# - install trivy binary `latest required`
/usr/bin/trivy k8s minikube --report=summary  # it will print summary to stdout
/usr/bin/trivy k8s minikube --report=full > trivy-report.txt  # it will save full report to file
/usr/bin/trivy k8s minikube --report=summary --output=trivy-report.json  # it will save summary report to file

trivy image nginx:1.25
# 🔍 Advanced Usage Options
| Use Case                                 | Command Example                                                    |
| ---------------------------------------- | ------------------------------------------------------------------ |
| **Show only high/critical issues**       | `trivy image --severity HIGH,CRITICAL nginx:1.25`                  |
| **Scan without pulling image**           | `trivy image --input /path/to/image.tar` (use after `docker save`) |
| **JSON output**                          | `trivy image --format json -o result.json nginx:1.25`              |
| **Ignore unfixed vulnerabilities**       | `trivy image --ignore-unfixed nginx:1.25`                          |
| **Full report with all vulnerabilities** | `trivy image --scanners vuln,secret,config nginx:1.25`             |
| **Minimal summary output**               | `trivy image --quiet nginx:1.25`                                   |

# kube-hunter
kubectl run kube-hunter --image aquasec/kube-hunter --rm -it -- --active | kubectl logs kube-hunter > kube-hunter-report.txt
kubectl run kube-hunter   --restart=Never   --image aquasec/kube-hunter   -- --active --interface --report json | kubectl logs kube-hunter > kube-hunter-report.json
# kube-bench
kubectl apply -f https://raw.githubusercontent.com/aquasecurity/kube-bench/main/job.yaml
kubectl logs kube-bench-2jr78 > kube-bench-report.log