bug(k8s): k8s scan works too long

Open afdesk opened this issue 1 year ago • 0 comments

Description

Trivy kubernetes scan takes a lot of time for small minikube cluster:

$ time trivy k8s --report summary --debug --disable-node-collector --timeout 30m0s  
491,23s user 49,05s system 55% cpu 16:21,43 total

As said in #7661 Trivy fails even for test environment.

Reason

Trivy creates a new scanner for each kubernetes artifact: https://github.com/aquasecurity/trivy/blob/ab3a3b2e6ed15db90967084fac825ddb2f50e70d/pkg/k8s/scanner/scanner.go#L158 https://github.com/aquasecurity/trivy/blob/ab3a3b2e6ed15db90967084fac825ddb2f50e70d/pkg/k8s/scanner/scanner.go#L184

Solution

As an idea we can try to optimize using of scanners.

Reproduction Steps

$ trivy k8s --report summary --debug --disable-node-collector --timeout 30m0s

Discussed in https://github.com/aquasecurity/trivy/discussions/7661

Oct 07 '24 10:10 afdesk