trivy-operator icon indicating copy to clipboard operation
trivy-operator copied to clipboard
verified publisher icon aquasecurity

CIS Benchmark support

Open MPV opened this issue 3 years ago • 3 comments

What are the plans for adding back CIS Benchmark support into the trivy-operator (which existed in Starboard using kube-bench)?

MPV avatar Jun 15 '22 21:06 MPV

I noticed that it was removed in:

  • #80

And that there are plans for a different kind of underlying solution, as per: https://github.com/aquasecurity/trivy-operator/issues/55#issuecomment-1144589371

@chen-keinan Removing kube-bench, also means removing ClusterComplianceReport (logic, controller, helm chart, crd, right? Because the cluster compliance is a mix of info from kube-bench/configaudit reports.

not really, its also uses config-audit, lets keep compliance report as we are going to replace kube-bench checks with OPA rego policies

MPV avatar Jun 15 '22 21:06 MPV

@MPV yes, we are working on adding CIS related checks as opa policies. once its completed the compliance report will be as well

chen-keinan avatar Jun 16 '22 06:06 chen-keinan

we're still working on supporting CIS benchmark checks to Trivy (CLI), which is tracked here: https://github.com/aquasecurity/trivy/issues/2198

itaysk avatar Sep 20 '22 10:09 itaysk

functionality has ben added with #816 , released with trivy-operator v0.11.1

chen-keinan avatar Feb 27 '23 07:02 chen-keinan