Security Scanning Reference
Commands for SBOM, CBOM, and malware scanning.
export sbom
reel export sbom <pod> [container] -n <namespace> [flags]
| Flag | Description | Default |
|---|---|---|
| -d, --dest | Destination path or S3 URI | required |
| --scanners | Trivy scanners (vuln, secret, license) | vuln |
Output: CycloneDX 1.5 JSON
S3 upload flags available. See S3 Exports.
export cbom
reel export cbom <pod> [container] -n <namespace> [flags]
| Flag | Description | Default |
|---|---|---|
| -d, --dest | Destination path or S3 URI | required |
| --diff-only | Scan only diff layer | false |
| --include-system-cas | Include system CA certificates | false |
Output: CycloneDX 1.6 JSON
Detects: Algorithms, certificates, protocols, keys.
export malware
reel export malware <pod> [container] [path] -n <namespace> [flags]
| Flag | Description | Default |
|---|---|---|
| -d, --dest | Destination path or S3 URI | required |
| -r, --recursive | Recursive scan | true |
Requires ClamAV sidecar.
Scheduling
Automate security scans with pod annotations:
annotations:
# reel.io/s3-bucket, reel.io/s3-region, reel.io/s3-secret...
reel.io/schedule: "0 2 * * * | export sbom"
See Scheduler Reference for syntax and S3 Exports for bucket configuration.
See Security Scanning Tutorial for examples.