Display the data from a K8s Trivy scan file

[CommanderPaladin]

Hello wonderful people.

I come to you with a question.
I have Trivy scan done in a Kubernetes Cluster (a Cluster I made to play around)

Used the following command:
trivy k8s --report all cluster --format json -o report.json

The result is the scan in .json format but there is a question. What can I use to turn this file in a nice viewable report? For example, I want to sort the data by the image name, or namespace or anything else.

I tried using DefectDojo, put the json inside and it generated me a wonderful report as I wanted but not really. It wouldn't let me sort the report after an image or something else and the output report generated would be hundreds of vulnerabilities unsorted, just the vulnerability name, the CWE with no way of grouping them by the image name or something (a grouped set of vulnerabilities that are found in a specific set set or image or namespace)

I have also tried Trivy Operator. This is something else but combined with an extension "starboard-lens-extension" it allows me to see the data as I wanted. Vulnerabilities grouped into images or state names. The problem is that the extension won't me generate a report. Here is a picture with the extension:

It shows very nicely that I have an image, it has 108 critical vulns... If I click on it it gives me details, the CWE and the names (the same as the DefectDojo outputs but with no way of grouping them):

Is there a way to use that Trivy report .json and somehow with an extension or software to generate me a report in which the vulnerabilities are grouped?

Thank you so much for your time and help.

[itaysk]

Hi, there isn't built-in reporting with Trivy or Trivy Operator. You would have to take the resulting JSON and work with a 3rd party tool to create a report from it.

For consuming Trivy Operator data at the cluster level, we recommend using Grafana. Here's a walkthrough https://www.youtube.com/watch?v=wmnWS_5VBkI

For one-time scan, or control of the report, you can try converting the json to CSV (example) and then loading to your favorite data exploration tool, like Excel.

If you're looking for more vulnerability management features, you can look at Aqua Security (paid commercial product) which is built on top of Trivy.

[CommanderPaladin]

Hello sir.
That's very helpful thank you so much!

I'll go with the Grafana method.
After going trough the install phase and configuration, do you know any way on how I could potentially display a selected image/pod with all the vulnerabilities with their CVEs? The dashboards I have found for Grafana don't seem to have this kind of option for Trivy Operator, (they only display bulk information like there are 200 critical vulns for a namespace but no way to see the details of those vulnerabilities) and I was wondering...

[rinarudhei]

Hi sir @CommanderPaladin ,

I also using the Grafana method and wondering how to check the details too. Have you found some alternatives way to do it?

Thanks