docs: add kbom documentation #5363
Conversation
|
FYI @AnaisUrlichs |
| - Vulnerabilities - partially supported through [KBOM scanning](#KBOM) | ||
| - Misconfigurations | ||
| - Exposed secrets |
There was a problem hiding this comment.
| - Vulnerabilities - partially supported through [KBOM scanning](#KBOM) | |
| - Misconfigurations | |
| - Exposed secrets | |
| - Vulnerabilities - partially supported through [KBOM scanning](#KBOM) | |
| - Misconfigurations | |
| - Exposed secrets | |
| - Rbac Assessment |
There was a problem hiding this comment.
This part relates to Kubernetes resource definitions, like pods or deployment, which are not scanned for RBAC (AFAIK)
RBAC assessment is related to the "cluster configuration" part, as appears above, which explicitly mentions roles and cluster roles.
I you wan't can add another section specifically about brace assessment (as an update to this doc)
docs/docs/target/kubernetes.md
Outdated
| 1. Cluster configuration (e.g Roles, ClusterRoles). | ||
| 1. Application workloads (e.g nginx, postgresql). | ||
|
|
||
| When scanning any of the above, Trivy differentiates between the Kubernetes Resource definition (i.e the YAML that defines it), and the container image if relevant. |
There was a problem hiding this comment.
Same here as in the other docs -- why is it the same under Target as in Coverage? is it necessary to duplicate the information or could we refer here to the Coverage docs above?
There was a problem hiding this comment.
the coverage section a high level overview of what things trivy can scan. the detailed info is in the relevant sections. I didn't feel like k8s bulbs belong under one of the existing coverage sections: OS/IaC so I added another section.
|
@chen-keinan @AnaisUrlichs I'll merge this PR for v0.46.0. Let's keep discussing improvements after the release. |
Description
Improve documentation for Kuberetes and specifically kbom vulnerability matching
Related issues
Related PRs
Checklist