Description
Security in Kubernetes clusters, is non-negotiable.
One of the best tools for scanning your Kubernetes resources for vulnerabilities is Trivy.
Trivy as you know, is an open-source vulnerability scanner for containers and other artifacts, such as Kubernetes manifests. It can detect vulnerabilities in OS packages and application dependencies, ensuring your deployments are secure and compliant.
Trivy is not just for image scanning. It can scan Kubernetes cluster for CVE's. It can scan your local config for mis-configurations and offer you solutions.
You will learn how to secure your Kubernetes cluster for CVE's / misconfiguration in Kubernetes configuration files.
Video Timeline:
00:00 - 02:03 - Importance of Trivy
02:04 - 02:42 - Installing Trivy
02:43 - 07:44 - Scanning Kubernetes Cluster for CVE's and misconfiguration
07:45 - 10:53 - Scanning project's configuration files for misconfiguration
10:54 - 15:24 - Making changes in configuration file as per Trivy recommendations and scanning again
15:25 - 18:40 - Trivy config file and .trivyignorefile
===Commands used in video, available at
https://github.com/networknuts/kubernetes/blob/master/ch-10-high-value-extra/trivy-with-kubernetes-cluster.txt