Lens Security Center settings#
You can configure vulnerability scanning in the Settings menu of your cluster.
To enable the automatic vulnerability scanning toggle Enable Trivy operator.
In Severity Levels, you can select vulnerabilities to display in the interface according to their severity. Select the appropriate checkbox to display the severity level. At least one severity level checkbox must be selected.
Advanced settings#
Advanced settings offer options for extended configuration of the Lens Security Center. To access advanced settings, click Show advanced settings.
Advanced settings contain the following parameters:
| Parameter | Description | Notes |
|---|---|---|
| Resource Limits for Scanner Pod | ||
| Min CPU | The minimum amount of CPU required to run the Trivy scanner pod. | Use the Kubernetes CPU units to specify amounts of CPU. For example, the quantity of 0.1 Kubernetes CPU units equals to 100m (100 millicpu). For more information see Kubernetes Documentation. Resource Management for Pods and Containers: Resource units in Kubernetes. |
| Max CPU | The maximum amount of CPU allowed to run the Trivy scanner pod. | |
| Min memory | The minimum amount of memory required to run Trivy scanner pod. | Use the Kubernetes resource units to specify amounts of memory. Express memory amounts as plain integers or fixed-point numbers using one of the following quantity suffixes: E, P, T, G, M, k. You can also specify memory with the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki. For more information see Kubernetes Documentation. Resource Management for Pods and Containers: Resource units in Kubernetes. |
| Max memory | The maximum amount of memory allowed to run Trivy scanner pod. | |
| Trivy Image and DB | ||
| Trivy image repository | Repository of the Trivy image | The default repository address is ghcr.io/aquasecurity/trivy. For any changes in defaults, check Vulnerability Scanning Configuration: Settings in the official Trivy documentation. |
| Trivy image tag | Version of the Trivy image | The default version is 0.35.0. For any changes in defaults, check Vulnerability Scanning Configuration: Settings in the official Trivy documentation. |
| Trivy DB repository | External OCI Registry to download the vulnerability database | The default repository address is ghcr.io/aquasecurity/trivy-db. For any changes in defaults, check Vulnerability Scanning Configuration: Settings in the official Trivy documentation. |
| Proxy for Vulnerability DB Download (GitHub) | ||
| HTTPS proxy | The HTTPS proxy used by Trivy to download the vulnerabilities database from GitHub. | |
| HTTP proxy | The HTTP proxy used by Trivy to download the vulnerabilities database from GitHub. | |