The scripts in this directory are used alongside the deployment configurations in this repository to provide insights into our deployment and help the team to explore the metrics generated by tools such as Trivy.
This script is intended to be used to convert a Trivy YAML report (other than VulnerabilityAssessmentReports) into a CSV file.
Using this script will require a couple of setup steps. You will need to:
- Authenticate with AWS using credentials for the appropriate AWS account that k8s is deployed to.
export AWS_PROFILE=<my-aws-profile>
aws sso login
- Update your kube-config with eks for the k8s cluster.
aws eks update-kubeconfig --region us-east-1 --name dpe-k8
- Extract the Trivy report(s) that you are interested in.
kubectl get Clusterinfraassessmentreports -A -o yaml > cluster_infra_reports.yaml
- Then, you can execute this script.
python scripts/trivy_to_csv.py cluster_infra_reports.yaml cluster_infra_reports.csv
This script is intended to be used to convert a Trivy Vulnerabilities YAML report into a CSV file.
Using this script will require following the same setup steps as above. This script should be used when generating a report file for the VulnerabilityAssessmentReports.
- Extract the Trivy report(s) that you are interested in.
kubectl get Vulnerabilityassessmentreports -A -o yaml > vulnerability_reports.yaml
- Then, you can execute this script.
python scripts/trivy_to_csv.py vulnerability_reports.yaml vulnerability_reports.csv