Deploying Trivy Operator with Prometheus metrics

5 min readDec 1, 2023

I’ve been using Trivy for a while as a security quality gate for container security.

More recently been looking at their Kubernetes cluster scanning offering — the Trivy Operator.

From the docs:

The Trivy Operator leverages Trivy to continuously scan your Kubernetes cluster for security issues. The scans are summarised in security reports as Kubernetes Custom Resource Definitions, which become accessible through the Kubernetes API.