Based on a scheduler, runs vulnerability scan of all active pods and collect the result in an SQL DB. The latest result is also exposed as an metric on /metrics endpoint, ready to be picked up by a monitoring tool (as prometheus). Vulnerability scan is done through aquasecurity/trivy
deploy using helm chart:
helm upgrade --install image-vulnerability-scanner \
./charts \
--set private_image_hub.username="<a_user>" \
--set private_image_hub.password="<a_password>" \
--set private_image_hub.name="<a_private_container_registry>" \
--set db.user="<sql_user>" \
--set db.server="<sql_server>" \
--set db.database="<database>" \
--set db.password="<password>" \
--set scan_vulnerabilities_job.schedule="50 * * * *" \
--set api.image="<image_ref_built_from_app_folder>" \