Support for CRI-O · aquasecurity/trivy#3004

(3 comments) (0 reactions) (0 assignees)Go (35,000 stars) (371 forks)batch import

help wantedkind/featurepriority/backlog

説明

We are building an image-scanner K8s-operator, and all our clusters runs Openshift. Inspired by trivy-operator, which we cannot use for various reasons, we schedule scan jobs to scan container images currently in use by workloads in the cluster.

While the operator works, it could be optimized if trivy supported CRI-O, which is the CRI implementation that Openshift uses. This would allow us to scan the image pulled from the nodes image registry, by scheduling the scan job on the node that runs the pod in question.

コントリビューターガイド

技術スタック: godockerkubernetes
領域: backendinfrastructuresecurity
Issue 種別: feature
難度: 4
推定時間: 1-2 days
活動状況: fresh
明確さ: mostly clear
前提条件: Go programmingknowledge of container runtimesfamiliarity with Kubernetes
初心者向け度: 30
調査方針: Investigate how trivy currently interacts with container runtimes (e.g., Docker) and extend support to CRI O. Review related issues #1282 and #851 for previous discussions. Key files to modify may include image pulling and scanning logic in the Go codebase. The maintainer has not provided specific implementation guidance, so the contributor should explore the existing architecture and propose a design.