This is a Lens extension for trivy-operator which provides visibility into following reports for Kubernetes workloads stored as custom security resources.
- Vulnerability
- Misconfiguration
- Exposed Secrets
- Rbac Assessments
- K8s infra Assessments
This guide shows how to install the extension either from pre-built binary releases or source.
- Lens >= 4.0 should first be installed.
- Follow trivy-operator Getting Started guide to understand how trivy-operator is initialized and how it generates security reports, which are then stored as custom resources.
The following matrix indicates versions of this extension and compatible Lens releases.
Lens | Extension |
---|---|
4.0 | 0.0.5 |
5.0 | 0.0.5 |
6.0 | 0.0.6 |
6.0 | 0.1.0 |
Every release of Lens extension for trivy-operator provides the tarball-file that can be manually downloaded and installed. Alternatively, you can copy the download URL of the release artifact to paste it in the Manage Lens Extensions page.
- Download your desired version from GitHub releases page or GitHub package registry. Alternatively, just copy the download URL of the release artifact.
- Open Lens application and select Lens menu, and then click Extensions item, or press Shift + Command + E to open the Manage Lens Extensions page.
- Specify the path (.tar, .tgz) or download URL to the extension package and click Install.
- If everything is fine, you'll see the
@aquasecurity/trivy-operator-lens-extension
extension listed under Installed Extensions. Click Enable to enable it. - Close the Manage Lens Extensions page and verify that the trivy-operator menu item shows up in the main menu.
Building from source is slightly more involved, but it's the best way to go if you want to test the latest (pre-release) version of the extension.
You must have a working Node.js environment.
- Clone the source code:
git clone https://github.com/aquasecurity/trivy-operator-lens-extension.git cd trivy-operator-lens-extensions
- Build the extension's package:
npm install && npm run build
- Create a tarball from a package:
This will create the
npm pack
aquasecurity-trivy-operator-lens-extension-$VERSION.tgz
tarball in the root directory. - Open Lens application and select Lens menu, and then click Extensions item, or press Shift + Command + E to open the Manage Lens Extensions page.
- Specify the path the
aquasecurity-trivy-operator-lens-extension-$VERSION.tgz
extension package and click Install. - If everything goes fine, you'll see the
@aquasecurity/trivy-operator-lens-extension
extension listed under Installed Extensions.
NOTE: As the source code of the extension is evolving very fast, some screenshots shown below may be outdated. We'll also update this section with more examples.