Skip to main content
The Security view turns the vulnerability reports produced by the Trivy Operator running in your cluster into a prioritised remediation console. Ankra reads the operator’s Kubernetes reports through the agent - no scanner runs on Ankra’s side and no image data leaves your cluster.
Security is a read layer over Trivy Operator. You install and configure the operator like any other add-on; Ankra surfaces, ranks, and explains what it finds.

Prerequisites

Trivy Operator must be running in the cluster. If it is not installed, the Security view links you to Settings → Integrations → Trivy Operator, which offers to add the trivy-operator add-on as a stack.
1

Add the Trivy Operator add-on

From Settings → Integrations → Trivy Operator, or the Stack Builder, add the trivy-operator Helm add-on and deploy it. It scans workloads and writes VulnerabilityReport and ClusterVulnerabilityReport resources.
2

Wait for the first reports

The operator scans images shortly after install. Until reports exist, the integration shows installed_no_reports.
3

Open the Security view

Once reports are present, the cluster’s Security entry in the sidebar opens the remediation console.

Connection states

The integration reports one of four states, shown on both the Security view and Settings → Integrations:
StateMeaning
not_installedThe Trivy Operator CRDs are not present - install the add-on
installed_no_reportsThe operator is installed but has not produced reports yet
connectedLive reports are being read from the cluster
degradedThe live read failed; the last cached reports are shown until it recovers

The remediation console

The Security view is built for triage, not just a list of CVEs:
  • Severity and exposure breakdown. Critical / high / medium / low totals, the split between namespaced and cluster-scoped findings, and the operating-system / ecosystem distribution of vulnerable packages.
  • Priority queue. Deduplicated critical and high CVEs ranked by blast radius - how many workloads and images a single fix clears - so you work the highest-leverage items first.
  • Remediation campaigns. Findings grouped into fix actions by package or base image, so one upgrade closes many reports at once.
  • Phased burn-down plan. A suggested order of work that steadily drives the critical/high count down.
  • Workload explorer. Per-workload and per-image detail drawers listing the specific vulnerabilities, fixed-in versions, and affected pods.

Ask Ankra AI

The AI assistant can read the same reports. From a cluster’s chat, ask for a security summary and it calls the get_security_reports tool:
What are the most critical vulnerabilities in this cluster?
Which single image upgrade fixes the most high-severity CVEs?
The tool returns severity totals, the blast-radius-ranked priority queue, remediation campaigns, and the riskiest workloads. If Trivy Operator is not installed, the assistant tells you to add the add-on rather than guessing - it never scrapes the CRDs directly.
Filter the assistant’s focus by asking for a specific severity (“only critical”) or a shorter list; it accepts a severity filter (critical / high / all) and a result limit.

Add-ons

Install Trivy Operator and other add-ons.

Log Sources

Connect logs and other cluster data sources.

AI Assistant

Triage vulnerabilities in chat.

AI Insights

Proactive cluster health analysis.