Push Trivy json report to elasticsearch #6026
Replies: 3 comments
-
Hi @manish7992 ! I think |
Beta Was this translation helpful? Give feedback.
-
trivy does not, and will not have direct integration with elastic or any other vendor. but we have recently introduced the ability to create output plug-ins, so it should be fairly simple to create a plug-in that integrates trivy with elastic. https://aquasecurity.github.io/trivy/v0.48/docs/advanced/plugins/#output-plugins |
Beta Was this translation helpful? Give feedback.
-
I used JQ json parser to format the trivy JSON result and save each entry as a single line JSON file. You can then setup Elastic Search to pickup the file using the 'Custom log' integration. This was specifically for the Kubernetes Trivy scan option which didn't support the custom plugings (otherwise I would have made a single line JSON parser) trivy k8s --report=all --scanners vuln --disable-node-collector --format json -o /var/log/trivytemp.js jq -c '.Resources[] | {Name: .Name, Namespace: .Namespace, Kind: .Kind, Results: .Results[]?} | {Name: .Name, Namespace: .Namespace, Kind: .Kind, Target: .Results.Target, vul: .Results.Vulnerabilities[]?} | {TrivyScanTime: now|strftime("%Y-%m-%dT%H:%M:%SZ"), Name: .Name, Namespace: .Namespace, Kind: .Kind, Target: .Target, VulnerabilityID: .vul.VulnerabilityID, PkgName: .vul.PkgName, Severity: .vul.Severity, InstalledVersion: .vul.InstalledVersion, PrimaryURL: .vul.PrimaryURL, Title: .vul.Title, InstalledVersion: .vul.InstalledVersion, FixedVersion: .vul.FixedVersion}' /var/log/trivytemp.json > /var/log/trivy_log_report.json |
Beta Was this translation helpful? Give feedback.
-
Question
can we able to push the trivy json report to elasticseach from trivy cli ?
Target
None
Scanner
None
Output Format
None
Mode
None
Operating System
No response
Version
No response
Beta Was this translation helpful? Give feedback.
All reactions