afdesk
afdesk
If I understood correctly your question, Trivy can scan ConfigMap in Kubernetes cluster. Does it help you?
> Yes, but I was asking about kube-bench, I think some cmd can be rewritten to get the exact same value from config map vs. args vs. ps. That will...
@simar7 yes, sure. I'll take a look at this issue today
Hi @Frituurpanda feel free to correct me if i miss something. Now there is a problem with using Trivy config file: > If trivy-config is set, can't other options be...
> The `trivy.dbRepository` parameter in the `helm/trivy/values.yaml` file also needs to be updated. thanks for the good idea. it should be add after the PR is merged and released.
@simar7 Now trivy-db pushes the database to Docker Hub: https://github.com/aquasecurity/trivy-db/pull/448 maybe it makes sense to add Docker Hub as a default repository too? just idea. thanks!
update: there was an attempt to add some testcases here https://github.com/afdesk/trivy/pull/101/files for #8442 It seems to take a long time; perhaps we should investigate ways to optimize performance. We might...
> as far as I understand using last-applied instead of the live resource was added solely to support deprecated API check. In this case, I think that would be the...
> > I'll try to create a list of deprecated k8s APIs > > what did you mean by that? If I remember correctly, there's no straightforward way to automatically...
> we have it here: https://github.com/aquasecurity/trivy-db-data/blob/main/k8s/api/k8s-outdated-api.json which is used here: https://github.com/aquasecurity/trivy-checks/blob/83ac3dddea29d16ccd1e84c8c018cffe696f41db/Makefile#L56 thanks! Nikita pointed to it today,too I have. another idea, what if we completely remove using last-applied configuration? All...