// the find
aquasecurity/starboard
Superseded by https://github.com/aquasecurity/trivy-operator
Starboard was a Kubernetes-native security toolkit that unified scan results from multiple tools (Trivy, Polaris, kube-bench, kube-hunter) into Kubernetes CRDs, making vulnerability and audit reports queryable via kubectl. It has been officially discontinued and absorbed into trivy-operator and the `trivy kubernetes` CLI command. This repo is a dead end.
- The CRD-based approach for storing scan results was genuinely well-designed — security reports as first-class Kubernetes objects means you can RBAC them, watch them, and query them like any other resource.
- The operator pattern (scan on pod creation/node addition) was implemented cleanly, avoiding the polling anti-pattern that plagues many security tools.
- The Go module and generated clientset are still usable if you want to read Starboard-era CRDs from existing clusters during a migration to trivy-operator.
- This repo is abandoned. The README opens with a discontinuation notice and they are not accepting PRs or issues. There is no path forward here.
- The successor (trivy-operator) is a separate repo with a different CRD schema, so nothing in this codebase transfers cleanly — you cannot simply swap the operator binary.
- Any cluster still running Starboard is accumulating unpatched CVEs in the operator itself, since the last meaningful security updates predate the deprecation announcement.
- The docs site and Helm chart still exist but are frozen in time, which means installation guides reference image tags and API versions that may no longer function correctly against current Kubernetes releases.