trivy-operator icon indicating copy to clipboard operation
trivy-operator copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

integration with postee

Open chen-keinan opened this issue 2 years ago • 2 comments

Add support for integration with postee (https://github.com/aquasecurity/postee) :

  • support configuration setting for postee
  • add capability to wire reports via postee
  • add capability to filter reports data passed to postee

chen-keinan avatar May 31 '22 10:05 chen-keinan

hi @chen-keinan - is this currently something that's being worked upon? this would be very handy to integrate trivy and postee in a k8s environment. I can send a PR if needed.

simar7 avatar Jul 11 '22 22:07 simar7

@simar7 go ahead 🚀 I'll love to see it going on

chen-keinan avatar Jul 11 '22 22:07 chen-keinan

hi @chen-keinan - just wanted to solicit some feedback regarding how we can go about implementing this before I start writing code and also to validate my understanding regarding the Trivy-operator codebase.

  1. Currently I see there are 2 kinds of reports being generated: clustercompliancereport and configauditreport. They both seem to live as CRDs. Which one would make the most sense to send over to Postee? Both?
  2. Is there anything sensitive stored as part of the results in the CRD?
  3. How often should these reports be sent over? My initial idea is to wire the sending over of reports every time it is written into the CRD as done here: https://github.com/aquasecurity/trivy-operator/blob/38d04cdd62d8c6843eabf264207b8ead2a7e735a/pkg/configauditreport/io.go#L66

Open to ideas.

simar7 avatar Aug 25 '22 22:08 simar7

hi @chen-keinan - just wanted to solicit some feedback regarding how we can go about implementing this before I start writing code and also to validate my understanding regarding the Trivy-operator codebase.

  1. Currently I see there are 2 kinds of reports being generated: clustercompliancereport and configauditreport. They both seem to live as CRDs. Which one would make the most sense to send over to Postee? Both?
  2. Is there anything sensitive stored as part of the results in the CRD?
  3. How often should these reports be sent over? My initial idea is to wire the sending over of reports every time it is written into the CRD as done here: https://github.com/aquasecurity/trivy-operator/blob/38d04cdd62d8c6843eabf264207b8ead2a7e735a/pkg/configauditreport/io.go#L66

Open to ideas.

  1. We have today 8 types of CRDs the last two are not active today (will be back soon)
  • clusterconfigauditreports
  • clusterrbacassessmentreports
  • configauditreports
  • exposedsecretreports
  • rbacassessmentreports
  • vulnerabilityreports
  • clustercompliancedetailreports
  • clustercompliancereports

The first six are event base, meaning every time a resource is deployed a report is generated, the last 2 are cron (configurable default every 3 hours) base. In general, all should go via Postee , however, making it configurable will give the users a way to choose 2. The CRDs show security issues in different categories, the same data as trivy show 3. As you wrote event base is the best for users who want to take out data

Let me know if you have additional questions

chen-keinan avatar Aug 26 '22 05:08 chen-keinan

thanks for the feedback @chen-keinan - to continue the discussion, I've made a small PoC with the smallest of changes to try to make it work. There's a small test to demonstrate the working of the feature. It's a draft PR for now so we can iterate on it https://github.com/aquasecurity/trivy-operator/pull/476

simar7 avatar Sep 01 '22 04:09 simar7