Set a shortcut key to run Vuln Scanning on a resource. Don't scan every resource at every startup.

[NeckBeardPrince]

Is your feature request related to a problem? Please describe.
Scanning every resource on a cluster every time you run k9s is going to cause a lot of traffic over and over again. Especially if you connect to several clusters at the same time.

Describe the solution you'd like
If you can set a shortcut key to run on a selected Deployment, Pod, StatefulSet it would allow you to be more selective on when you want those scans to run. Maybe you could do two shortcut keys, one to scan that specific resource and another to do a full cluster scan.

Also, maybe there should be a cache of vuln results so that every time you launch k9s it doesn't do an automatic vuln scan on every resource all over again, could perhaps set a maxCache time?

As always, I couldn't live without k9s, love your work.

[derailed]

@NeckBeardPrince Thank you for the feedback Adam! I'll noodle on this. Caching is less than ideal imho as you still have to refresg that cache once in a while. In the meantime, you can always toggle theenableImageScan feature flag to check where your scans are at prior to releasing your apps?
That said perhaps white/black listing certain images from scan might be another option??

[NeckBeardPrince]

That said perhaps white/black listing certain images from scan might be another option??

Maybe namespaces would provide extra flexibility? Scanning a cloud hosted kube-system isn't all that useful, really. I could see blacklisting kube-system and others as helpful, that could work.

[andre161292]

First of all: Thanks for the nice feature!

Aside from the traffic, another problem for me is the CPU utilization on my local computer, when opening k9s in a ~170 pod cluster. Also, the images might take a lot of space on my disk i didn't intend to waste.

Wouldn't a good solution be to offload the work into the cluster, such as installing a job that does the work? There'd be no need to transfer or replicate images and also no intense CPU utilization locally.
Aside from the advantages of such an offloading, the option to run the scan locally should still be kept for various reasons, such as only having "read"-access to a cluster or not wanting to install random stuff in a cluster.

The white/ignorelist thingy and the idea to only scan on purpose by hitting a key or sth alike, sound both good to me too.

[derailed]

@NeckBeardPrince @andre161292 @gerhard Thank you all for piping in!
I see you points and added a way to opt out scans in v0.30.x. Please let me know if that flips the bill on this deal. Tx!!