github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/helm/trivy/values.yaml (about) 1 nameOverride: "" 2 fullnameOverride: "" 3 4 image: 5 registry: docker.io 6 repository: aquasec/trivy 7 # tag is an override of the image tag, which is by default set by the 8 # appVersion field in Chart.yaml. 9 tag: "" 10 pullPolicy: IfNotPresent 11 pullSecret: "" 12 13 replicaCount: 1 14 15 persistence: 16 enabled: true 17 storageClass: "" 18 accessMode: ReadWriteOnce 19 size: 5Gi 20 21 resources: 22 requests: 23 cpu: 200m 24 memory: 512Mi 25 limits: 26 cpu: 1 27 memory: 1Gi 28 29 rbac: 30 create: true 31 pspEnabled: false 32 pspAnnotations: {} 33 34 podSecurityContext: 35 runAsUser: 65534 36 runAsNonRoot: true 37 fsGroup: 65534 38 39 securityContext: 40 privileged: false 41 readOnlyRootFilesystem: true 42 43 ## Node labels for pod assignment 44 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ 45 nodeSelector: {} 46 47 ## Affinity settings for pod assignment 48 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ 49 affinity: {} 50 51 ## Tolerations for pod assignment 52 ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ 53 tolerations: [] 54 55 ## Annotations for pods created by statefulset 56 ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ 57 podAnnotations: {} 58 59 trivy: 60 # debugMode the flag to enable Trivy debug mode 61 debugMode: false 62 # gitHubToken the GitHub access token to download Trivy DB 63 # 64 # Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases. 65 # It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached 66 # in the local file system (`/home/scanner/.cache/trivy/db/trivy.db`). In addition, the database contains the update 67 # timestamp so Trivy can detect whether it should download a newer version from the Internet or use the cached one. 68 # Currently, the database is updated every 12 hours and published as a new release to GitHub. 69 # 70 # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough 71 # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000 72 # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult 73 # https://developer.github.com/v3/#rate-limiting 74 # 75 # You can create a GitHub token by following the instructions in 76 # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line 77 gitHubToken: "" 78 79 # Docker registry credentials 80 # See also: https://aquasecurity.github.io/trivy/dev/advanced/private-registries/docker-hub/ 81 # 82 # Either 83 # Directly in this file 84 # 85 # TRIVY_USERNAME 86 registryUsername: "" 87 # TRIVY_PASSWORD 88 registryPassword: "" 89 # 90 # Or 91 # From an existing secret 92 # 93 # The secret must be Opaque and just contain "TRIVY_USERNAME: your_user" and "TRIVY_PASSWORD: your_password" as k/v pairs. 94 # NOTE: When this is set the previous parameters are ignored. 95 # 96 # registryCredentialsExistingSecret: name-of-existing-secret 97 # skipDBUpdate the flag to enable or disable Trivy DB downloads from GitHub 98 # 99 # You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues. 100 # If the flag is enabled you have to manually download the `trivy.db` file and mount it in the 101 # `/home/scanner/.cache/trivy/db/trivy.db` path (see `cacheDir`). 102 skipDBUpdate: false 103 # OCI repository to retrieve the trivy vulnerability database from 104 dbRepository: ghcr.io/aquasecurity/trivy-db 105 # Trivy supports filesystem and redis as caching backend 106 # https://github.com/devseccon/trivy#specify-cache-backend 107 # This location is only used for the cache, not the db storage: https://github.com/devseccon/trivy/issues/765#issue-756010345 108 # 109 # In case you specify redis as backend, make sure you installed a redis server yourself, e.g. 110 # https://bitnami.com/stack/redis/helm 111 # 112 # In case redis is not enabled, the filesystem will be used 113 cache: 114 redis: 115 enabled: false 116 url: "" # e.g. redis://redis.redis.svc:6379 117 ttl: "" # e.g 3600s, 24h 118 tls: false 119 serviceAccount: 120 annotations: {} 121 # eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT_ID:role/IAM_ROLE_NAME 122 # If you want to add custom labels to your statefulset and podTemplate 123 labels: {} 124 # serverToken is the token to authenticate Trivy client with Trivy server. 125 serverToken: "" 126 # existingSecret if an existing secret has been created outside the chart. 127 # Overrides gitHubToken, registryUsername, registryPassword, serverToken 128 existingSecret: "" 129 # extraEnvVars to be set on the container 130 extraEnvVars: {} 131 132 service: 133 # If specified, the name used for the Trivy service. 134 name: 135 # type Kubernetes service type 136 type: ClusterIP 137 # port Kubernetes service port 138 port: 4954 139 # sessionAffinity Kubernetes service session affinity 140 sessionAffinity: ClientIP 141 142 ingress: 143 enabled: false 144 # From Kubernetes 1.18+ this field is supported in case your ingress controller supports it. When set, you do not need to add the ingress class as annotation. 145 ingressClassName: 146 annotations: {} 147 # kubernetes.io/ingress.class: nginx 148 hosts: 149 - host: trivy.example.com 150 path: "/" 151 # type is only needed for networking.k8s.io/v1 in k8s 1.19+ 152 pathType: Prefix 153 tls: [] 154 # - secretName: trivy-example-tls 155 # hosts: 156 # - trivy.example.com 157 158 # httpProxy the URL of the HTTP proxy server 159 httpProxy: 160 # httpsProxy the URL of the HTTPS proxy server 161 httpsProxy: 162 # noProxy the URLs that the proxy settings do not apply to 163 noProxy: