trivy
trivy copied to clipboard
aquasecurity
Trivy kubernetes cluster scanning only scans for kube-system namespace and does not scan anything within other namespace
Trivy kubernetes cluster scanning only scans for kube-system namespace. I have other namespaces as well and a lot of workload is deployed there. It does not list out any one of them.
18:23:20 + trivy --cache-dir /common-lab/trivy --debug k8s --skip-update --offline-scan --security-checks vuln --report summary cluster 18:23:20 2022-11-10T12:53:20.491Z DEBUG Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL 18:23:47 2022-11-10T12:53:46.158Z DEBUG cache dir: /common-lab/trivy 18:23:47 2022-11-10T12:53:46.264Z DEBUG Skipping DB update... 18:23:47 2022-11-10T12:53:46.317Z DEBUG DB Schema: 2, UpdatedAt: 2022-11-10 00:14:01.562555827 +0000 UTC, NextUpdate: 2022-11-10 06:14:01.562555327 +0000 UTC, DownloadedAt: 0001-01-01 00:00:00 +0000 UTC [Pipeline] sh 18:25:24 + cat report.txt 18:25:24
18:25:24 Summary Report for context-cywkmtemu2w 18:25:24 ┌─────────────┬────────────────────────────────────┬─────────────────────────┬───────────────────┬───────────────────┐ 18:25:24 │ Namespace │ Resource │ Vulnerabilities │ Misconfigurations │ Secrets │ 18:25:24 │ │ ├───┬─────┬─────┬────┬────┼───┬───┬───┬───┬───┼───┬───┬───┬───┬───┤ 18:25:24 │ │ │ C │ H │ M │ L │ U │ C │ H │ M │ L │ U │ C │ H │ M │ L │ U │ 18:25:24 ├─────────────┼────────────────────────────────────┼───┼─────┼─────┼────┼────┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┤ 18:25:24 │ kube-system │ DaemonSet/hidden-here │ 3 │ 139 │ 132 │ 4 │ │ │ │ │ │ │ │ │ │ │ │ 18:25:24 │ kube-system │ Deployment/hidden-here │ 3 │ 22 │ 117 │ 2 │ │ │ │ │ │ │ │ │ │ │ │ 18:25:24 │ kube-system │ Deployment/hidden-here │ 3 │ 22 │ 138 │ 3 │ │ │ │ │ │ │ │ │ │ │ │ 18:25:24 └─────────────┴────────────────────────────────────┴───┴─────┴─────┴────┴────┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┘ 18:25:24 Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN
I did namespace specific scanning also but it does not list out anything.
Trivy version used is 0.34.0
This issue is stale because it has been labeled with inactivity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@sourabhgupta385 tested it with latest trivy version v0.36.1 and found it working for all namespaces, please confirm if it is still an issue
trivy k8s --skip-update --offline-scan --security-checks vuln --report summary cluster
output :
Summary Report for kind-kind
Workload Assessment
┌────────────────────┬────────────────────────────────────────────────┬──────────────────────────┐
│ Namespace │ Resource │ Vulnerabilities │
│ │ ├────┬─────┬─────┬─────┬───┤
│ │ │ C │ H │ M │ L │ U │
├────────────────────┼────────────────────────────────────────────────┼────┼─────┼─────┼─────┼───┤
│ local-path-storage │ Deployment/local-path-provisioner │ 4 │ 32 │ 10 │ 2 │ │
│ kube-system │ DaemonSet/kindnet │ 18 │ 45 │ 31 │ 67 │ 1 │
│ kube-system │ Pod/etcd-kind-control-plane │ │ │ │ │ 6 │
│ kube-system │ Pod/kube-controller-manager-kind-control-plane │ │ │ │ │ 2 │
│ kube-system │ Pod/kube-scheduler-kind-control-plane │ │ │ │ │ 2 │
│ kube-system │ DaemonSet/kube-proxy │ 18 │ 35 │ 23 │ 67 │ 1 │
│ kube-system │ Deployment/coredns │ │ 12 │ 8 │ 4 │ │
│ kube-system │ Pod/kube-apiserver-kind-control-plane │ │ │ │ │ 2 │
│ default │ Deployment/nginx-deployment │ 58 │ 112 │ 103 │ 163 │ 7 │
└────────────────────┴────────────────────────────────────────────────┴────┴─────┴─────┴─────┴───┘
Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN
This issue is stale because it has been labeled with inactivity.