Skip to content

Replace the starboard-operator with the trivy-operator

  • Status: accepted
  • Deciders: arch meeting
  • Date: 2023-03-30

Context and Problem Statement

The Maintainers of Starboard deprecated it in favor of Trivy Kubernetes with Trivy operator. They will no longer make any bigger changes to Starboard operator. They announced the change in march.

We currently use Starboard operator for scanning images with Trivy and for running the CIS Kubernetes benchmark with kubebench. Trivy operator has support for scanning images and running a version of the CIS Kubernetes benchmark.

Can or should we follow the evolution and replace starboard-operator with trivy-operator?

Decision Drivers

  • We want to maintain platform security and stability.
  • We want to use the best tools out there.

Considered Options

  1. Do nothing
  2. Move ahead and replace starboard-operator with trivy-operator

Decision Outcome

Chosen option: 2 - Move ahead and replace starboard-operator with trivy-operator and include the CIS Kubernetes benchmark

Positive Consequences

The main and the good reason for replacing starboard-operator with trivy-operator is that starboard-operator is getting replaces as stated above.

Negative Consequences

I have no obvious reason not to do it other than that we may want to wait for a second before we do it as the current state of the chart is slightly unstable. For example:

https://github.com/aquasecurity/trivy-operator/discussions/1071