Use credentials from `imagePullSecrets` in `trivy k8s` commands #4742

matheusfm · 2023-06-30T13:50:37Z

matheusfm
Jun 30, 2023

Description

Hi all,

I would like to suggest that Trivy use the credentials from imagePullSecrets in the trivy k8s --scanners vuln ... commands, similar to how the Trivy Operator does: https://aquasecurity.github.io/trivy-operator/v0.14.1/docs/vulnerability-scanning/private-registries/#image-pull-secrets

Target

Kubernetes

Scanner

Vulnerability

knqyf263 · 2023-07-02T07:20:18Z

knqyf263
Jul 2, 2023
Maintainer

@chen-keinan Isn't it supported now?

1 reply

chen-keinan Jul 2, 2023

@knqyf263 it is not supported for trivy k8s ... subcommand. only simple global user,password array.

The operator use secrets in trivy-system namespace to manage imagePullSecret with credential for scan-job. (it is more suitable to job use-case)
I assume it can be added, the only concern is to not expose cluster secrets.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use credentials from `imagePullSecrets` in `trivy k8s` commands #4742

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

Use credentials from imagePullSecrets in trivy k8s commands #4742

matheusfm Jun 30, 2023

Description

Target

Scanner

Replies: 1 comment · 1 reply

knqyf263 Jul 2, 2023 Maintainer

chen-keinan Jul 2, 2023

Use credentials from `imagePullSecrets` in `trivy k8s` commands #4742

matheusfm
Jun 30, 2023

Replies: 1 comment 1 reply

knqyf263
Jul 2, 2023
Maintainer