f3s/prometheus/manifests/trivy-operator-alerts.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  name: trivy-operator-alerts
  namespace: monitoring
  labels:
    release: prometheus
spec:
  groups:
    - name: trivy-operator
      interval: 60s
      rules:
        - alert: TrivyContainerCriticalVulnerabilities
          expr: |
            sum by (namespace, resource_name, container_name, image_repository) (
              trivy_image_vulnerabilities{severity="Critical"}
            ) > 0
          for: 30m
          labels:
            severity: critical
            component: trivy
          annotations:
            summary: "Critical CVEs in container {{ $labels.container_name }} ({{ $labels.image_repository }})"
            description: "Workload {{ $labels.resource_name }} in namespace {{ $labels.namespace }} has one or more Critical vulnerabilities. Inspect VulnerabilityReport CRs or Grafana/Prometheus metrics trivy_image_vulnerabilities."
            action: "kubectl get vulnerabilityreports -A | grep -i {{ $labels.namespace }}\nkubectl describe vulnerabilityreport -n {{ $labels.namespace }} <name>"

        - alert: TrivyContainerHighVulnerabilities
          expr: |
            sum by (namespace, resource_name, container_name, image_repository) (
              trivy_image_vulnerabilities{severity="High"}
            ) > 0
          for: 3h
          labels:
            severity: warning
            component: trivy
          annotations:
            summary: "High-severity CVEs in container {{ $labels.container_name }} ({{ $labels.image_repository }})"
            description: "Workload {{ $labels.resource_name }} in namespace {{ $labels.namespace }} has High-severity vulnerabilities. Plan image upgrades or mitigations."
            action: "kubectl get vulnerabilityreports -n {{ $labels.namespace }}"