[maybebill]

I host https://www.defectdojo.org/ in my org and send all our scanner results to that, it’s worked very well. I believe Trivy scan results are supported natively too. The only part that took much work was developing a workflow to automatically scan images with Trivy and then send the results to DefectDojo.

FWIW, here’s a link to supported scans. https://documentation.defectdojo.com/integrations/parsers/fi...

[zufallsheld]

To automatically send vulnerability reports from Kubernetes using the trivy-operator, we developed a small operator that does the sending automatically: https://github.com/telekom-mms/trivy-dojo-report-operator