secureCodeBox
diff --git a/‎CONTRIBUTORS.md‎
Lines changed: 1 addition & 0 deletions b/‎CONTRIBUTORS.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎scanners/trivy/.helm-docs.gotmpl‎
Lines changed: 3 additions & 1 deletion b/‎scanners/trivy/.helm-docs.gotmpl‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎scanners/trivy/examples/k8s/README.md‎
Lines changed: 7 additions & 0 deletions b/‎scanners/trivy/examples/k8s/README.md‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎scanners/trivy/examples/k8s/scan.yaml‎
Lines changed: 12 additions & 0 deletions b/‎scanners/trivy/examples/k8s/scan.yaml‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎scanners/trivy/integration-tests/trivy.test.js‎
Lines changed: 28 additions & 0 deletions b/‎scanners/trivy/integration-tests/trivy.test.js‎
Lines changed: 28 additions & 0 deletions
@@ -49,3 +49,4 @@ Committing with `git commit -s` will add the sign-off at the end of the commit m
 - Sofia Lohr <sofia.lohr@iteratec.com>
 - Vanessa Hermann <vanessa.hermann@iteratec.com>
 - Lukas Fischer <lukas.fischer@iteratec.com>
+- Frank Belter <frank.belter@iteratec.com>
@@ -39,13 +39,15 @@ The following security scan configuration example are based on the [Trivy Docume
 
 ### Trivy Container Image Scan
 
-Currently we support the follwing 3 scanTypes, corresponding to the trivy scanning modes:
+Currently we support the follwing 4 scanTypes, corresponding to the trivy scanning modes:
 - scanType: "trivy-image"
    - parameters: `[YOUR_IMAGE_NAME]`
 - scanType: "trivy-filesystem"
    - parameters: `[YOUR_PATH_TO_FILES]`
 - scanType: "trivy-repo"
    - parameters: `[YOUR_GITHUB_REPO]`
+- scanType: "trivy-k8s"
+   - parameters: `[KUBERNETES_RESOURCE]`
 
 A complete example of each scanType are listed below in our [example docs section](https://www.securecodebox.io/docs/scanners/trivy/#examples).
 
 
@@ -0,0 +1,7 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
+This example shows how to use the `trivy k8s` scan with the secureCodeBox.
@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: "execution.securecodebox.io/v1"
+kind: Scan
+metadata:
+  name: "trivy-k8s"
+spec:  
+  scanType: "trivy-k8s"
+  parameters:
+    - "cluster"
@@ -98,3 +98,31 @@ test(
   },
   3 * 60 * 1000
 );
+
+test(
+  "trivy k8s scan should not fail",
+  async () => {
+    const { categories, severities, count } = await scan(
+      "trivy-k8s-test",
+      "trivy-k8s",
+      ["cluster"],
+      10 * 60 * 1000
+    );
+
+    // since the state of the k8s cluster in the test environment cannot be predicted, only the structure of the result is assured here
+    expect(count).toBeGreaterThanOrEqual(1);
+
+    const categoryNames = Object.keys(categories);
+    expect(categoryNames).toHaveLength(2);
+    expect(categoryNames.includes("Misconfiguration")).toBeTruthy();
+    expect(categoryNames.includes("Vulnerability")).toBeTruthy();
+
+    const severityNames = Object.keys(severities);
+    expect(severityNames).toHaveLength(4);
+    expect(severityNames.includes("high")).toBeTruthy();
+    expect(severityNames.includes("informational")).toBeTruthy();
+    expect(severityNames.includes("low")).toBeTruthy();
+    expect(severityNames.includes("medium")).toBeTruthy();
+  },
+  10 * 60 * 1000
+);