Trivy KBOM for RKE clusters #5329

itaysk · 2024-01-28T12:23:16Z

itaysk
Jan 28, 2024

Hi there, Trivy is an open source vulnerability scanner that recently introduced a feature where it can scan Kubernetes clusters core components for vulnerabilities. (for example, you are running kubelet v1.2.3 which is vulnerable to CVE321 so please update to kubelet v1.2.4) Here is an overview of this.
Currently this works for upstream components, and we are looking to start working with vendors for supporting other k8s distros so that open source Trivy users can start scanning for example RKE clusters as well.
If possible we'd love to connect with someone about the packaging and patching strategy of Rancher.
Thanks!

brandond · 2024-01-29T22:14:33Z

brandond
Jan 29, 2024
Maintainer

Were you looking at RKE specifically, or RKE2 and K3s?

1 reply

itaysk Feb 5, 2024
Author

RKE2

cwayne18 · 2024-02-16T17:14:35Z

cwayne18
Feb 16, 2024
Maintainer

Hi Itay,
We'd be happy to sync up on this with our product folks if you're up for it. Please reach out to [email protected] and I'll try and get something set up. Thanks so much for thinking of us

1 reply

itaysk Feb 20, 2024
Author

Thanks! send you an email

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trivy KBOM for RKE clusters #5329

{{title}}

Replies: 2 comments 2 replies

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Trivy KBOM for RKE clusters #5329

itaysk Jan 28, 2024

Replies: 2 comments · 2 replies

brandond Jan 29, 2024 Maintainer

itaysk Feb 5, 2024 Author

cwayne18 Feb 16, 2024 Maintainer

itaysk Feb 20, 2024 Author

itaysk
Jan 28, 2024

Replies: 2 comments 2 replies

brandond
Jan 29, 2024
Maintainer

itaysk Feb 5, 2024
Author

cwayne18
Feb 16, 2024
Maintainer

itaysk Feb 20, 2024
Author