update vulnerability-operator
Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>
This commit is contained in:
Christian Kotzbauer
parent
2f9d6df29f
commit
b840579897
|
|
@ -1,8 +1,8 @@
|
|||
apiVersion: v2
|
||||
description: Scans SBOMs for vulnerabilities
|
||||
name: vulnerability-operator
|
||||
version: 0.16.0
|
||||
appVersion: 0.15.0
|
||||
version: 0.17.0
|
||||
appVersion: 0.16.0
|
||||
home: https://github.com/ckotzbauer/vulnerability-operator
|
||||
sources:
|
||||
- https://github.com/ckotzbauer/vulnerability-operator
|
||||
|
|
|
|||
|
|
@ -31,11 +31,12 @@ The following table lists the configurable parameters of the vulnerability-opera
|
|||
| Parameter | Description | Default |
|
||||
| -------------------------------------- | ------------------------------------------------- | --------------------------------------------- |
|
||||
| `image.repository` | container image repository | `ghcr.io/ckotzbauer/vulnerability-operator` |
|
||||
| `image.tag` | container image tag | `0.14.1` |
|
||||
| `image.tag` | container image tag | `0.16.0` |
|
||||
| `image.pullPolicy` | container image pull policy | `IfNotPresent` |
|
||||
| `args` | argument object for cli-args | `{}` |
|
||||
| `envVars` | environment variables | `{}` |
|
||||
| `ignoreRules` | Grype ignore-rules | `""` |
|
||||
| `filterConfig` | Specify ignore- and audit-rules | `""` |
|
||||
| `nodeSelector` | node labels for pod assignment | `{}` |
|
||||
| `tolerations` | node tolerations for pod assignment | `[]` |
|
||||
| `affinity` | node affinity for pod assignment | `{}` |
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.ignoreRules }}
|
||||
{{- if or .Values.ignoreRules .Values.filterConfig }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
|
|
@ -6,6 +6,12 @@ metadata:
|
|||
labels:
|
||||
{{- include "app.labels" . | nindent 4 }}
|
||||
data:
|
||||
{{- if .Values.ignoreRules }}
|
||||
grype.yaml: |
|
||||
{{ .Values.ignoreRules | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.filterConfig }}
|
||||
filter-config.yaml: |
|
||||
{{ .Values.filterConfig | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -33,6 +33,9 @@ spec:
|
|||
{{- if .Values.ignoreRules }}
|
||||
- --grype-config-file=/vuln/grype.yaml
|
||||
{{- end }}
|
||||
{{- if .Values.filterConfig }}
|
||||
- --filter-config-file=/vuln/filter-config.yaml
|
||||
{{- end }}
|
||||
env:
|
||||
{{- if .Values.envVars }}
|
||||
{{ toYaml .Values.envVars | nindent 12 }}
|
||||
|
|
@ -60,7 +63,7 @@ spec:
|
|||
name: work
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
{{- if .Values.ignoreRules }}
|
||||
{{- if or .Values.ignoreRules .Values.filterConfig }}
|
||||
- mountPath: /vuln
|
||||
name: grype
|
||||
{{- end }}
|
||||
|
|
@ -72,7 +75,7 @@ spec:
|
|||
{{- if .Values.extraVolumes }}
|
||||
{{- toYaml .Values.extraVolumes | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.ignoreRules }}
|
||||
{{- if or .Values.ignoreRules .Values.filterConfig }}
|
||||
- name: grype
|
||||
configMap:
|
||||
name: {{ template "app.name" . }}
|
||||
|
|
|
|||
|
|
@ -30,6 +30,22 @@ ignoreRules: ""
|
|||
# - package:
|
||||
# type: gem
|
||||
|
||||
filterConfig: ""
|
||||
# ignore:
|
||||
# - vulnerability: GHSA-ggxm-pgc9-g7fp # rdoc
|
||||
# context:
|
||||
# - image: "*"
|
||||
# namespace: gitlab-dev
|
||||
# kind: Deployment
|
||||
# name: gitlab-dev-server
|
||||
# audit:
|
||||
# - vulnerability: GHSA-fp4w-jxhp-m23p # bundler
|
||||
# context:
|
||||
# - image: "*"
|
||||
# namespace: gitlab-dev
|
||||
# kind: Deployment
|
||||
# name: gitlab-dev-server
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
resources: {}
|
||||
|
|
|
|||
Loading…
Reference in New Issue