feat(trivy): Enhance Trivy report generation and metrics handling

- Updated `generate_report.sh` to include additional scanners and output paths.
- Enhanced `send_report.py` with new data classes for misconfigurations and vulnerabilities.
- Improved parsing logic for Trivy output, supporting both Kubernetes and image scans.
- Added Prometheus metrics generation for various scan results, including misconfigurations and vulnerabilities.
- Introduced unit tests for parsing Trivy output and generating Prometheus metrics.
- Modified Terraform variables for SMTP port type and added Pushgateway URL variable.
This commit is contained in:
2026-05-22 23:41:26 +02:00
parent 829ab48919
commit 255ba6aec9
25 changed files with 410938 additions and 71 deletions
+16 -4
View File
@@ -85,7 +85,7 @@ resource "kubernetes_cron_job_v1" "trivy" {
backoff_limit = 1
parallelism = 1
completions = 1
active_deadline_seconds = 250
active_deadline_seconds = 600
template {
metadata {
@@ -126,9 +126,9 @@ resource "kubernetes_cron_job_v1" "trivy" {
}
}
container {
name = "send-report"
image = "python:${local.python_version}"
args = ["/scripts/send_report.py"]
name = "send-report"
image = "python:${local.python_version}"
command = ["python3", "/scripts/send_report.py"]
env {
name = "SMTP_HOST"
value = var.smtp_host
@@ -163,6 +163,18 @@ resource "kubernetes_cron_job_v1" "trivy" {
name = "EMAIL_TO"
value = var.to_email
}
env {
name = "PUSHGATEWAY_URL"
value = var.pushgateway_url
}
env {
name = "REPORT_PATH"
value = "/tmp/report.html"
}
env {
name = "TRIVY_OUTPUT_FILE"
value = "/tmp/trivy.json"
}
security_context {
run_as_non_root = true
run_as_user = 1000