trivy-operator icon indicating copy to clipboard operation
trivy-operator copied to clipboard
verified publisher icon aquasecurity

Filter by image registry or regex

Open ybasket opened this issue 1 year ago • 2 comments

Background We're currently evaluating trivy-operator to secure our clusters regarding vulnerabilities in 3rd party container images, for example nginx. As we already regularly scan images we build ourselves, it would be great if we could exclude our internal AWS ECR registry from image scanning. Namespace filtering doesn't help as they contain a mix of images from different sources. Resource labelling would work, but is rather tedious to set up and ensure only the correct resources are labelled.

Feature Allow filtering image before scanning by registry or more broadly, by regex on the image URL, so trivy-operator would skip (or only include) containers running such images while considering all others.

ybasket avatar Apr 11 '24 14:04 ybasket

@ybasket as mention in discussion, feel free to pick it up if you have time.

chen-keinan avatar Apr 15 '24 13:04 chen-keinan

@ybasket as mention in discussion, feel free to pick it up if you have time.

I might do, but as it's neither decided we'll use trivy-operator nor am I a well-versed Go programmer, please don't rely on it. If anybody else is interested in implementing this, please go ahead :)

ybasket avatar Apr 15 '24 14:04 ybasket