Support for CRI-O · aquasecurity/trivy#3004

(3 留言) (0 反應) (0 負責人)Go (35,000 star) (371 fork)batch import

help wantedkind/featurepriority/backlog

描述

We are building an image-scanner K8s-operator, and all our clusters runs Openshift. Inspired by trivy-operator, which we cannot use for various reasons, we schedule scan jobs to scan container images currently in use by workloads in the cluster.

While the operator works, it could be optimized if trivy supported CRI-O, which is the CRI implementation that Openshift uses. This would allow us to scan the image pulled from the nodes image registry, by scheduling the scan job on the node that runs the pod in question.

貢獻者指南

技術棧: godockerkubernetes
領域: backendinfrastructuresecurity
議題類型: feature
難度: 4
預計時間: 1-2 days
活動狀態: fresh
清晰度: mostly clear
前置要求: Go programmingknowledge of container runtimesfamiliarity with Kubernetes
新手友善度: 30
研究方向: Investigate how trivy currently interacts with container runtimes (e.g., Docker) and extend support to CRI O. Review related issues #1282 and #851 for previous discussions. Key files to modify may include image pulling and scanning logic in the Go codebase. The maintainer has not provided specific implementation guidance, so the contributor should explore the existing architecture and propose a design.