Allow to configure imagePullSecret to run trivy job #9567
Replies: 2 comments
-
|
@andylim0221 thanks for your suggestion! Trivy is a CLI tool and, by design, it scans container images outside of a Kubernetes cluster. I’m not entirely convinced that downloading credentials locally is the right approach here — it might introduce unnecessary security risks. If the goal is to scan images within a K8s cluster, there’s already the Trivy Operator for that use case. Also Trivy k8s subcommand passes registry options for image scans, so you can use it to scan private images via $ trivy k8s --help
...
Registry Flags
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--password-stdin password from stdin. Comma-separated passwords are not supported.
--registry-token string registry token
--username strings username. Comma-separated usernames allowed. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for the advice. I will take a look into Trivy operator! |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Description
Would love to have it as a flag to configure imagePullSecret as we may be using private image:
https://github.com/aquasecurity/trivy/blob/3dd0ebbb5687779c7d8a6bd39d9c83a941cdbcb8/pkg/flag/kubernetes_flags.go
Target
Kubernetes
Scanner
Vulnerability
Beta Was this translation helpful? Give feedback.
All reactions