On this page, we will describe how to install and operate Kubescape vulnerability scanning in your Kubernetes cluster
The kubescape vulnerability scanner is working in the background.
The kubescape vulnerability scanner scans the container images in the cluster right after the first installation and uploads the results to the Kubescape Cloud Platform. The results can be viewed at Kubescape Cloud Platform
The scanner is triggered by a
kubevuln-scheduler, by default, the scanner is triggered once every midnight. In order to customize the scan frequency, you can update this
kubevulnScheduler.scanSchedule="0 0 * * *" value to the required value.
You can also disable the default creation of the cronjob by setting the value to false:
Kubescape vulnerability scanner supports the ability to scan new images which are deployed to the cluster:
- A new Deployment/StatefulSet/DeamonSet/Pod is applied
- The container image tag in an existing Deployment/StatefulSet/DeamonSet/Pod has changed
The default setting for this feature is "disable". You can manually enable the feature by setting the value to "enable" when running the helm as follows:
Updated about 1 month ago