Blog home

Zora OSS has now Trivy as its new plugin

Zora OSS 0.7 can now enhance container security with a powerful image vulnerability scanner.

Author Avatar

Published by

Roberta Nacagami

2 min read

October 30, 2023

Post Image

Container images often contain a mix of software components, and vulnerabilities can hide in the underlying layers. The key feature of Zora OSS version 0.7 lies in the integration of Trivy as a vulnerability scanner plugin.

Trivy is a versatile security scanner that can find vulnerabilities, misconfigurations, secrets, SBOM in different targets like containers, code repositories and Kubernetes cluster.

With the new inclusion of Trivy, in conjunction with Marvin and Popeye, your cluster's security is enhanced, ensuring the prompt identification and reporting of potential issues.

As a result, Zora now extends two distinct plugin options: 'vulnerability', facilitated by Trivy, and 'misconfiguration', effectively handled by Marvin and Popeye, each offering specialized insights into the issues they detect.

Installation of Zora is now simpler than ever — no more dealing with kubeconfigs

Zora 0.7 simplifies the initial setup: you only need to install it with Helm on each cluster you wish to scan.

No longer do you need to:

  • create ServiceAccounts in target clusters,
  • generate kubeconfigs,
  • import them into the management cluster (which used to be the only cluster where Zora was installed),
  • and manually schedule scans for each cluster.

Now, by installing Zora, scans are automatically scheduled, and your cluster will be periodically scanned using the available plugins. This way, you gain insights into potential issues, misconfigurations, and vulnerabilities.

Of course, you can customize your scanning schedule. Check out our documentation to learn more about the default schedule and how to customize it.

Upgrade Zora to unlock the Trivy plugin and mitigate vulnerabilities within your cluster. Visit the migration guide here.

What is Zora OSS?

Zora is an open source solution that helps the achievement of compliance with Kubernetes best practices recommended by industry-leading frameworks.

By scanning your cluster with multiple plugins, Zora identifies potential issues, misconfigurations, and vulnerabilities.

Learn more: https://zora-docs.undistro.io/v0.7/faq/#is-zora-open-source