Vulnerability Scanning

Vulnerability Scanning is used to identify potential security risks, such as in container images, source code, manifest files, etc.

Security risks can include known CVEs, outdated dependencies, exposed secrets, misconfigurations, License Risks, Insecure Packages or Base Images, etc., and must be identified. Devtron lets you identify these risks for images, code, and manifests across all your applications.

In Devtron , it can be enforced to automatically allow/block deployments based on the severity of detected vulnerabilities. Refer to the to know more.

Devtron provides support for Trivy (recommended) and Clair to enable vulnerability scanning.

: Trivy enables vulnerability scanning for container images, Kubernetes manifests, and source code.

: It enables vulnerability scanning for container images only.

In addition to Trivy and Clair, you can also integrate other external security tools, such as AWS Inspector, based on your specific security requirements. To enable the external security tool, contact your Devtron representative.

Refer to the sections below to know more