Skip to main content

Trivy Operator

Overview

Trivy Operator is available as an add-on within Ankra's platform, providing a Kubernetes-native security toolkit that scans your Kubernetes resources and workloads for security vulnerabilities. Trivy Operator helps you ensure your cluster is secure by continuously auditing your environment for vulnerabilities.

Configuration Options

The Trivy Operator add-on offers configurable inputs that allow you to customize the deployment based on your organization's security needs. Below are the available inputs:

Inputs

  • Helm Chart Version
    This input sets the version of the Trivy Operator Helm chart to deploy.

    • Default: 0.24.1
    • Options:
      • 0.24.1 (default)

    Example:

    helm_chart_version: "0.24.1"

  • Replicas
    This input sets the number of replicas for the Trivy Operator deployment.

    • Default: 1
    • Options:
      • 1 (default)
      • 2
      • 3

    Example:

    replicas: "1"

  • Concurrent Limit
    This input defines the number of concurrent scan jobs for the Trivy Operator.

    • Default: 1
    • Options:
      • 1 (default)
      • 2, 3, 4, 5

    Example:

    concurrent_limit: "1"

  • Service Monitor
    This input allows you to enable or disable the Prometheus ServiceMonitor for the Trivy Operator.

    • Default: false
    • Options:
      • true
      • false (default)

    Example:

    service_monitor: "false"

Usage

Deploying Trivy Operator

To deploy Trivy Operator in your Kubernetes cluster using Ankra, follow these steps:

  1. Access the Add-ons Section
    In Ankra's platform, navigate to the Add-ons section and select Trivy Operator from the list of available add-ons.

  2. Configure Inputs
    You will be prompted to configure the following inputs:

    • Helm Chart Version: Set the version of the Trivy Operator Helm chart to install.
    • Replicas: Define the number of replicas for the Trivy Operator.
    • Concurrent Limit: Set the number of concurrent scan jobs.
    • Service Monitor: Optionally enable the ServiceMonitor for Prometheus.

    Example configuration:

    helm_chart_version: "0.24.1"
    replicas: "1"
    concurrent_limit: "1"
    service_monitor: "false"

  3. How to use Trivy-Operator
    To access all reports:

    kubectl get vulnerabilityreports -o wide -A