Deploying Trivy Operator with Prometheus metrics

I’ve been using Trivy for a while as a security quality gate for container security.

More recently been looking at their Kubernetes cluster scanning offering — the Trivy Operator.

From the docs:

The Trivy Operator leverages Trivy to continuously scan your Kubernetes cluster for security issues. The scans are summarised in security reports as Kubernetes Custom Resource Definitions, which become accessible through the Kubernetes API.

To summarise, the operator runs on your cluster and runs compliance and security scans against your cluster when resource definitions change and on a schedule.

For example if a new pod is launched on the cluster, Trivy will scan the resource for vulnerabilities and produce a report.

Photo by Matthew Henry on Unsplash

How to install using Helm

The installation process for deploying using the helm cli is documented on the Trivy website here.

However, as I’ve covered in other articles (Using Helm Dependencies for third party charts) I like to install third party Helm charts using dependencies to keep the install “GitOps” so I’ll be doing that for the Trivy Operator.

To start off with, in a new repository — Create a new file named Chart.yaml with the…