trivy-operator: ClusterInfra Assesment Incorrectly Reports Findings

What steps did you take and what happened:

We have Trivy Operator running in our EKS cluster and when it runs the clusterInfraAssessment report it comes back with checks that aren’t valid.

It returns KCV0080, KCV0081, KCV0090 even though they are setup correctly on the cluster.

What did you expect to happen:

Those checks should not return as unsuccessful because they are implemented correctly

Anything else you would like to add:

I have attached the report as well as the config file from a worker node.

Environment:

  • Trivy-Operator version (use trivy-operator version): 0.16
  • Kubernetes version (use kubectl version): 1.24
  • OS (macOS 10.15, Windows 10, Ubuntu 19.10 etc): running on the cluster config.txt clusterInfraAssessmentReport.txt

About this issue

  • Original URL
  • State: closed
  • Created 9 months ago
  • Comments: 17

Most upvoted comments

I can’t find anything in the logs but at one point I did see that the node-collector jobs were listed as out of memory. Is there a parameter I can use to up the memory limits for node-collector? I don’t see anything in the helm chart

I’ll add support and cut an release for it

+1
chen-keinan on Oct 12, 2023
Read more comments on GitHub
← trivy-operator: Bug in metrics format (code 500)
trivy-operator: Error x509: certificate signed by unknown authority when trying to download vulnerability DB from private Registry →