> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ankra.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Cluster Security

> Read Aqua Trivy Operator vulnerability reports into a prioritised remediation console, and let Ankra AI triage CVEs for you.

The **Security** view turns the vulnerability reports produced by the [Trivy Operator](https://aquasecurity.github.io/trivy-operator/latest/) running in your cluster into a prioritised remediation console. Ankra reads the operator's Kubernetes reports through the agent - no scanner runs on Ankra's side and no image data leaves your cluster.

<Note>
  Security is a **read layer** over Trivy Operator. You install and configure the operator like any other add-on; Ankra surfaces, ranks, and explains what it finds.
</Note>

***

## Prerequisites

Trivy Operator must be running in the cluster. If it is not installed, the **Security** view links you to **Settings → Integrations → Trivy Operator**, which offers to add the `trivy-operator` add-on as a stack.

<Steps>
  <Step title="Add the Trivy Operator add-on">
    From **Settings → Integrations → Trivy Operator**, or the Stack Builder, add the `trivy-operator` Helm add-on and deploy it. It scans workloads and writes `VulnerabilityReport` and `ClusterVulnerabilityReport` resources.
  </Step>

  <Step title="Wait for the first reports">
    The operator scans images shortly after install. Until reports exist, the integration shows `installed_no_reports`.
  </Step>

  <Step title="Open the Security view">
    Once reports are present, the cluster's **Security** entry in the sidebar opens the remediation console.
  </Step>
</Steps>

***

## Connection states

The integration reports one of four states, shown on both the Security view and **Settings → Integrations**:

| State                  | Meaning                                                                   |
| ---------------------- | ------------------------------------------------------------------------- |
| `not_installed`        | The Trivy Operator CRDs are not present - install the add-on              |
| `installed_no_reports` | The operator is installed but has not produced reports yet                |
| `connected`            | Live reports are being read from the cluster                              |
| `degraded`             | The live read failed; the last cached reports are shown until it recovers |

***

## The remediation console

The Security view is built for triage, not just a list of CVEs:

* **Severity and exposure breakdown.** Critical / high / medium / low totals, the split between namespaced and cluster-scoped findings, and the operating-system / ecosystem distribution of vulnerable packages.
* **Priority queue.** Deduplicated critical and high CVEs ranked by blast radius - how many workloads and images a single fix clears - so you work the highest-leverage items first.
* **Remediation campaigns.** Findings grouped into fix actions by package or base image, so one upgrade closes many reports at once.
* **Phased burn-down plan.** A suggested order of work that steadily drives the critical/high count down.
* **Workload explorer.** Per-workload and per-image detail drawers listing the specific vulnerabilities, fixed-in versions, and affected pods.

***

## Ask Ankra AI

The AI assistant can read the same reports. From a cluster's chat, ask for a security summary and it calls the `get_security_reports` tool:

```text theme={null}
What are the most critical vulnerabilities in this cluster?
Which single image upgrade fixes the most high-severity CVEs?
```

The tool returns severity totals, the blast-radius-ranked priority queue, remediation campaigns, and the riskiest workloads. If Trivy Operator is not installed, the assistant tells you to add the add-on rather than guessing - it never scrapes the CRDs directly.

<Tip>
  Filter the assistant's focus by asking for a specific severity ("only critical") or a shorter list; it accepts a severity filter (`critical` / `high` / `all`) and a result limit.
</Tip>

***

## Related

<CardGroup cols={2}>
  <Card title="Add-ons" icon="puzzle-piece" href="/concepts/addons">
    Install Trivy Operator and other add-ons.
  </Card>

  <Card title="Log Sources" icon="scroll" href="/integrations/log-sources">
    Connect logs and other cluster data sources.
  </Card>

  <Card title="AI Assistant" icon="robot" href="/platform/ai-assistant">
    Triage vulnerabilities in chat.
  </Card>

  <Card title="AI Insights" icon="lightbulb" href="/platform/ai-insights">
    Proactive cluster health analysis.
  </Card>
</CardGroup>
