Documentation forSolarWinds Observability SaaS

Security monitoring

Images

You can review images present in the monitored cluster on the Images tab. In the Entity Explorer, open the Kubernetes Cluster Details page and click Security > Images. Namespaces that are filtered out in the SWO K8s Collector settings are not scanned.

You can view the name, tags, digest, pods, and detected vulnerabilities for each image.

To view image data, manifest collection must be enabled in SolarWinds Observability SaaS.

Vulnerabilities

SolarWinds Observability SaaS can detect compatible vulnerability scan results in monitored Kubernetes clusters. When detected, the result are visible on Kubernetes cluster details pages, Kubernetes workload details pages, and in the list of detected container images.

SolarWinds Observability SaaS supports image vulnerability scans provided by Aqua Security Trivy Operator. You can deploy the operator separately or as part of the SWO K8s Collector.

To deploy the Trivy Operator as part of the SWO K8s Collector, use the Helm setting trivy-operator.enabled: true.

Deploying Trivy Operator as part of the SWO K8s Collector is not supported when deploying to an OpenShift cluster. Deploy the Trivy Operator separately following its official documentation.

Exposed secrets

Exposed secrets are secrets detected in the container image of a Kubernetes workload. The feature lists identified secrets and provides a severity-grouped summary.

SolarWinds Observability SaaS supports exposed secret scans for container images provided by Aqua Security Trivy Operator. You can deploy the operator separately or as part of the SWO K8s Collector, using the Helm setting trivy-operator.enabled: true.