Scan container images used by Pods.
Motivation: A Non-invazive way to quickly inspect container images used in cluster.
Scanner engine: Trivy --scanners <scanner1,scanner2> i.e. --scanners vuln,secret,misconfig default scanner is vulnerabilities scanner Vulnerability Databases: trivy-db --> https://trivy.dev/docs/latest/configuration/db/#database-locations
✅ Interactive scanning: Prompts before scanning each image
✅ Namespace/pod validation: Helps users find the right resources
✅ Severity filtering: Only shows HIGH and CRITICAL vulnerabilities
kubectl krew install imagescan# local test
chmod +x kubectl-imagescan
export PATH="$PATH:kubectl-imagescan"
kubectl imagescan pod <namespace> <pod-name> # local test
kubectl krew install --manifest=krew/imagescan.yaml# compute sha
tar -czf kubectl-imagescan.tar.gz kubectl-imagescan
shasum -a 256 kubectl-imagescan.tar.gz