Kubernetes Post Deployment Vulnerability Scan Data Management
Summary
The goal is to have a solution that scans deployed/post deployed container images for vulnerabilities in our kubernetes clusters. Instead of writing my own operator from scratch I’m going to take a shortcut and use Aquasec Starboard, this tool unfortunately does not have a GUI dashboard, but it does write the findings to CRD’s in the cluster. The code I need to write should read these CRD’s and then process the data so I can either export prometheus metrics with alerting rules, or send the data into elactic stack so I can build Kibana dashboards that we can pivot around the data. It would be nice if I could log a ticket straight from Kibana. I could also write some rules around what severity and namespaces I want to auto log tickets as another stretch goal.
TODO:
- Add code and explain steps
- Add screenshots
- Add artifacts (Kibana dashboard)