Trivy
This function is disabled in the default configuration of Insights.
This and later versions of Insights come with CVE scanning functionality for customer-deployed workload clusters and deployments.
CVE/CIS databases are updated every couple of hours. When enabled, the CVE scanning feature scans these databases and runs an analysis against your workloads to flag out any potential security issues.
Enable or Disable Trivy Insights
Enable or disable CVE scanning with Trivy Insights, by editing the Service configuration with the following values:
trivy:
enabled: true
To modify an existing installation:
Select Workspace, Applications, DKP-Insights, and then Edit to modify an installation.
Frequency of Trivy CVE Scans
Trivy scans run by default every 2 hours and uses Cron syntax. You can change the default by editing the values of the Service configuration:
trivy:
schedule: "@every 2h"
To modify an existing installation:
Select Workspace, Applications, DKP-Insights, and then Edit to modify an installation.
Severities of Trivy Insights
Trivy Severity Level | Insights Alert Level | Example (depends on the categorization of the source database) |
CRITICAL | Critical | Denial of crucial service |
HIGH MEDIUM | Warning | Exposure of information to unauthorized user |
LOW UNKNOWN | Notice | Insufficient validation |
For more information, visit Trivy’s documentation site.