From 98cde42b31a869a186ae34ae56397cb4564e3a8a Mon Sep 17 00:00:00 2001 From: alexlebens Date: Fri, 12 Jul 2024 16:18:05 -0500 Subject: [PATCH] enable some scanners --- clusters/cl01tl/monitoring/trivy/values.yaml | 22 ++++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/clusters/cl01tl/monitoring/trivy/values.yaml b/clusters/cl01tl/monitoring/trivy/values.yaml index 4d9846074..85417ba2d 100644 --- a/clusters/cl01tl/monitoring/trivy/values.yaml +++ b/clusters/cl01tl/monitoring/trivy/values.yaml @@ -14,22 +14,12 @@ trivy-operator: scannerReportTTL: "24h" cacheReportTTL: "120h" batchDeleteLimit: 10 - vulnerabilityScannerScanOnlyCurrentRevisions: true - configAuditScannerScanOnlyCurrentRevisions: true batchDeleteDelay: 10s accessGlobalSecretsAndServiceAccount: true builtInTrivyServer: false builtInServerRegistryInsecure: false controllerCacheSyncTimeout: "15m" trivyServerHealthCheckCacheExpiration: 10h - metricsFindingsEnabled: true - metricsVulnIdEnabled: false - metricsExposedSecretInfo: false - metricsConfigAuditInfo: false - metricsRbacAssessmentInfo: false - metricsInfraAssessmentInfo: false - metricsImageInfo: false - metricsClusterComplianceInfo: false serverAdditionalAnnotations: {} webhookBroadcastURL: "" webhookBroadcastTimeout: 30s @@ -46,10 +36,20 @@ trivy-operator: clusterSbomCacheEnabled: true clusterComplianceEnabled: true configAuditScannerEnabled: true + configAuditScannerScanOnlyCurrentRevisions: true exposedSecretScannerEnabled: true - infraAssessmentScannerEnabled: false + infraAssessmentScannerEnabled: true rbacAssessmentScannerEnabled: true vulnerabilityScannerEnabled: false + vulnerabilityScannerScanOnlyCurrentRevisions: true + metricsFindingsEnabled: true + metricsVulnIdEnabled: false + metricsExposedSecretInfo: false + metricsConfigAuditInfo: false + metricsRbacAssessmentInfo: false + metricsInfraAssessmentInfo: false + metricsImageInfo: false + metricsClusterComplianceInfo: false service: headless: true metricsPort: 80