alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

enable some scanners

Browse Source
This commit is contained in:
Alex Lebens
2024-07-12 16:18:05 -05:00
parent f6eb1e9db4
commit 98cde42b31
1 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
clusters/cl01tl/monitoring/trivy/values.yaml
View File

@@ -14,22 +14,12 @@ trivy-operator:
scannerReportTTL: "24h" scannerReportTTL: "24h"
cacheReportTTL: "120h" cacheReportTTL: "120h"
batchDeleteLimit: 10 batchDeleteLimit: 10
vulnerabilityScannerScanOnlyCurrentRevisions: true
configAuditScannerScanOnlyCurrentRevisions: true
batchDeleteDelay: 10s batchDeleteDelay: 10s
accessGlobalSecretsAndServiceAccount: true accessGlobalSecretsAndServiceAccount: true
builtInTrivyServer: false builtInTrivyServer: false
builtInServerRegistryInsecure: false builtInServerRegistryInsecure: false
controllerCacheSyncTimeout: "15m" controllerCacheSyncTimeout: "15m"
trivyServerHealthCheckCacheExpiration: 10h trivyServerHealthCheckCacheExpiration: 10h
metricsFindingsEnabled: true
metricsVulnIdEnabled: false
metricsExposedSecretInfo: false
metricsConfigAuditInfo: false
metricsRbacAssessmentInfo: false
metricsInfraAssessmentInfo: false
metricsImageInfo: false
metricsClusterComplianceInfo: false
serverAdditionalAnnotations: {} serverAdditionalAnnotations: {}
webhookBroadcastURL: "" webhookBroadcastURL: ""
webhookBroadcastTimeout: 30s webhookBroadcastTimeout: 30s
@@ -46,10 +36,20 @@ trivy-operator:
clusterSbomCacheEnabled: true clusterSbomCacheEnabled: true
clusterComplianceEnabled: true clusterComplianceEnabled: true
configAuditScannerEnabled: true configAuditScannerEnabled: true
configAuditScannerScanOnlyCurrentRevisions: true
exposedSecretScannerEnabled: true exposedSecretScannerEnabled: true
infraAssessmentScannerEnabled: false infraAssessmentScannerEnabled: true
rbacAssessmentScannerEnabled: true rbacAssessmentScannerEnabled: true
vulnerabilityScannerEnabled: false vulnerabilityScannerEnabled: false
vulnerabilityScannerScanOnlyCurrentRevisions: true
metricsFindingsEnabled: true
metricsVulnIdEnabled: false
metricsExposedSecretInfo: false
metricsConfigAuditInfo: false
metricsRbacAssessmentInfo: false
metricsInfraAssessmentInfo: false
metricsImageInfo: false
metricsClusterComplianceInfo: false
service: service:
headless: true headless: true
metricsPort: 80 metricsPort: 80