Image Scanning

Documentation Index

Fetch the complete documentation index at: https://docs.agentkube.com/llms.txt

Use this file to discover all available pages before exploring further.

​

How It Works

• Runs automatically in the background when Agentkube starts
• Scans container images in your Kubernetes clusters
• Uses Grype to detect known vulnerabilities
• Provides detailed vulnerability reports and remediation suggestions
• Updates vulnerability databases regularly

​

Configuration

​

Settings.json Configuration

{
  "imageScans": {
    "enable": true,
    "exclusions": {
      "namespaces": ["kube-system", "kube-public"],
      "labels": {
        "scan": "false"
      }
    }
  }
}

​

Configuration Options

• enable: Enable or disable image scanning (default: false)
• exclusions.namespaces: Array of namespace names to exclude from scanning
• exclusions.labels: Key-value pairs of labels to exclude from scanning

​

Application Settings

1. Head to Settings → Image Scan
2. Enable/Disable Scanning: Toggle the image scanning feature on or off
3. Namespace Exclusions: Add namespaces you want to exclude from scanning
4. Label Exclusions: Add label selectors to exclude specific workloads

​

Exclusion Examples

​

Exclude System Namespaces

{
  "imageScans": {
    "exclusions": {
      "namespaces": [
        "kube-system",
        "kube-public",
        "kube-node-lease",
        "istio-system"
      ]
    }
  }
}

​

Exclude by Labels

{
  "imageScans": {
    "exclusions": {
      "labels": {
        "security.scan": "false",
        "environment": "development"
      }
    }
  }
}