Display the data from a K8s Trivy scan file #3591
Unanswered
CommanderPaladin
asked this question in
Q&A
Replies: 1 comment 2 replies
-
Hi, there isn't built-in reporting with Trivy or Trivy Operator. You would have to take the resulting JSON and work with a 3rd party tool to create a report from it. For consuming Trivy Operator data at the cluster level, we recommend using Grafana. Here's a walkthrough https://www.youtube.com/watch?v=wmnWS_5VBkI For one-time scan, or control of the report, you can try converting the json to CSV (example) and then loading to your favorite data exploration tool, like Excel. If you're looking for more vulnerability management features, you can look at Aqua Security (paid commercial product) which is built on top of Trivy. |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello wonderful people.
I come to you with a question.
I have Trivy scan done in a Kubernetes Cluster (a Cluster I made to play around)
Used the following command:
trivy k8s --report all cluster --format json -o report.json
The result is the scan in .json format but there is a question. What can I use to turn this file in a nice viewable report? For example, I want to sort the data by the image name, or namespace or anything else.
I tried using DefectDojo, put the json inside and it generated me a wonderful report as I wanted but not really. It wouldn't let me sort the report after an image or something else and the output report generated would be hundreds of vulnerabilities unsorted, just the vulnerability name, the CWE with no way of grouping them by the image name or something (a grouped set of vulnerabilities that are found in a specific set set or image or namespace)
I have also tried Trivy Operator. This is something else but combined with an extension "starboard-lens-extension" it allows me to see the data as I wanted. Vulnerabilities grouped into images or state names. The problem is that the extension won't me generate a report. Here is a picture with the extension:
It shows very nicely that I have an image, it has 108 critical vulns... If I click on it it gives me details, the CWE and the names (the same as the DefectDojo outputs but with no way of grouping them):
Is there a way to use that Trivy report .json and somehow with an extension or software to generate me a report in which the vulnerabilities are grouped?
Thank you so much for your time and help.
Beta Was this translation helpful? Give feedback.
All reactions