav__link">
Config file
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_10_2" type="checkbox" id="__nav_3_10_2" >
<label class="md-nav__link" for="__nav_3_10_2">
Modes
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Modes" data-md-level="3">
<label class="md-nav__title" for="__nav_3_10_2">
<span class="md-nav__icon md-icon"></span>
Modes
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../docs/references/modes/standalone/" class="md-nav__link">
Standalone
</a>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/modes/client-server/" class="md-nav__link">
Client/Server
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../docs/references/troubleshooting/" class="md-nav__link">
Troubleshooting
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4" type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4">
Ecosystem
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Ecosystem" data-md-level="1">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Ecosystem
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../ecosystem/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../../../ecosystem/cicd/" class="md-nav__link">
CI/CD
</a>
</li>
<li class="md-nav__item">
<a href="../../../ecosystem/ide/" class="md-nav__link">
IDE and Dev tools
</a>
</li>
<li class="md-nav__item">
<a href="../../../ecosystem/prod/" class="md-nav__link">
Production and Clouds
</a>
</li>
<li class="md-nav__item">
<a href="../../../ecosystem/reporting/" class="md-nav__link">
Reporting
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5" type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5">
Contributing
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Contributing" data-md-level="1">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Contributing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../community/principles/" class="md-nav__link">
Principles
</a>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5_2" type="checkbox" id="__nav_5_2" >
<label class="md-nav__link" for="__nav_5_2">
How to contribute
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="How to contribute" data-md-level="2">
<label class="md-nav__title" for="__nav_5_2">
<span class="md-nav__icon md-icon"></span>
How to contribute
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../community/contribute/issue/" class="md-nav__link">
Issues
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/contribute/discussion/" class="md-nav__link">
Discussions
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/contribute/pr/" class="md-nav__link">
Pull Requests
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5_3" type="checkbox" id="__nav_5_3" >
<label class="md-nav__link" for="__nav_5_3">
Contribute Rego Checks
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Contribute Rego Checks" data-md-level="2">
<label class="md-nav__title" for="__nav_5_3">
<span class="md-nav__icon md-icon"></span>
Contribute Rego Checks
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../community/contribute/checks/overview/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/contribute/checks/service-support/" class="md-nav__link">
Add Service Support
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5_4" type="checkbox" id="__nav_5_4" >
<label class="md-nav__link" for="__nav_5_4">
Maintainer
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Maintainer" data-md-level="2">
<label class="md-nav__title" for="__nav_5_4">
<span class="md-nav__icon md-icon"></span>
Maintainer
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../community/maintainer/release-flow/" class="md-nav__link">
Release Flow
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/maintainer/backporting/" class="md-nav__link">
Backporting
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/maintainer/help-wanted/" class="md-nav__link">
Help Wanted
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/maintainer/triage/" class="md-nav__link">
Triage
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#prerequisites" class="md-nav__link">
Prerequisites
</a>
</li>
<li class="md-nav__item">
<a href="#cluster-scanning" class="md-nav__link">
Cluster Scanning
</a>
</li>
<li class="md-nav__item">
<a href="#trivy-operator" class="md-nav__link">
Trivy Operator
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<a href="https://github.com/aquasecurity/trivy/blob/main/docs/tutorials/kubernetes/cluster-scanning.md" title="Edit this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25Z"/></svg>
</a>
<h1 id="kubernetes-scanning-tutorial">Kubernetes Scanning Tutorial</h1>
<h2 id="prerequisites">Prerequisites</h2>
<p>To test the following commands yourself, make sure that youre connected to a Kubernetes cluster. A simple kind, a Docker-Desktop or microk8s cluster will do. In our case, well use a one-node kind cluster.<br />
Pro tip: The output of the commands will be even more interesting if you have some workloads running in your cluster.</p>
<h2 id="cluster-scanning">Cluster Scanning</h2>
<p>Trivy K8s is great to get an overview of all the vulnerabilities and misconfiguration issues or to scan specific workloads that are running in your cluster. You would want to use the Trivy K8s command either on your own local cluster or in your CI/CD pipeline post deployments. </p>
<p>The <code>trivy k8s</code> command is part of the Trivy CLI.</p>
<p>With the following command, we can scan our entire Kubernetes cluster for vulnerabilities and get a summary of the scan:</p>
<div class="highlight"><pre><span></span><code>trivy k8s --report<span class="o">=</span>summary
</code></pre></div>
<p>To get detailed information for all your resources, just replace summary with all: </p>
<div class="highlight"><pre><span></span><code>trivy k8s --report<span class="o">=</span>all
</code></pre></div>
<p>However, we recommend displaying all information only in case you scan a specific namespace or resource since you can get overwhelmed with additional details. </p>
<p>Furthermore, we can specify the namespace that Trivy is supposed to scan to focus on specific resources in the scan result: </p>
<div class="highlight"><pre><span></span><code>trivy k8s --include-namespaces kube-system --report summary
</code></pre></div>
<p>Again, if youd like to receive additional details, use the --report=all flag: </p>
<div class="highlight"><pre><span></span><code>trivy k8s --include-namespaces kube-system --report all
</code></pre></div>
<p>Like with scanning for vulnerabilities, we can also filter in-cluster security issues by severity of the vulnerabilities: </p>
<div class="highlight"><pre><span></span><code>trivy k8s --severity<span class="o">=</span>CRITICAL --report<span class="o">=</span>summary
</code></pre></div>
<p>Note that you can use any of the Trivy flags on the Trivy K8s command. </p>
<h2 id="trivy-operator">Trivy Operator</h2>
<p>The Trivy K8s command is an imperative model to scan resources. We wouldnt want to manually scan each resource across different environments. The larger the cluster and the more workloads are running in it, the more error-prone this process would become. With the Trivy Operator, we can automate the scanning process after the deployment. </p>
<p>The Trivy Operator follows the Kubernetes Operator Model. Operators automate human actions, and the result of the task is saved as custom resource definitions (CRDs) within your cluster. </p>
<p>This has several benefits: </p>
<ul>
<li>
<p>Trivy Operator is installed CRDs in our cluster. As a result, all our resources, including our security scanner and its scan results, are Kubernetes resources. This makes it much easier to integrate the Trivy Operator directly into our existing processes, such as connecting Trivy with Prometheus, a monitoring system. </p>
</li>
<li>
<p>The Trivy Operator will automatically scan your resources every six hours. You can set up automatic alerting in case new critical security issues are discovered. </p>
</li>
<li>
<p>The CRDs can be both machine and human-readable depending on which applications consume the CRDs. This allows for more versatile applications of the Trivy operator. </p>
</li>
</ul>
<p>There are several ways that you can install the Trivy Operator in your cluster. In this guide, were going to use the Helm installation based on the <a href="../../../docs/target/kubernetes/#trivy-operator">following documentation.</a></p>
<p>Please follow the Trivy Operator documentation for further information on:</p>
<ul>
<li><a href="https://aquasecurity.github.io/trivy-operator/latest/getting-started/installation/">Installation of the Trivy Operator</a></li>
<li><a href="https://aquasecurity.github.io/trivy-operator/latest/getting-started/quick-start/">Getting started guide</a></li>
</ul>
</article>
<script>var tabs=__md_get("__tabs");if(Array.isArray(tabs))e:for(var set of document.querySelectorAll(".tabbed-set")){var tab,labels=set.querySelector(".tabbed-labels");for(tab of tabs)for(var label of labels.getElementsByTagName("label"))if(label.innerText.trim()===tab){var input=document.getElementById(label.htmlFor);input.checked=!0;continue e}}</script>
</div>
</div>
</main>
<footer class="md-footer">
<nav class="md-footer__inner md-grid" aria-label="Footer" >
<a href="../../integrations/azure-devops/" class="md-footer__link md-footer__link--prev" aria-label="Previous: Azure" rel="prev">
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
</div>
<div class="md-footer__title">
<div class="md-ellipsis">
<span class="md-footer__direction">
Previous
</span>
Azure
</div>
</div>
</a>
<a href="../kyverno/" class="md-footer__link md-footer__link--next" aria-label="Next: Kyverno" rel="next">
<div class="md-footer__title">
<div class="md-ellipsis">
<span class="md-footer__direction">
Next
</span>
Kyverno
</div>
</div>
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4Z"/></svg>
</div>
</a>
</nav>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
</div>
<div class="md-social">
<a href="https://twitter.com/AquaTrivy" target="_blank" rel="noopener" title="twitter.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 6.1.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"/></svg>
</a>
<a href="https://github.com/aquasecurity/trivy" target="_blank" rel="noopener" title="github.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.1.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
</a>
<a href="https://github.com/aquasecurity/trivy" target="_blank" rel="noopener" title="github.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.1.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M94.12 315.1c0 25.9-21.16 47.06-47.06 47.06S0 341 0 315.1c0-25.9 21.16-47.06 47.06-47.06h47.06v47.06zm23.72 0c0-25.9 21.16-47.06 47.06-47.06s47.06 21.16 47.06 47.06v117.84c0 25.9-21.16 47.06-47.06 47.06s-47.06-21.16-47.06-47.06V315.1zm47.06-188.98c-25.9 0-47.06-21.16-47.06-47.06S139 32 164.9 32s47.06 21.16 47.06 47.06v47.06H164.9zm0 23.72c25.9 0 47.06 21.16 47.06 47.06s-21.16 47.06-47.06 47.06H47.06C21.16 243.96 0 222.8 0 196.9s21.16-47.06 47.06-47.06H164.9zm188.98 47.06c0-25.9 21.16-47.06 47.06-47.06 25.9 0 47.06 21.16 47.06 47.06s-21.16 47.06-47.06 47.06h-47.06V196.9zm-23.72 0c0 25.9-21.16 47.06-47.06 47.06-25.9 0-47.06-21.16-47.06-47.06V79.06c0-25.9 21.16-47.06 47.06-47.06 25.9 0 47.06 21.16 47.06 47.06V196.9zM283.1 385.88c25.9 0 47.06 21.16 47.06 47.06 0 25.9-21.16 47.06-47.06 47.06-25.9 0-47.06-21.16-47.06-47.06v-47.06h47.06zm0-23.72c-25.9 0-47.06-21.16-47.06-47.06 0-25.9 21.16-47.06 47.06-47.06h117.84c25.9 0 47.06 21.16 47.06 47.06 0 25.9-21.16 47.06-47.06 47.06H283.1z"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.tabs.sticky", "navigation.sections", "navigation.footer", "content.action.edit", "content.tabs.link", "content.code.annotate", "content.code.copy"], "search": "../../../assets/javascripts/workers/search.b97dbffb.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "version": {"default": "latest", "method": "mike", "provider": "mike"}}</script>
<script src="../../../assets/javascripts/bundle.6c7ad80a.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink