Starboard is joining the Trivy family #1173
Replies: 7 comments 17 replies
-
Really interesting. What is the plan for starboard features that isn't related to image scanning? For example yaml parsing and kubehunter? I personally think that the image scanning feature is the most important but I thing in starboard but I could see how other people of the community would want this. I guess at some time there will be a feature freeze of starboard and fully focus on trivy-operator. When will that happen? |
Beta Was this translation helpful? Give feedback.
-
I have mixed feelings about this tbh.
But is that true? Starboards functionality is very specific and it totally depends on the plugins input data (f.e. from Trivy)? It seems to me that the basic idea behind starboard is being totally rewritten with this approach (Trivy "vendor lock-in" if you want to go so far). |
Beta Was this translation helpful? Give feedback.
-
Agree with @skuethe . Breaking changes that would be nice:
|
Beta Was this translation helpful? Give feedback.
-
Not to be confused with https://github.com/devopstales/trivy-operator. |
Beta Was this translation helpful? Give feedback.
-
Thanks for the feedback everyone! Allow me to update and clarify a few things:
|
Beta Was this translation helpful? Give feedback.
-
I assume the trivy.serverURL will also be integrated into the Trivy-Operator, right? Currently I run one dedicated Trivy-Server in a parent-cluster and all Starboard-Operator in my child-cluster connect to this Trivy-Server to reuse the downloaded vulnerabilities DB. Else I am a fan of this change. ❤️ |
Beta Was this translation helpful? Give feedback.
-
Can someone please summarize the change in extremely easy words? Or confirm if I understood it correctly? Previously
Now/Future
|
Beta Was this translation helpful? Give feedback.
-
As Trivy is growing from strength to strength we have realized that there is a strong interest from the community to implement Trivy into your Kubernetes cluster natively. At the same time Trivy continues to expand with more scan targets and findings, and it has rapidly grown to overlap with Starboard. The next phase in Starboard's life is to join Trivy.
starboard-operator
is becomingtrivy-operator
, which will be focused on exposing Trivy's capabilities in a Kubernetes-native way.starboard
(cli) will be replaced with a newtrivy k8s
command, which will follow Trivy's lightweight, client-side model for scanning, bringing it in line with the familiar Trivy experience.It is important to highlight that this change is not happening overnight. Released artifacts will remain available and existing users will not be affected. We are here to answer your questions and highly appreciate your input. Please share your ideas in the discussion forum on GitHub or on Slack.
This is our commitment to take open source Kubernetes Security to the next level through Trivy. We have an exciting roadmap for Trivy-Kubernetes security which we will soon make publicly available on GitHub. Some of the upcoming features: UI experience, RBAC assessment, sensitive information scanning, native prometheus exporter, admission controller, and much much more...
Update 14 May 2022: #1173 (comment)
Thanks for the feedback everyone! Allow me to update and clarify a few things:
Beta Was this translation helpful? Give feedback.
All reactions