Zora

[matheusfm]

[Optional] How do you use Trivy?

Hello everyone!

Trivy has been integrated in Zora OSS as a vulnerability scanner plugin for Kubernetes clusters!

Zora is an open-source solution that scans your clusters with multiple plugins at scheduled times. For more details, please refer to our documentation.

Zora plugins, which are CLI tools, are responsible for scanning Kubernetes clusters. In this integration, the command trivy k8s --scanners=vuln ... is used.

To know more about how plugins work, visit our plugin documnetation and the Trivy plugin page.

We're thrilled to have Trivy as part of our Zora OSS toolkit!

[Optional] Which targets are you scanning with Trivy?

• Container Image
• Filesystem
• Git Repository
• Virtual Machine Image
• Kubernetes
• AWS
• SBOM

[Optional] What kind of issues are scanning with Trivy?

• Software Bill of Materials (SBOM)
• Known vulnerabilities (CVEs)
• IaC issues and misconfigurations
• Sensitive information and secrets
• Software licenses

[knqyf263]

Thanks for sharing! It looks cool.

[AnaisUrlichs]

Hi there, would you like to add Zora to our ecosystem page? https://aquasecurity.github.io/trivy/v0.48/ecosystem/security/

[matheusfm]

Hi @AnaisUrlichs
Zora is included in "Production" category of ecosystem page: https://aquasecurity.github.io/trivy/v0.48/ecosystem/prod/
Do you think this category fits better? If yes we can do it.

[AnaisUrlichs]

what do you think of moving it to "Security Management" https://aquasecurity.github.io/trivy/v0.48/ecosystem/security/

[matheusfm]

what are the criteria for being in each?