Renovate Bot
12831ad36e
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [mirror.gcr.io/aquasec/trivy](https://www.aquasec.com/products/trivy/) ([source](https://github.com/aquasecurity/trivy)) | minor | `0.63.0` -> `0.64.1` | --- ### Release Notes <details> <summary>aquasecurity/trivy (mirror.gcr.io/aquasec/trivy)</summary> ### [`v0.64.1`](https://github.com/aquasecurity/trivy/releases/tag/v0.64.1) [Compare Source](https://github.com/aquasecurity/trivy/compare/v0.64.0...v0.64.1) #### Changelog - [`86ee3c1`](86ee3c1176) release: v0.64.1 \[release/v0.64] ([#​9122](https://github.com/aquasecurity/trivy/issues/9122)) - [`4e12722`](4e1272283a) fix(misconf): skip rewriting expr if attr is nil \[backport: release/v0.64] ([#​9127](https://github.com/aquasecurity/trivy/issues/9127)) - [`9a7d384`](9a7d38432c) fix(cli): Add more non-sensitive flags to telemetry \[backport: release/v0.64] ([#​9124](https://github.com/aquasecurity/trivy/issues/9124)) - [`53adfba`](53adfba3c2) fix(rootio): check full version to detect `root.io` packages \[backport: release/v0.64] ([#​9120](https://github.com/aquasecurity/trivy/issues/9120)) - [`8cf1bf9`](8cf1bf9f6f) fix(alma): parse epochs from rpmqa file \[backport: release/v0.64] ([#​9119](https://github.com/aquasecurity/trivy/issues/9119)) ### [`v0.64.0`](https://github.com/aquasecurity/trivy/blob/HEAD/CHANGELOG.md#0640-2025-06-30) [Compare Source](https://github.com/aquasecurity/trivy/compare/v0.63.0...v0.64.0) ##### Features - **cli:** add version constraints to annoucements ([#​9023](https://github.com/aquasecurity/trivy/issues/9023)) ([19efa9f](19efa9fd37)) - **java:** dereference all maven settings.xml env placeholders ([#​9024](https://github.com/aquasecurity/trivy/issues/9024)) ([5aade69](5aade698c7)) - **misconf:** add OpenTofu file extension support ([#​8747](https://github.com/aquasecurity/trivy/issues/8747)) ([57801d0](57801d0324)) - **misconf:** normalize CreatedBy for buildah and legacy docker builder ([#​8953](https://github.com/aquasecurity/trivy/issues/8953)) ([65e155f](65e155fdaf)) - **redhat:** Add EOL date for RHEL 10. ([#​8910](https://github.com/aquasecurity/trivy/issues/8910)) ([48258a7](48258a701a)) - reject unsupported artifact types in remote image retrieval ([#​9052](https://github.com/aquasecurity/trivy/issues/9052)) ([1e1e1b5](1e1e1b5fa6)) - **sbom:** add manufacturer field to CycloneDX tools metadata ([#​9019](https://github.com/aquasecurity/trivy/issues/9019)) ([41d0f94](41d0f949c8)) - **terraform:** add partial evaluation for policy templates ([#​8967](https://github.com/aquasecurity/trivy/issues/8967)) ([a9f7dcd](a9f7dcdb9c)) - **ubuntu:** add end of life date for Ubuntu 25.04 ([#​9077](https://github.com/aquasecurity/trivy/issues/9077)) ([367564a](367564a3be)) - **ubuntu:** add eol date for 20.04-ESM ([#​8981](https://github.com/aquasecurity/trivy/issues/8981)) ([87118a0](87118a0ec4)) - **vuln:** add Root.io support for container image scanning ([#​9073](https://github.com/aquasecurity/trivy/issues/9073)) ([3a0ec0f](3a0ec0f2ac)) ##### Bug Fixes - Add missing version check flags ([#​8951](https://github.com/aquasecurity/trivy/issues/8951)) ([ef5f8de](ef5f8de8da)) - **cli:** add some values to the telemetry call ([#​9056](https://github.com/aquasecurity/trivy/issues/9056)) ([fd2bc91](fd2bc91e13)) - Correctly check for semver versions for trivy version check ([#​8948](https://github.com/aquasecurity/trivy/issues/8948)) ([b813527](b813527449)) - don't show corrupted trivy-db warning for first run ([#​8991](https://github.com/aquasecurity/trivy/issues/8991)) ([4ed78e3](4ed78e39af)) - **misconf:** .Config.User always takes precedence over USER in .History ([#​9050](https://github.com/aquasecurity/trivy/issues/9050)) ([371b8cc](371b8cc02f)) - **misconf:** correct Azure value-to-time conversion in AsTimeValue ([#​9015](https://github.com/aquasecurity/trivy/issues/9015)) ([40d017b](40d017b67d)) - **misconf:** move disabled checks filtering after analyzer scan ([#​9002](https://github.com/aquasecurity/trivy/issues/9002)) ([a58c36d](a58c36de12)) - **misconf:** reduce log noise on incompatible check ([#​9029](https://github.com/aquasecurity/trivy/issues/9029)) ([99c5151](99c5151d6e)) - **nodejs:** correctly parse `packages` array of `bun.lock` file ([#​8998](https://github.com/aquasecurity/trivy/issues/8998)) ([875ec3a](875ec3a9d2)) - **report:** don't panic when report contains vulns, but doesn't contain packages for `table` format ([#​8549](https://github.com/aquasecurity/trivy/issues/8549)) ([87fda76](87fda76f38)) - **sbom:** remove unnecessary OS detection check in SBOM decoding ([#​9034](https://github.com/aquasecurity/trivy/issues/9034)) ([198789a](198789a07b)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xLjMiLCJ1cGRhdGVkSW5WZXIiOiI0MS4xLjMiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImltYWdlIl19--> Reviewed-on: #812 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
102 lines
2.7 KiB
YAML
102 lines
2.7 KiB
YAML
trivy-operator:
|
|
targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job"
|
|
operator:
|
|
replicas: 1
|
|
vulnerabilityScannerEnabled: false
|
|
sbomGenerationEnabled: false
|
|
clusterSbomCacheEnabled: false
|
|
configAuditScannerEnabled: true
|
|
rbacAssessmentScannerEnabled: true
|
|
infraAssessmentScannerEnabled: true
|
|
clusterComplianceEnabled: false
|
|
serviceMonitor:
|
|
enabled: true
|
|
trivy:
|
|
createConfig: true
|
|
image:
|
|
registry: mirror.gcr.io
|
|
repository: aquasec/trivy
|
|
tag: 0.64.1
|
|
storageClassEnabled: true
|
|
storageClassName: ceph-block
|
|
storageSize: "5Gi"
|
|
registry:
|
|
mirror:
|
|
"registry-1.docker.io": proxy-registry-1.docker.io
|
|
"quay.io": proxy-quay.io
|
|
"registry.k8s.io": proxy-registry.k8s
|
|
"gcr.io": proxy-gcr.io
|
|
"ghcr.io": proxy-ghcr.io
|
|
"hub.docker": proxy-hub.docker
|
|
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
|
|
slow: true
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128M
|
|
supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"
|
|
server:
|
|
resources:
|
|
requests:
|
|
cpu: 200m
|
|
memory: 512Mi
|
|
replicas: 1
|
|
compliance:
|
|
reportType: summary
|
|
cron: 0 5 * * *
|
|
specs:
|
|
- k8s-cis-1.23
|
|
- k8s-nsa-1.0
|
|
- k8s-pss-baseline-0.1
|
|
- k8s-pss-restricted-0.1
|
|
volumeMounts:
|
|
- mountPath: /tmp
|
|
name: cache-policies
|
|
readOnly: false
|
|
volumes:
|
|
- name: cache-policies
|
|
emptyDir: {}
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
nodeCollector:
|
|
volumeMounts:
|
|
- name: var-lib-etcd
|
|
mountPath: /var/lib/etcd
|
|
readOnly: true
|
|
- name: var-lib-kubelet
|
|
mountPath: /var/lib/kubelet
|
|
readOnly: true
|
|
- name: var-lib-kube-scheduler
|
|
mountPath: /var/lib/kube-scheduler
|
|
readOnly: true
|
|
- name: var-lib-kube-controller-manager
|
|
mountPath: /var/lib/kube-controller-manager
|
|
readOnly: true
|
|
- name: etc-kubernetes
|
|
mountPath: /etc/kubernetes
|
|
readOnly: true
|
|
- name: etc-cni-netd
|
|
mountPath: /etc/cni/net.d/
|
|
readOnly: true
|
|
volumes:
|
|
- name: var-lib-etcd
|
|
hostPath:
|
|
path: /var/lib/etcd
|
|
- name: var-lib-kubelet
|
|
hostPath:
|
|
path: /var/lib/kubelet
|
|
- name: var-lib-kube-scheduler
|
|
hostPath:
|
|
path: /var/lib/kube-scheduler
|
|
- name: var-lib-kube-controller-manager
|
|
hostPath:
|
|
path: /var/lib/kube-controller-manager
|
|
- name: etc-kubernetes
|
|
hostPath:
|
|
path: /etc/kubernetes
|
|
- name: etc-cni-netd
|
|
hostPath:
|
|
path: /etc/cni/net.d/
|