Skip to content

Commit

Permalink
docs: correcting the trivy k8s tutorial (#4815)
Browse files Browse the repository at this point in the history
* correcting the trivy k8s tutorial

Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>

* docs: fix

---------

Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
  • Loading branch information
AnaisUrlichs and knqyf263 authored Jul 16, 2023
1 parent 3c7d988 commit 88243a0
Showing 1 changed file with 7 additions and 8 deletions.
15 changes: 7 additions & 8 deletions docs/tutorials/kubernetes/cluster-scanning.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,47 +10,46 @@ Pro tip: The output of the commands will be even more interesting if you have so

Trivy K8s is great to get an overview of all the vulnerabilities and misconfiguration issues or to scan specific workloads that are running in your cluster. You would want to use the Trivy K8s command either on your own local cluster or in your CI/CD pipeline post deployments.

The Trivy K8s command is part of the Trivy CLI:

The `trivy k8s` command is part of the Trivy CLI.

With the following command, we can scan our entire Kubernetes cluster for vulnerabilities and get a summary of the scan:

```
trivy k8s --report=summary
trivy k8s --report=summary cluster
```

To get detailed information for all your resources, just replace ‘summary’ with ‘all’:

```
trivy k8s --report=all
trivy k8s --report=all cluster
```

However, we recommend displaying all information only in case you scan a specific namespace or resource since you can get overwhelmed with additional details.

Furthermore, we can specify the namespace that Trivy is supposed to scan to focus on specific resources in the scan result:

```
trivy k8s -n kube-system --report=summary
trivy k8s -n kube-system --report=summary cluster
```

Again, if you’d like to receive additional details, use the ‘--report=all’ flag:

```
trivy k8s -n kube-system --report=all
trivy k8s -n kube-system --report=all cluster
```

Like with scanning for vulnerabilities, we can also filter in-cluster security issues by severity of the vulnerabilities:

```
trivy k8s --severity=CRITICAL --report=summary
trivy k8s --severity=CRITICAL --report=summary cluster
```

Note that you can use any of the Trivy flags on the Trivy K8s command.

With the Trivy K8s command, you can also scan specific workloads that are running within your cluster, such as our deployment:

```
trivy k8s –n app --report=summary deployments/react-application
trivy k8s --namespace app --report=summary deployments/react-application
```

## Trivy Operator
Expand Down

0 comments on commit 88243a0

Please sign in to comment.