Everyone can contribute! Learn DevOps and Cloud Native in our cafe ☕

Technology is moving fast in the DevOps and Cloud Native community.

Join the conversation and add your thoughts, tips, experiences, stories.

"Everyone Can Contribute" is inspired by GitLab's mission.

41. #EveryoneCanContribute cafe: Kubernetes Cluster Image Scanning with Trivy & Starboard

Niclas Mietz walks us Aqua Security Starboard, installed into a Civo Cloud k3s cluster. Philip Welz takes over with Trivy in Estafette.

Reminder: GitLab Commit Virtual day 2 is today. Register now!


Enjoy the session! 🦊


First, the Starboard Operator will be installed and collecting the cluster image reports in our Civo k2s cluster. You can specifiy the namespaces for the Starboard Operator in the configuration. If left empty, all namespaces are scanned - we defined the default namespace.

The next step is to combine this with GitLab CI/CD to see the security reports. Follow the GitLab documentation to generate the CIS_KUBECONFIG variable as file. You can also define additional parameters for the CI/CD job.

The Estafette Vulnerability Scanner runs Trivy in a pod in a given interval and reports similar cluster image vulnerabilities. The installation with the Helm chart and values.yml override took longer, and the Grafana dashboard sourcing the Prometheus exporter and ServiceMonitor resource needed extra attention.


Date published: August 4, 2021

Tags: Security, Gitlab, Trivy, Kubernetes, Starboard