Convert Kubernetes VulnerabilityReports from Trivy Operator to beautiful HTML format.
- Beautiful, responsive HTML reports with color-coded severity levels
- Automatic report generation via CronJob
- Web interface to browse all reports
- Summary dashboard showing vulnerability counts
- Easy deployment with single script
- Kubernetes cluster with Trivy Operator installed
kubectlconfigured with cluster accessjq(JSON processor)- Note: Trivy CLI is NOT required
Deploy everything with one command:
./deploy.shThis will:
- Create namespace (default:
trivy-test) - Create ConfigMaps from your local scripts
- Deploy CronJob (runs hourly)
- Deploy nginx web server
- Create Ingress for web access
# Custom namespace
NAMESPACE=my-namespace ./deploy.sh
# Custom domain
DOMAIN=trivy.example.com ./deploy.sh
# Both
NAMESPACE=my-namespace DOMAIN=trivy.example.com ./deploy.shGenerate reports manually:
# List all reports
./trivy-report-to-html.sh --list
# Generate single report
./trivy-report-to-html.sh --namespace argocd --report <report-name> --output report.html
# Generate all reports in namespace
./trivy-report-to-html.sh --namespace argocd --all --output ./reportsAfter deployment, access the web interface at the configured domain (default: http://trivy-reports.example.com).
The nginx server displays a directory listing of all generated HTML reports.
Runs every hour automatically:
- Cleans up old reports
- Scans all namespaces
- Generates HTML for all VulnerabilityReports
Schedule: 0 * * * * (hourly)
Edit kubernetes/cronjob.yaml to change frequency.
Run the CronJob immediately:
kubectl create job --from=cronjob/trivy-html-report-generator manual-run-$(date +%s) -n trivy-testDeploy a watcher that generates reports immediately when VulnerabilityReports are created/updated:
# During initial deployment, answer 'y' when prompted
# Or deploy separately:
kubectl apply -f kubernetes/deployment-watcher.yamlTo remove the watcher:
kubectl delete -f kubernetes/deployment-watcher.yamlEdit schedule in kubernetes/cronjob.yaml:
schedule: "*/15 * * * *" # Every 15 minutes
schedule: "0 */6 * * *" # Every 6 hours
schedule: "0 9 * * *" # Daily at 9 AMEdit the Ingress in kubernetes/cronjob.yaml:
spec:
ingressClassName: traefik-internal
rules:
- host: your-domain.example.com- CronJob: Periodically generates reports for all namespaces
- PersistentVolume: Stores generated HTML reports (5Gi)
- Nginx: Serves reports via web interface
- Ingress: Exposes reports with custom domain
kubectl get cronjobs -n trivy-test
kubectl get jobs -n trivy-testkubectl logs -n trivy-test job/<job-name># List all VulnerabilityReports
kubectl get vulnerabilityreports --all-namespaces
# Check if reports were generated
kubectl exec -n trivy-test deployment/trivy-reports-nginx -- ls -lh /usr/share/nginx/html/After modifying the scripts, redeploy:
./deploy.shThis will update the ConfigMaps with your latest changes.
Remove everything:
# Delete all resources
kubectl delete namespace trivy-test
# Or delete specific components
kubectl delete -f kubernetes/cronjob.yaml.
├── trivy-report-to-html.sh # Main conversion script
├── generate-html.sh # HTML template generator
├── deploy.sh # Deployment automation
├── watch-and-generate.sh # Local watch script (optional)
├── kubernetes/
│ ├── cronjob.yaml # CronJob + nginx + Ingress
│ └── deployment-watcher.yaml # Real-time watcher (optional)
└── README.md
Local execution:
- kubectl
- jq
Kubernetes cluster:
- Trivy Operator (for VulnerabilityReport CRDs)
- Ingress controller (traefik-internal)
- StorageClass supporting ReadWriteMany
MIT