Continuous vulnerability scanning

[pbak95]

Hello evryone!

I really enjoy this initiative since it really looks like sth I was thinking about from some time. I read through docs and maybe have an idea about feature proposal:

As a security engineer I would like to have an option to configure periodic vulnerability scanning so that I can be sure that my existing kubernetes workloads do not have any new vulnerabilities.

Such feature should cover the case when workload is running on cluster from some time and in meantime new vulnerability X is discovered in one of it's dependencies. Vulnerability X wasn't known at the time workload was deployed on cluster.

What do you think about this? Sorry if this feature is already in place and I missed this part in documentation.

[chen-keinan]

@pbak95 we have such functionality, check this config OPERATOR VULNERABILITY SCANNER REPORT TTL
It basically allows you to define the TTL for each vulnerability report; once its expires, the report gets deleted and a new scan is triggered for that specific workload which is associated to deleted report.

Let me know if it satisfied your request.

[pbak95]

@chen-keinan it should cover my case, thank you for help!