eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/reference/services/prowler.md
Erich Blume 696024306c
All checks were successful
Build Container / detect (push) Successful in 39s
Details
Build Container / build-dockerfile (prowler) (push) Successful in 10m15s
Details
Add Prowler image vulnerability scanning for blumeops containers 
Add Trivy to the Prowler container for image and IaC scanning.
New CronJob (Saturday 3am) scans all blumeops/* images in the
registry for CVEs, embedded secrets, and Dockerfile misconfigs.
Reports written to sifaka:/volume1/reports/prowler-images/.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 16:43:08 -07:00

1.2 KiB
Raw Blame History

title modified last-reviewed tags
Prowler 2026-03-24 2026-03-24
service
security

Prowler

CIS Kubernetes Benchmark scanner for compliance posture reporting.

Quick Reference

Property Value
Namespace prowler
Image registry.ops.eblu.me/blumeops/prowler (see argocd/manifests/prowler/kustomization.yaml for current tag)
Schedule K8s CIS: Sunday 3am / Image scan: Saturday 3am
Reports sifaka:/volume1/reports/prowler/ and prowler-images/ (NFS)
Manifests argocd/manifests/prowler/

What it does

Runs Prowler 5 as two CronJobs:

  • K8s CIS scan (Sunday) — CIS Kubernetes Benchmark v1.11 checks across pod security, RBAC, apiserver, etcd, kubelet, controller-manager, and scheduler
  • Image scan (Saturday) — CVE, secret, and misconfiguration scanning of all blumeops/* container images in the registry via Trivy

Reports are written in HTML, CSV, and JSON-OCSF to the NFS share on sifaka.

See also