afdesk
afdesk
@badgerspoke sorry for long delay. the verdict/decision is obvious, we should check and fix it. last time we investigated and fixed some performance issues here, but now I hope we'll...
> Actually I'm even more confused now - why does the _operator_ need the DBs at all? The scan pods run trivy and they need the DBs or maybe only...
> > Trivy publishes a new Helm Chart only for major versions (ex 0.55.0). > > I didn't find conditions for that. This condition works only for major version, because...
> > a new PR: [afdesk#72](https://github.com/afdesk/trivy/pull/72) > > IIUC author of PR should be `aqua-bot` (as for backport (e.g. #7521)) it seems it depends on token owner, because I tried...
I had concerns about `label` (`lifecycle/active`) and about `versions` (that chart version is equal trivy version now). @itaysk @knqyf263 wdyt? thanks
@knqyf263 @DmitriyLewen I've updated a version changing. Could you take a look at this PR again when you have time? thanks a lot!
@DmitriyLewen Could take another look at this PR? thank
additional info. it comes from here: https://github.com/aquasecurity/trivy-kubernetes/blob/f0d867cade215d1ac88b8d5d66650c00d56a748c/pkg/trivyk8s/trivyk8s.go#L300-306 also we should skip node checks here: https://github.com/aquasecurity/trivy/blob/ad58cf4457ebef80ff0bc4c113d4ab4c86a9fe56/pkg/k8s/scanner/scanner.go#L228-L231 https://github.com/aquasecurity/trivy/blob/ad58cf4457ebef80ff0bc4c113d4ab4c86a9fe56/pkg/k8s/scanner/scanner.go#L377-L381
I also tested scanning for `kube-system` namespace: ```sh $ trivy k8s --report summary ... Infra Assessment ┌─────────────┬──────────────────────────────────────────────┬──────────────────────┬────────────────────┬───────────────────┐ │ Namespace │ Resource │ Vulnerabilities │ Misconfigurations │ Secrets │ │ │...
> isn't this a bug? I think that no, it was done on purpose: https://github.com/aquasecurity/trivy-kubernetes/pull/254