How to automate starboard reports using starboard-operator #168
-
|
I have installed starboard in my cluster and able to get the vulnerability reports for individuals namespaces by command I have multiple namespaces created in my cluster, I do not want to scan each namespace manually and wanted to setup automation which will scan all the namespaces and keep is available for further consumption. For now, I'm testing only for Trivy I see starboard-operator can help me to do this, however unable to figure out how that can be achieved. @lizrice @danielpacak - kindly suggest. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
👋 @deepitpro Indeed the Starboard Operator is probably the tool you're looking for. Note that we're still working on it, but we plan to announce it soon and publish to OperatorHub.io. Currently the operator watches pods and checks if there're corresponding VulnerabilityReports. If not, it spawns a Kubernetes Job to scan container images with Trivy or Aqua scanners. Then ther's jobs reconciler to parse Trivy or Aqua scanner's output and save it as VulnerabiltiyReports resources. Note also that the operator supports different multitenancy requirements as defined by OLM. In particular, you can configure the operator to observe all namespaces by enabling the If you want to try out what we currently have it's described in https://github.com/aquasecurity/starboard-operator/blob/master/CONTRIBUTING.md#deployment |
Beta Was this translation helpful? Give feedback.
-
|
Update 🎉: Starboard operator is moving into the main Starboard repository https://github.com/aquasecurity/starboard |
Beta Was this translation helpful? Give feedback.
-
|
The operator has been already released and we provided installation instructions in README. |
Beta Was this translation helpful? Give feedback.
The operator has been already released and we provided installation instructions in README.