trivy-operator :: RBAC ATLAS

Description

Keeps security report resources updated

https://github.com/aquasecurity/trivy-operator

Overview

Identity	Namespace	Automount	Secrets	Permissions	Workloads	Risk
`trivy-operator`	default	❌	—	31	1	Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 `trivy-operator`

Namespace: default | Automount: ❌

🔑 Permissions (31)

Role	Resource	Verbs	Risk	Tags
ClusterRole `trivy-operator`	core/secrets	create · delete · get · list · update · watch	Critical	ClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure SecretAccess
ClusterRole `trivy-operator`	core/configmaps	create · get · list · update · watch	High	ConfigMapAccess DataExposure InformationDisclosure
ClusterRole `trivy-operator`	core/pods/log	get · list · watch	High	ClusterWideLogAccess DataExposure InformationDisclosure LogAccess
ClusterRole `trivy-operator`	rbac.authorization.k8s.io/clusterrolebindings	get · list · watch	Medium	InformationDisclosure RBACQuery Reconnaissance
ClusterRole `trivy-operator`	rbac.authorization.k8s.io/clusterroles	get · list · watch	Medium	InformationDisclosure RBACQuery Reconnaissance
ClusterRole `trivy-operator`	core/resourcequotas	get · list · watch	Medium	InformationDisclosure QuotaTampering Reconnaissance ResourceConfiguration
ClusterRole `trivy-operator`	rbac.authorization.k8s.io/rolebindings	get · list · watch	Medium	InformationDisclosure RBACQuery Reconnaissance
ClusterRole `trivy-operator`	rbac.authorization.k8s.io/roles	get · list · watch	Medium	InformationDisclosure RBACQuery Reconnaissance
ClusterRole `trivy-operator`	aquasecurity.github.io/clustercompliancedetailreports	create · delete · get · list · update · watch	Low
ClusterRole `trivy-operator`	aquasecurity.github.io/clustercompliancereports	create · delete · get · list · update · watch	Low
ClusterRole `trivy-operator`	aquasecurity.github.io/clustercompliancereports/status	update	Low
ClusterRole `trivy-operator`	aquasecurity.github.io/clusterconfigauditreports	create · delete · get · list · update · watch	Low
ClusterRole `trivy-operator`	aquasecurity.github.io/configauditreports	create · delete · get · list · update · watch	Low
ClusterRole `trivy-operator`	batch/cronjobs	get · list · watch	Low
ClusterRole `trivy-operator`	apiextensions.k8s.io/customresourcedefinitions	get · list · watch	Low
ClusterRole `trivy-operator`	apps/daemonsets	get · list · watch	Low
ClusterRole `trivy-operator`	apps/deployments	get · list · watch	Low
ClusterRole `trivy-operator`	core/events	create	Low
ClusterRole `trivy-operator`	networking.k8s.io/ingresses	get · list · watch	Low
ClusterRole `trivy-operator`	batch/jobs	create · delete · get · list · watch	Low
ClusterRole `trivy-operator`	core/limitranges	get · list · watch	Low	InformationDisclosure Reconnaissance ResourceConfiguration
ClusterRole `trivy-operator`	networking.k8s.io/networkpolicies	get · list · watch	Low
ClusterRole `trivy-operator`	core/nodes	get · list · watch	Low
ClusterRole `trivy-operator`	core/pods	get · list · watch	Low
ClusterRole `trivy-operator`	policy/podsecuritypolicies	get · list · watch	Low
ClusterRole `trivy-operator`	apps/replicasets	get · list · watch	Low
ClusterRole `trivy-operator`	core/replicationcontrollers	get · list · watch	Low
ClusterRole `trivy-operator`	core/serviceaccounts	create · get · list · update · watch	Low
ClusterRole `trivy-operator`	core/services	get · list · watch	Low
ClusterRole `trivy-operator`	apps/statefulsets	get · list · watch	Low
ClusterRole `trivy-operator`	aquasecurity.github.io/vulnerabilityreports	create · delete · get · list · update · watch	Low

⚠️ Potential Abuse (11)

The following security risks were found based on the above permissions:

📦 Workloads (1)

Kind	Name	Container	Image
Deployment	trivy-operator	trivy-operator	docker.io/aquasec/trivy-operator:0.0.8

trivy-operator

Description

Overview

Identities

🤖 trivy-operator

🔑 Permissions (31)

⚠️ Potential Abuse (11)

📦 Workloads (1)

🤖 `trivy-operator`