Standardswebhook + Trivy Operator

Trivy Integration

Container image scan metrics and CVE findings from Trivy correlated with runtime data. See exactly which running workloads carry which vulnerabilities, with fix prioritization and trend tracking.

Connect Trivy Book a Demo

Setup

How It Works

Export Trivy Results to TigerOps

Run trivy image with the --format json output and pipe results to the TigerOps Trivy ingestion endpoint. Add this step to your CI/CD pipeline or container build process.

Configure Trivy Operator

Deploy the Trivy Operator in your Kubernetes cluster. It automatically scans images of deployed workloads and emits scan results as Kubernetes custom resources that TigerOps collects.

Map Images to Running Services

TigerOps matches Trivy scan results to running pods by image digest. CVE findings are automatically associated with the Kubernetes workloads running that image for runtime context.

Set Vulnerability Gating Alerts

Configure TigerOps alerts to fire when a new critical CVE is detected in a deployed image. Use these alerts as deployment gates or to trigger automated patching workflows.

Capabilities

What You Get Out of the Box

Image Scan Result Ingestion

Ingest Trivy JSON scan results for container images, OS packages, language libraries, and IaC misconfigurations. All CVEs, severity levels, fix availability, and CVSS scores are stored as searchable fields.

Runtime Workload Correlation

TigerOps matches Trivy findings to running Kubernetes pods by image digest. See exactly which running workloads are affected by a CVE — not just which images in your registry.

Trivy Operator Integration

Collect VulnerabilityReport, ConfigAuditReport, and ExposedSecretReport custom resources from the Trivy Operator. TigerOps monitors scan freshness and re-scan frequency per workload.

CVE Trend Analysis

Track vulnerability count trends over time per image, namespace, and team. TigerOps shows whether your security posture is improving (CVE count decreasing) or degrading across your container estate.

Fix Availability Prioritization

Filter CVEs by fix availability (fixed_version != nil) to prioritize actionable remediations. TigerOps dashboards surface the highest-severity fixable CVEs in your production workloads.

Base Image Vulnerability Attribution

Trivy identifies whether a CVE originates from a base image layer or application layer. TigerOps tracks base image CVE counts separately, helping you prioritize base image upgrades vs. application fixes.

Configuration

Trivy CI/CD Pipeline Integration

Export Trivy scan results to TigerOps from your CI pipeline and Kubernetes cluster.

trivy-tigerops.yaml

# GitHub Actions: Trivy scan + TigerOps export
name: Container Security Scan
on: [push]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Build image
        run: docker build -t myapp:${{ github.sha }} .

      - name: Trivy vulnerability scan
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: myapp:${{ github.sha }}
          format: json
          output: trivy-results.json
          severity: CRITICAL,HIGH,MEDIUM

      - name: Export results to TigerOps
        run: |
          curl -X POST https://ingest.atatus.net/trivy/scan \
            -H "Authorization: Bearer ${{ secrets.TIGEROPS_API_KEY }}" \
            -H "Content-Type: application/json" \
            -H "X-Service: myapp" \
            -H "X-Image-Digest: $(docker inspect myapp:${{ github.sha }} --format='{{.Id}}')" \
            -H "X-Commit-SHA: ${{ github.sha }}" \
            --data-binary @trivy-results.json

# Trivy Operator (Kubernetes) - deploy to cluster:
# helm repo add aqua https://aquasecurity.github.io/helm-charts/
# helm install trivy-operator aqua/trivy-operator \
#   --set operator.scanJobTolerations[0].operator=Exists \
#   --set operator.configAuditScannerEnabled=true

FAQ

Common Questions

How does TigerOps receive Trivy scan results?

Run trivy image --format json --output - | curl -X POST https://ingest.atatus.net/trivy/scan -H "Authorization: Bearer $TIGEROPS_API_KEY" -d @-. For Kubernetes, deploy the Trivy Operator and configure TigerOps to collect VulnerabilityReport CRDs.

Can TigerOps show which running pods are vulnerable to a specific CVE?

Yes. TigerOps matches Trivy findings to running Kubernetes pods by image SHA256 digest. Search for CVE-2024-XXXX in TigerOps and see a list of all running pods with their namespace, deployment, and node placement.

Does TigerOps support Trivy scans for language ecosystems (npm, pip, Maven)?

Yes. Trivy detects language-specific vulnerabilities in npm, pip, Maven, Cargo, Go modules, and more. All language ecosystem CVEs are ingested by TigerOps alongside OS package findings in a unified view.

How often should I run Trivy scans and send results to TigerOps?

Scan at build time (CI/CD) to catch new CVEs in your code, and run nightly registry scans for newly published CVEs against existing images. The Trivy Operator continuously rescans running workloads for newly published CVEs.

Can TigerOps integrate Trivy findings with my incident management workflow?

Yes. Configure TigerOps alert policies on Trivy events with severity=CRITICAL AND fix_available=true. Route alerts to PagerDuty, Jira, or your ITSM tool. TigerOps can automatically create incidents for exploitable CVEs in production.

Get Started

Know Which Running Pods Are Vulnerable Right Now

Trivy scan results matched to live Kubernetes workloads. CVE trending, fix prioritization, and runtime correlation in one view.

Start Free Talk to an Engineer