Renovate Bot
c7f1cde10a
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [mirror.gcr.io/aquasec/trivy](https://www.aquasec.com/products/trivy/) ([source](https://github.com/aquasecurity/trivy)) | minor | `0.64.1` -> `0.65.0` | --- ### Release Notes <details> <summary>aquasecurity/trivy (mirror.gcr.io/aquasec/trivy)</summary> ### [`v0.65.0`](https://github.com/aquasecurity/trivy/blob/HEAD/CHANGELOG.md#0650-2025-07-30) [Compare Source](https://github.com/aquasecurity/trivy/compare/v0.64.1...v0.65.0) ##### Features - add graceful shutdown with signal handling ([#​9242](https://github.com/aquasecurity/trivy/issues/9242)) ([2c05882](2c05882f45)) - add HTTP request/response tracing support ([#​9125](https://github.com/aquasecurity/trivy/issues/9125)) ([aa5b32a](aa5b32a19f)) - **alma:** add AlmaLinux 10 support ([#​9207](https://github.com/aquasecurity/trivy/issues/9207)) ([861d51e](861d51e99a)) - **flag:** add schema validation for `--server` flag ([#​9270](https://github.com/aquasecurity/trivy/issues/9270)) ([ed4640e](ed4640ec27)) - **image:** add Docker context resolution ([#​9166](https://github.com/aquasecurity/trivy/issues/9166)) ([99cd4e7](99cd4e776c)) - **license:** observe pkg types option in license scanner ([#​9091](https://github.com/aquasecurity/trivy/issues/9091)) ([d44af8c](d44af8cfa2)) - **misconf:** add private ip google access attribute to subnetwork ([#​9199](https://github.com/aquasecurity/trivy/issues/9199)) ([263845c](263845cfc1)) - **misconf:** added logging and versioning to the gcp storage bucket ([#​9226](https://github.com/aquasecurity/trivy/issues/9226)) ([110f80e](110f80ea29)) - **repo:** add git repository metadata to reports ([#​9252](https://github.com/aquasecurity/trivy/issues/9252)) ([f4b2cf1](f4b2cf10e9)) - **report:** add CVSS vectors in sarif report ([#​9157](https://github.com/aquasecurity/trivy/issues/9157)) ([60723e6](60723e6cfc)) - **sbom:** add SHA-512 hash support for CycloneDX SBOM ([#​9126](https://github.com/aquasecurity/trivy/issues/9126)) ([12d6706](12d6706961)) ##### Bug Fixes - **alma:** parse epochs from rpmqa file ([#​9101](https://github.com/aquasecurity/trivy/issues/9101)) ([82db2fc](82db2fcc80)) - also check `filepath` when removing duplicate packages ([#​9142](https://github.com/aquasecurity/trivy/issues/9142)) ([4d10a81](4d10a815dd)) - **aws:** update amazon linux 2 EOL date ([#​9176](https://github.com/aquasecurity/trivy/issues/9176)) ([0ecfed6](0ecfed6ea7)) - **cli:** Add more non-sensitive flags to telemetry ([#​9110](https://github.com/aquasecurity/trivy/issues/9110)) ([7041a39](7041a39bdc)) - **cli:** ensure correct command is picked by telemetry ([#​9260](https://github.com/aquasecurity/trivy/issues/9260)) ([b4ad00f](b4ad00f301)) - **cli:** panic: attempt to get os.Args\[1] when len(os.Args) < 2 ([#​9206](https://github.com/aquasecurity/trivy/issues/9206)) ([adfa879](adfa879e4e)) - **license:** add missed `GFDL-NIV-1.1` and `GFDL-NIV-1.2` into Trivy mapping ([#​9116](https://github.com/aquasecurity/trivy/issues/9116)) ([a692f29](a692f296d1)) - **license:** handle WITH operator for `LaxSplitLicenses` ([#​9232](https://github.com/aquasecurity/trivy/issues/9232)) ([b4193d0](b4193d0d31)) - migrate from `*.list` to `*.md5sums` files for `dpkg` ([#​9131](https://github.com/aquasecurity/trivy/issues/9131)) ([f224de3](f224de3e39)) - **misconf:** correctly adapt azure storage account ([#​9138](https://github.com/aquasecurity/trivy/issues/9138)) ([51aa022](51aa022260)) - **misconf:** correctly parse empty port ranges in google\_compute\_firewall ([#​9237](https://github.com/aquasecurity/trivy/issues/9237)) ([77bab7b](77bab7b6d2)) - **misconf:** fix log bucket in schema ([#​9235](https://github.com/aquasecurity/trivy/issues/9235)) ([7ebc129](7ebc129ab7)) - **misconf:** skip rewriting expr if attr is nil ([#​9113](https://github.com/aquasecurity/trivy/issues/9113)) ([42ccd3d](42ccd3df9a)) - **nodejs:** don't use prerelease logic for compare npm constraints ([#​9208](https://github.com/aquasecurity/trivy/issues/9208)) ([fe96436](fe96436b99)) - prevent graceful shutdown message on normal exit ([#​9244](https://github.com/aquasecurity/trivy/issues/9244)) ([6095984](6095984d53)) - **rootio:** check full version to detect `root.io` packages ([#​9117](https://github.com/aquasecurity/trivy/issues/9117)) ([c2ddd44](c2ddd44d98)) - **rootio:** fix severity selection ([#​9181](https://github.com/aquasecurity/trivy/issues/9181)) ([6fafbeb](6fafbeb606)) - **sbom:** merge in-graph and out-of-graph OS packages in scan results ([#​9194](https://github.com/aquasecurity/trivy/issues/9194)) ([aa944cc](aa944cc6da)) - **sbom:** use correct field for licenses in CycloneDX reports ([#​9057](https://github.com/aquasecurity/trivy/issues/9057)) ([143da88](143da88dd8)) - **secret:** add UTF-8 validation in secret scanner to prevent protobuf marshalling errors ([#​9253](https://github.com/aquasecurity/trivy/issues/9253)) ([54832a7](54832a77b5)) - **secret:** fix line numbers for multiple-line secrets ([#​9104](https://github.com/aquasecurity/trivy/issues/9104)) ([e579746](e57974649e)) - **server:** add HTTP transport setup to server mode ([#​9217](https://github.com/aquasecurity/trivy/issues/9217)) ([1163b04](1163b044c7)) - supporting .egg-info/METADATA in python.Packaging analyzer ([#​9151](https://github.com/aquasecurity/trivy/issues/9151)) ([e306e2d](e306e2dc52)) - **terraform:** `for_each` on a map returns a resource for every key ([#​9156](https://github.com/aquasecurity/trivy/issues/9156)) ([153318f](153318f65f)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xLjMiLCJ1cGRhdGVkSW5WZXIiOiI0MS4xLjMiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImltYWdlIl19--> Reviewed-on: #1073 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
106 lines
2.8 KiB
YAML
106 lines
2.8 KiB
YAML
trivy-operator:
|
|
targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job"
|
|
operator:
|
|
replicas: 1
|
|
vulnerabilityScannerEnabled: false
|
|
sbomGenerationEnabled: false
|
|
clusterSbomCacheEnabled: false
|
|
configAuditScannerEnabled: true
|
|
rbacAssessmentScannerEnabled: true
|
|
infraAssessmentScannerEnabled: true
|
|
clusterComplianceEnabled: false
|
|
serviceMonitor:
|
|
enabled: true
|
|
trivy:
|
|
createConfig: true
|
|
image:
|
|
registry: mirror.gcr.io
|
|
repository: aquasec/trivy
|
|
tag: 0.65.0
|
|
storageClassEnabled: true
|
|
storageClassName: ceph-block
|
|
storageSize: "5Gi"
|
|
registry:
|
|
mirror:
|
|
"registry-1.docker.io": proxy-registry-1.docker.io
|
|
"quay.io": proxy-quay.io
|
|
"registry.k8s.io": proxy-registry.k8s
|
|
"gcr.io": proxy-gcr.io
|
|
"ghcr.io": proxy-ghcr.io
|
|
"hub.docker": proxy-hub.docker
|
|
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
|
|
slow: true
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128M
|
|
supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"
|
|
server:
|
|
resources:
|
|
requests:
|
|
cpu: 200m
|
|
memory: 512Mi
|
|
replicas: 1
|
|
compliance:
|
|
reportType: summary
|
|
cron: 0 5 * * *
|
|
specs:
|
|
- k8s-cis-1.23
|
|
- k8s-nsa-1.0
|
|
- k8s-pss-baseline-0.1
|
|
- k8s-pss-restricted-0.1
|
|
volumeMounts:
|
|
- mountPath: /tmp
|
|
name: cache-policies
|
|
readOnly: false
|
|
volumes:
|
|
- name: cache-policies
|
|
emptyDir: {}
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
nodeCollector:
|
|
tolerations:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: Exists
|
|
effect: NoSchedule
|
|
volumeMounts:
|
|
- name: var-lib-etcd
|
|
mountPath: /var/lib/etcd
|
|
readOnly: true
|
|
- name: var-lib-kubelet
|
|
mountPath: /var/lib/kubelet
|
|
readOnly: true
|
|
- name: var-lib-kube-scheduler
|
|
mountPath: /var/lib/kube-scheduler
|
|
readOnly: true
|
|
- name: var-lib-kube-controller-manager
|
|
mountPath: /var/lib/kube-controller-manager
|
|
readOnly: true
|
|
- name: etc-kubernetes
|
|
mountPath: /etc/kubernetes
|
|
readOnly: true
|
|
- name: etc-cni-netd
|
|
mountPath: /etc/cni/net.d/
|
|
readOnly: true
|
|
volumes:
|
|
- name: var-lib-etcd
|
|
hostPath:
|
|
path: /var/lib/etcd
|
|
- name: var-lib-kubelet
|
|
hostPath:
|
|
path: /var/lib/kubelet
|
|
- name: var-lib-kube-scheduler
|
|
hostPath:
|
|
path: /var/lib/kube-scheduler
|
|
- name: var-lib-kube-controller-manager
|
|
hostPath:
|
|
path: /var/lib/kube-controller-manager
|
|
- name: etc-kubernetes
|
|
hostPath:
|
|
path: /etc/kubernetes
|
|
- name: etc-cni-netd
|
|
hostPath:
|
|
path: /etc/cni/net.d/
|