Trivy Glass is a comprehensive dashboard that consolidates all reports generated by trivy-operator, offering a single pane of glass to monitor cluster vulnerabilities.
Streamline your vulnerability management by visualizing critical security insights and remediation steps in one centralized location. Trivy Glass provides a user-friendly interface to view and analyze security reports from trivy-operator, making it easier to identify and address security issues in your Kubernetes cluster.
- Unified Dashboard: View all trivy-operator reports in a single interface
- Multiple Report Types:
- Vulnerabilities: View detected vulnerabilities with severity levels
- Security Checks: Review security checks with pass/fail status
- SBOM (Software Bill of Materials): Examine components used in your applications
- Secrets: Identify detected secrets in your applications
- Compliance: Check compliance status with various standards
- Advanced Filtering: Filter and sort reports by various criteria
- Export Capabilities: Export reports in CSV, Markdown, and JSON formats
- Detailed Views: Drill down into specific reports for detailed information
- Kubernetes Native: Seamlessly integrates with your Kubernetes cluster
- Kubernetes cluster
- Redis instance for caching (optional but recommended)
- Node.js v22+ (for development)
Trivy Glass requires Trivy Operator to be installed in your cluster. You can install it using Helm:
helm repo add aqua https://aquasecurity.github.io/helm-charts/
helm repo update
helm install trivy-operator aqua/trivy-operator \
--namespace trivy-system \
--create-namespace \
--version 0.26.1# Clone the repository
git clone https://github.com/arlintdev/trivyglass.git
cd trivyglass
# Install the chart
helm install trivy-glass ./chart \
--namespace trivy-system \
--set settings.cluster=your-cluster-nameSee the values.yaml file for configuration options.
# Clone the repository
git clone https://github.com/arlintdev/trivyglass.git
cd trivyglass
# Install dependencies
npm install
# Start the development server
npm run dev
# Build for production
npm run build# Build the Docker image
docker build -t trivy-glass .
# Run the container with Kubernetes access
docker run -v ~/.kube/config:/home/node/.kube/config -p 3000:3000 trivy-glassNote: The container runs as a non-root user for security. The
-v ~/.kube/config:/home/node/.kube/configoption mounts your local kubeconfig file into the container, allowing it to access your Kubernetes cluster.
Trivy Glass is built with:
- Frontend: SvelteKit, TailwindCSS
- Backend: Node.js
- Kubernetes Integration: @kubernetes/client-node
- Caching: Redis
The application connects to your Kubernetes cluster to retrieve trivy-operator reports, caches them for performance, and presents them in a user-friendly interface.
Trivy Glass requires the following RBAC permissions:
- Read access to all resources in the
aquasecurity.github.ioAPI group
The main dashboard provides an at-a-glance view of your cluster's security posture, showing summary statistics for vulnerabilities, security checks, and compliance status.
The vulnerability reports page displays detected vulnerabilities with severity levels, affected resources, and remediation information.
The security checks page shows the results of various security checks performed by trivy-operator, with pass/fail status and remediation steps.
The Software Bill of Materials (SBOM) view displays all components used in your applications, including their versions and suppliers.
The compliance dashboard shows your cluster's compliance status with various standards and regulations.
Detailed view of a specific report, showing all available information and actionable insights.
Note: Screenshots need to be added. Please take screenshots of the application in action and add them to the
/docs/screenshots/directory with appropriate names matching each section above. Then uncomment the image references (remove the HTML comments<!-- -->) to display the screenshots. See the instructions in the docs/screenshots directory for detailed guidance.
Contributions are welcome! Please feel free to submit a Pull Request.
MIT
- Trivy - The vulnerability scanner
- Trivy Operator - The Kubernetes operator for Trivy