Trivy is a comprehensive security scanner supporting detection of several types of security issues across various types of target resources.
- Container Image
- Filesystem
- Git repository (remote)
- Kubernetes cluster or resource
- OS packages and software dependencies in use (SBOM)
- Known vulnerabilities (CVEs)
- IaC misconfigurations
- Sensitive information and secrets
Read more in the (Trivy documentation)[https://aquasecurity.github.io/trivy/]
There are several ways to install this app onto a workload cluster.
- Using our web interface
- By creating an App resource in the management cluster as explained in Getting started with App Platform.
This is an example of a values file you could upload using our web interface.
# values.yaml
trivy:
modules:
# Enable Trivy modules feature and install the spring4shell module
enabled: true
urls:
- ghcr.io/aquasecurity/trivy-module-spring4shell
See our full reference page on how to configure applications for more details.
This repo is configured to have a git subtree split folder helm/trivy from https://github.com/giantswarm/trivy-upstream at helm/trivy-app/charts/trivy/ in the local repository.