A daemon that runs inside your Kubernetes cluster, watches all pods, generates a CycloneDX SBOM for each container image using Trivy, and reports it to DevGuard.
📖 https://docs.devguard.org/how-to-guides/integrations/k8s-image-inventory/
Installation, configuration reference, and usage examples are maintained there.
The container image sets TRIVY_CONFIG=/etc/devguard/trivy.yaml. Mount a ConfigMap to that path to customize Trivy's behavior without changing any flags:
apiVersion: v1
kind: ConfigMap
metadata:
name: trivy-config
data:
trivy.yaml: |
severity:
- HIGH
- CRITICAL
skip-update: trueThen mount it in the deployment:
volumeMounts:
- name: trivy-config
mountPath: /etc/devguard
volumes:
- name: trivy-config
configMap:
name: trivy-configgo build ./...
go test ./...This project is based on the sbom-operator project.