diff --git a/charts/vulnerability-operator/Chart.yaml b/charts/vulnerability-operator/Chart.yaml index ce14ded..edeb066 100644 --- a/charts/vulnerability-operator/Chart.yaml +++ b/charts/vulnerability-operator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Scans SBOMs for vulnerabilities name: vulnerability-operator -version: 0.16.0 -appVersion: 0.15.0 +version: 0.17.0 +appVersion: 0.16.0 home: https://github.com/ckotzbauer/vulnerability-operator sources: - https://github.com/ckotzbauer/vulnerability-operator diff --git a/charts/vulnerability-operator/README.md b/charts/vulnerability-operator/README.md index cd41524..1e417a8 100644 --- a/charts/vulnerability-operator/README.md +++ b/charts/vulnerability-operator/README.md @@ -31,11 +31,12 @@ The following table lists the configurable parameters of the vulnerability-opera | Parameter | Description | Default | | -------------------------------------- | ------------------------------------------------- | --------------------------------------------- | | `image.repository` | container image repository | `ghcr.io/ckotzbauer/vulnerability-operator` | -| `image.tag` | container image tag | `0.14.1` | +| `image.tag` | container image tag | `0.16.0` | | `image.pullPolicy` | container image pull policy | `IfNotPresent` | | `args` | argument object for cli-args | `{}` | | `envVars` | environment variables | `{}` | | `ignoreRules` | Grype ignore-rules | `""` | +| `filterConfig` | Specify ignore- and audit-rules | `""` | | `nodeSelector` | node labels for pod assignment | `{}` | | `tolerations` | node tolerations for pod assignment | `[]` | | `affinity` | node affinity for pod assignment | `{}` | diff --git a/charts/vulnerability-operator/templates/configmap.yaml b/charts/vulnerability-operator/templates/configmap.yaml index b87d0e3..0ecdb84 100644 --- a/charts/vulnerability-operator/templates/configmap.yaml +++ b/charts/vulnerability-operator/templates/configmap.yaml @@ -1,4 +1,4 @@ -{{- if .Values.ignoreRules }} +{{- if or .Values.ignoreRules .Values.filterConfig }} apiVersion: v1 kind: ConfigMap metadata: @@ -6,6 +6,12 @@ metadata: labels: {{- include "app.labels" . | nindent 4 }} data: +{{- if .Values.ignoreRules }} grype.yaml: | {{ .Values.ignoreRules | indent 4 }} {{- end }} +{{- if .Values.filterConfig }} + filter-config.yaml: | +{{ .Values.filterConfig | indent 4 }} +{{- end }} +{{- end }} diff --git a/charts/vulnerability-operator/templates/deployment.yaml b/charts/vulnerability-operator/templates/deployment.yaml index f0d5532..7865d8c 100644 --- a/charts/vulnerability-operator/templates/deployment.yaml +++ b/charts/vulnerability-operator/templates/deployment.yaml @@ -33,6 +33,9 @@ spec: {{- if .Values.ignoreRules }} - --grype-config-file=/vuln/grype.yaml {{- end }} + {{- if .Values.filterConfig }} + - --filter-config-file=/vuln/filter-config.yaml + {{- end }} env: {{- if .Values.envVars }} {{ toYaml .Values.envVars | nindent 12 }} @@ -60,7 +63,7 @@ spec: name: work - mountPath: /tmp name: tmp - {{- if .Values.ignoreRules }} + {{- if or .Values.ignoreRules .Values.filterConfig }} - mountPath: /vuln name: grype {{- end }} @@ -72,7 +75,7 @@ spec: {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} - {{- if .Values.ignoreRules }} + {{- if or .Values.ignoreRules .Values.filterConfig }} - name: grype configMap: name: {{ template "app.name" . }} diff --git a/charts/vulnerability-operator/values.yaml b/charts/vulnerability-operator/values.yaml index 613f6ea..79f02ae 100644 --- a/charts/vulnerability-operator/values.yaml +++ b/charts/vulnerability-operator/values.yaml @@ -30,6 +30,22 @@ ignoreRules: "" # - package: # type: gem +filterConfig: "" +# ignore: +# - vulnerability: GHSA-ggxm-pgc9-g7fp # rdoc +# context: +# - image: "*" +# namespace: gitlab-dev +# kind: Deployment +# name: gitlab-dev-server +# audit: +# - vulnerability: GHSA-fp4w-jxhp-m23p # bundler +# context: +# - image: "*" +# namespace: gitlab-dev +# kind: Deployment +# name: gitlab-dev-server + podAnnotations: {} resources: {}