Skip to main content
Skip table of contents

Trivy

This function is disabled in the default configuration of Insights.

This and later versions of Insights come with CVE scanning functionality for customer-deployed workload clusters and deployments.  

CVE/CIS databases are updated every couple of hours. When enabled, the CVE scanning feature scans these databases and runs an analysis against your workloads to flag out any potential security issues.

Enable or Disable Trivy Insights

Enable or disable CVE scanning with Trivy Insights, by editing the Service configuration with the following values:

CODE
trivy:
  enabled: true

To modify an existing installation:

  • Select Workspace, Applications, DKP-Insights, and then Edit to modify an installation.

Frequency of Trivy CVE Scans

Trivy scans run by default every 2 hours and uses Cron syntax. You can change the default by editing the values of the Service configuration:

CODE
trivy:
  schedule: "@every 2h"

To modify an existing installation:

  • Select Workspace, Applications, DKP-Insights, and then Edit to modify an installation.

Severities of Trivy Insights

Trivy Severity Level

Insights Alert Level

Example (depends on the categorization of the source database)

CRITICAL

Critical 

Denial of crucial service

HIGH

MEDIUM

Warning

Exposure of information to unauthorized user

LOW

UNKNOWN

Notice

 Insufficient validation

For more information, visit Trivy’s documentation site.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.