Improve Kubernetes scanning user experience #5745
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
priority/backlog
Higher priority than priority/awaiting-more-evidence.
target/kubernetes
Issues relating to kubernetes cluster scanning
Milestone
discussed in #5725
Issues raised in the linked discussion:
--components workloads
includes some cluster-level checks (which isn't semantically correct).when designing a solution, we should consider the following k8s scanning features:
Proposed solution
trivy k8s context
is the basic command template, like all other Trivy targets. Today we allow kubectl-like experience likekind/resource
positional and--namespace
flag in addition to a pseudo resource calledcluster
; these will be removed. There will be only one positional which is the cluster connection, and further refinement will be through target-specific flags. the positional will be a reference to a kubeconfig context, which is quite standard. if not provided the default kubeconfig and default context will be used, sotrivy k8s
will still work.Additional flags to refine the target:
--include-namespace/--exclude-namespace
--include-kind/--exclude-kind
--skip-images
--disable-node-collector`examples
cis
cis
without node level checksnsa /pss
Tasks :
--skip-images
flag #6193--disable-node-collector
flag #6194--include-namespaces
and--exclude-namespaces
#6195--include-kinds
and--exclude-kinds
#6196cluster
andall
args and unused flags #6467The text was updated successfully, but these errors were encountered: