Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fall back to limited k8s summary report if secret access permission is missing #5682

Closed
chen-keinan opened this issue Nov 29, 2023 Discussed in #5678 · 1 comment
Closed

Fall back to limited k8s summary report if secret access permission is missing #5682

chen-keinan opened this issue Nov 29, 2023 Discussed in #5678 · 1 comment
Assignees
@chen-keinan
Labels
kind/feature Categorizes issue or PR as related to a new feature. priority/backlog Higher priority than priority/awaiting-more-evidence. target/kubernetes Issues relating to kubernetes cluster scanning
Milestone
v0.48.0

Comments

@chen-keinan
Copy link
Contributor

Discussed in #5678

Originally posted by nika-pr November 29, 2023

Description

I would like to analyse a GKE cluster where I was granted Kubernetes Engine Cluster Viewer and Kubernetes Engine Viewer on the project level.
When I try to run trivy k8s --report=summary cluster, I get the following error:

FATAL get k8s artifacts with node info error: failed getting auth for gvr: apps/v1, Resource=daemonsets - getting secret by name: kube-system/private-registry-creds: secrets "private-registry-creds" is forbidden: User "<REDACTED>" cannot get resource "secrets" in API group "" in the namespace "kube-system": requires one of ["container.secrets.get"] permission(s).

Is secret scanning absolutely necessary for any kind of report? I'd imagine some results can be found without scanning them.

Expected behavior: WARN log that tells me the results are limited due to missing permissions, but a "limited" report being provided as output nonetheless.

Target

Kubernetes

Scanner

None
@chen-keinan chen-keinan added kind/feature Categorizes issue or PR as related to a new feature. target/kubernetes Issues relating to kubernetes cluster scanning labels Nov 29, 2023
@chen-keinan chen-keinan self-assigned this Nov 29, 2023
@chen-keinan chen-keinan mentioned this issue Nov 29, 2023
Merged
@chen-keinan chen-keinan added the priority/backlog Higher priority than priority/awaiting-more-evidence. label Nov 29, 2023
@chen-keinan chen-keinan mentioned this issue Nov 29, 2023
Closed
3 tasks
@chen-keinan chen-keinan added this to the v0.48.0 milestone Nov 29, 2023
@chen-keinan
Copy link
Contributor Author

Fixed by #5710

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chen-keinan chen-keinan

Labels
kind/feature Categorizes issue or PR as related to a new feature. priority/backlog Higher priority than priority/awaiting-more-evidence. target/kubernetes Issues relating to kubernetes cluster scanning
Projects
Trivy Roadmap
Archived in project
Milestone
v0.48.0
Development

Successfully merging a pull request may close this issue.

fix: k8s ignore secret missing permission error chen-keinan/trivy
1 participant
@chen-keinan