trivy-operator
trivy-operator copied to clipboard
integration with postee
Add support for integration with postee (https://github.com/aquasecurity/postee) :
- support configuration setting for postee
- add capability to wire reports via postee
- add capability to filter reports data passed to postee
hi @chen-keinan - is this currently something that's being worked upon? this would be very handy to integrate trivy and postee in a k8s environment. I can send a PR if needed.
@simar7 go ahead 🚀 I'll love to see it going on
hi @chen-keinan - just wanted to solicit some feedback regarding how we can go about implementing this before I start writing code and also to validate my understanding regarding the Trivy-operator codebase.
- Currently I see there are 2 kinds of reports being generated:
clustercompliancereport
andconfigauditreport
. They both seem to live as CRDs. Which one would make the most sense to send over to Postee? Both? - Is there anything sensitive stored as part of the results in the CRD?
- How often should these reports be sent over? My initial idea is to wire the sending over of reports every time it is written into the CRD as done here: https://github.com/aquasecurity/trivy-operator/blob/38d04cdd62d8c6843eabf264207b8ead2a7e735a/pkg/configauditreport/io.go#L66
Open to ideas.
hi @chen-keinan - just wanted to solicit some feedback regarding how we can go about implementing this before I start writing code and also to validate my understanding regarding the Trivy-operator codebase.
- Currently I see there are 2 kinds of reports being generated:
clustercompliancereport
andconfigauditreport
. They both seem to live as CRDs. Which one would make the most sense to send over to Postee? Both?- Is there anything sensitive stored as part of the results in the CRD?
- How often should these reports be sent over? My initial idea is to wire the sending over of reports every time it is written into the CRD as done here: https://github.com/aquasecurity/trivy-operator/blob/38d04cdd62d8c6843eabf264207b8ead2a7e735a/pkg/configauditreport/io.go#L66
Open to ideas.
- We have today 8 types of CRDs the last two are not active today (will be back soon)
-
clusterconfigauditreports
-
clusterrbacassessmentreports
-
configauditreports
-
exposedsecretreports
-
rbacassessmentreports
-
vulnerabilityreports
-
clustercompliancedetailreports
-
clustercompliancereports
The first six are event base, meaning every time a resource is deployed a report is generated, the last 2 are cron (configurable default every 3 hours) base. In general, all should go via Postee , however, making it configurable will give the users a way to choose 2. The CRDs show security issues in different categories, the same data as trivy show 3. As you wrote event base is the best for users who want to take out data
Let me know if you have additional questions
thanks for the feedback @chen-keinan - to continue the discussion, I've made a small PoC with the smallest of changes to try to make it work. There's a small test to demonstrate the working of the feature. It's a draft PR for now so we can iterate on it https://github.com/aquasecurity/trivy-operator/pull/476