Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature]: add trivy configauditreport analyzes #590

Closed
2 tasks done
jkleinlercher opened this issue Aug 2, 2023 · 4 comments · Fixed by #646
Closed
2 tasks done

[Feature]: add trivy configauditreport analyzes #590

jkleinlercher opened this issue Aug 2, 2023 · 4 comments · Fixed by #646

Comments

@jkleinlercher
Copy link
Contributor

jkleinlercher commented Aug 2, 2023
edited

Checklist

  • I've searched for similar issues and couldn't find anything matching
  • I've discussed this feature request in the K8sGPT Slack and got positive feedback

Is this feature request related to a problem?

No

Problem Description

Solution Description

In addition to trivy vulnerabilityreports it should be possible to analyze trivy configauditreports.
configauditreports are also CRs like vulnerabilityreports. their fields a a little bit different and the AI prompt for configauditreports must be a little bit different.

kubectl command to get trivy configauditreports:

kubectl get configauditreports

example fields in the .report attribute for the configauditreport:

report:
  checks:
  - category: Kubernetes Security Check
    checkID: KSV001
    description: A program inside the container can elevate its own privileges and
      run as root, which might give the program control over the container and node.
    messages:
    - Container 'my-kubernetes-component' of ReplicaSet 'my-kubernetes-component-5bd8595966'
      should set 'securityContext.allowPrivilegeEscalation' to false
    severity: MEDIUM
    success: false
    title: Process can elevate its own privileges

Benefits

users get additional AI explanation for this config reports

Potential Drawbacks

Additional Information
@ShivangShandilya
Copy link

hey @jkleinlercher , I would like to work on this if possible and would also like your help on this as I'm new to the project

@AlexsJones
Copy link
Member

This is very easy to add @jkleinlercher I'll take a look shortly

@AlexsJones
Copy link
Member

Fancy reviewing this @jkleinlercher #609 ?

@jkleinlercher
Copy link
Contributor Author

Sure! I will take a look asap!

@jkleinlercher jkleinlercher mentioned this issue Sep 12, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Backlog
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: show each ConfigAuditReport check jkleinlercher/k8sgpt
3 participants
@AlexsJones @jkleinlercher @ShivangShandilya