►
From YouTube: Cluster Image Scanning with the GitLab Agent
Description
Documentation: https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/#cluster-image-scanning-with-the-gitlab-kubernetes-agent
Epic (leave your feedback here): https://gitlab.com/groups/gitlab-org/-/epics/3410
A
A
A
If
you
would
like
to
try
in
a
non-production
environment,
we
would
appreciate
it
if
you
could
do
that
and
provide
us
with
your
feedback.
I
will
provide
a
link
to
an
issue
where
you
can
leave
your
feedback
down
in
the
description
below
so
without
further
ado.
Let's
begin,
cluster
image
scanning
is
a
new
feature
that
allows
you
to
scan
container
images
that
are
running
in
your
kubernetes
cluster.
A
A
A
And
my
preferred
method
for
installing
starboard
is
use
home,
there's
a
home
repository
available,
so
you
will
add
that
to
home,
and
then
you
run
home
and
stop
in
order
to
install
start
work
in
your
kubernetes
cluster.
One
thing
to
note
is
that
starboard
has
different
installation
marks
and
I
and
the
namespaces
that
starboard
watches
are
controlled
by
this
target
namespaces
value,
and
so,
if
you
would
like
to
scan
only
the
default
namespace,
this
is
the
value
that
you
would
use.
A
And
I
do
there
should
not
be
any
vulnerability
words
yeah,
because
I
do
not
have
any
resources
running
in
the
default
namespace
yet,
but
one
way
that
I
can
verify
the
installation
is
to
go.
Look
at
the
custom
resource
definition,
and
you
can
see
here
that
there
are
a
few
resources
declared
by
starboard
the
one
that
we
care
about
for
this
feature
is
vernability
reports,
dot
security.
A
A
I
have
a
demo
project
set
up
here
and
I
have
already
created
the
gab
agent
configuration
here.
So
this
is
what
the
configuration
looks
like
for
starboard.
A
A
So
now
that
I've
created
my
agent
configuration,
I'm
able
I'm
ready
to
create
an
agent
and
get
them
to
do
that.
You
go
to
infrastructure,
kubernetes
clusters
and
then
you
click
on
gitlab
agent
manage
clusters
and
click
integrate
with
the
github
agent.
A
Since
I've
already
created
my
configuration,
I'm
able
to
pick
from
the
drop
down
here
and
I'll
use
my
existing
agent
configuration
and
then
this
gives
me
a
doctor
command
that
I
can
run
in
order
to
install
the
agent
note
that
the
agent
token
is
a
secret
and
it
is
used
by
the
agent
in
order
to
authenticate
to
get
them
so
be
careful
about
exposing
this.
A
A
A
What
I
have
here
is
a
small
demo
application
which
I
have
shown
locally
and
it's
a
simple
go
application
which
runs
a
web
server
that
returns
hello
world
and
I'm
going
to
to
deploy
this
application
to
my
kubernetes
cluster.
A
A
There
we
go
so
I
will
apply
this
manifest
food
control.
A
A
It
has
detected
20,
critical
vulnerabilities,
85,
high
vulnerabilities,
166,
medium
35,
low
and
six
unknown.
Now,
if
I
go
back
and
check
the
kubernetes
agent.
A
It
is
now
creating
these
vulnerabilities
and
get
that
312
foreign.
This
might
take
a
little
bit
of
time
because
it
needs
to
create
the
vulnerabilities
one
by
one.
But
when
I
go
here
and
look
at
my
vulnerability
report,
they
should
start
showing
up.
I
have
a
couple
sas
vulnerabilities,
showing
there
right
now
that
if
I
repress
the
page
now
you
can
see
the
cluster
image
standing
vulnerabilities.