botkube icon indicating copy to clipboard operation
botkube copied to clipboard

Published 20 hours ago verified publisher icon kubeshop

Add support to perform a vulnerability scan on container images

Open PrasadG193 opened this issue 5 years ago • 4 comments

Is your feature request related to a problem? Please describe. BotKube should perform a vulnerability scan on the container images when pod is created and report CVE report to the user

Describe the solution you'd like

  • We can use Clair to perform vulnerability static analysis container images
  • BotKube should have ability to disable/enable this feature through config flags

PrasadG193 avatar Jul 26 '19 07:07 PrasadG193

I would like to add some points here.

  • Implementing this feature as an "on demand vulnerability scan" using botkube commands, would be nice.
  • Running scans on all pods by default, would lead to repetive scaning of images, for instance during scaling of replias, and we might need a mechanism to know if the image was scanned already.

codenio avatar Jul 26 '19 10:07 codenio

@aananthraj totally agree with you. This will also add the overhead of deploying Clair as a part for BotKube deployment, we need to search for the better option if there is any

PrasadG193 avatar Jul 26 '19 10:07 PrasadG193

Yes @PrasadG193 , I guess we could create/excute a kubernetes job for this instead of creating a permanent clair deployment of clair. The same holds good for #129. Let me know your opinion..?

codenio avatar Jul 26 '19 10:07 codenio

Yeah, that is also one way

PrasadG193 avatar Jul 26 '19 10:07 PrasadG193

Hey, let's come back to this topic once it's requested by the community. Cheers!

pkosiec avatar Jun 16 '23 14:06 pkosiec