diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a15e22fe3..e5ec0ff9c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -351,7 +351,7 @@ kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manage or ``` -curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.6/install.sh -o install.sh +curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.21.0-rc/install.sh -o install.sh chmod +x install.sh ./install.sh v0.20.0 ``` diff --git a/README.md b/README.md index 91d05acc9..02dff3b07 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,7 @@ Install the Helm Chart: helm install trivy-operator aqua/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.20.6 + --version 0.21.0-rc ``` #### Option 2: Install from OCI registry (supported in Helm v3.8.0+) @@ -78,7 +78,7 @@ Install the Helm Chart: helm install trivy-operator oci://ghcr.io/aquasecurity/helm-charts/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.20.6 + --version 0.21.0-rc ``` This will install the Trivy Helm Chart into the `trivy-system` namespace and start triggering the scans. @@ -112,10 +112,7 @@ Join the community, and talk to us about any matter in [GitHub Discussions] or [ [action-release-snapshot]: https://github.com/aquasecurity/trivy-operator/actions/workflows/release-snapshot.yaml [report-card-img]: https://goreportcard.com/badge/github.com/aquasecurity/trivy-operator [report-card]: https://goreportcard.com/report/github.com/aquasecurity/trivy-operator -[license-img]: https://img.shields.io/github/license/aquasecurity/trivy-operator.svg -[license]: https://github.com/aquasecurity/trivy-operator/blob/main/LICENSE [github-all-releases-img]: https://img.shields.io/github/downloads/aquasecurity/trivy-operator/total?logo=github -[docker-pulls-trivy-operator]: https://img.shields.io/docker/pulls/aquasec/trivy-operator?logo=docker&label=docker%20pulls%20%2F%20trivy%20operator [Contributing]: CONTRIBUTING.md [GitHub Discussions]: https://github.com/aquasecurity/trivy-operator/discussions [Slack]: https://slack.aquasec.com/ diff --git a/RELEASING.md b/RELEASING.md index 8c2a60133..f2befcbc7 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -46,17 +46,17 @@ 5. Create an annotated git tag and push it to the `upstream`. This will trigger the [`.github/workflows/release.yaml`] workflow ```sh - git tag -v0.18.5 -m 'Release v0.18.5' - git push upstream v0.18.5 + git tag -v0.19.0-rc -m 'Release v0.19.0-rc' + git push upstream v0.19.0-rc ``` 6. Verify that the `release` workflow has built and published the following artifacts 1. Trivy-operator container images published to DockerHub - `docker.io/aquasec/trivy-operator:0.18.5` + `docker.io/aquasec/trivy-operator:v0.19.0-rc` 2. Trivy-operator container images published to Amazon ECR Public Gallery - `public.ecr.aws/aquasecurity/trivy-operator:0.18.5` + `public.ecr.aws/aquasecurity/trivy-operator:v0.19.0-rc` 3. Trivy-operator container images published to GitHub Container Registry - `ghcr.io/aquasecurity/trivy-operator:0.18.5` + `ghcr.io/aquasecurity/trivy-operator:v0.19.0-rc` 7. Submit trivy-operator Operator to OperatorHub and ArtifactHUB by opening the PR to the repository. diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml index 4b562cd94..bef0b26a2 100644 --- a/deploy/helm/Chart.yaml +++ b/deploy/helm/Chart.yaml @@ -6,12 +6,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.20.6 +version: 0.21.0-rc # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.18.5 +appVersion: v0.19.0-rc # kubeVersion: A SemVer range of compatible Kubernetes versions (optional) diff --git a/deploy/helm/README.md b/deploy/helm/README.md index 367d0186f..c9a2fd232 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -1,6 +1,6 @@ # trivy-operator -![Version: 0.20.6](https://img.shields.io/badge/Version-0.20.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.18.5](https://img.shields.io/badge/AppVersion-0.18.5-informational?style=flat-square) +![Version: 0.21.0-rc](https://img.shields.io/badge/Version-0.21.0-rc-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.19.0-rc](https://img.shields.io/badge/AppVersion-v0.19.0-rc-informational?style=flat-square) Keeps security report resources updated @@ -174,7 +174,7 @@ Keeps security report resources updated | trivyOperator.additionalReportLabels | string | `""` | additionalReportLabels comma-separated representation of the labels which the user wants the scanner pods to be labeled with. Example: `foo=bar,env=stage` will labeled the reports with the labels `foo: bar` and `env: stage` | | trivyOperator.configAuditReportsPlugin | string | `"Trivy"` | configAuditReportsPlugin the name of the plugin that generates config audit reports. | | trivyOperator.metricsResourceLabelsPrefix | string | `"k8s_label_"` | metricsResourceLabelsPrefix Prefix that will be prepended to the labels names indicated in `reportResourceLabels` when including them in the Prometheus metrics | -| trivyOperator.policiesConfig | string | `""` | policiesConfig Custom Rego Policies to be used by the config audit scanner See https://github.com/aquasecurity/trivy-operator/blob/main/docs/tutorials/writing-custom-configuration-audit-policies.md for more details. | +| trivyOperator.policiesConfig | string | `""` | policiesConfig Custom Rego Policies to be used by the config audit scanner See for more details. | | trivyOperator.reportRecordFailedChecksOnly | bool | `true` | reportRecordFailedChecksOnly flag is to record only failed checks on misconfiguration reports (config-audit and rbac assessment) | | trivyOperator.reportResourceLabels | string | `""` | reportResourceLabels comma-separated scanned resource labels which the user wants to include in the Prometheus metrics report. Example: `owner,app` | | trivyOperator.scanJobAnnotations | string | `""` | scanJobAnnotations comma-separated representation of the annotations which the user wants the scanner pods to be annotated with. Example: `foo=bar,env=stage` will annotate the scanner pods with the annotations `foo: bar` and `env: stage` | @@ -194,4 +194,3 @@ Keeps security report resources updated | volumeMounts[0].readOnly | bool | `false` | | | volumes[0].emptyDir | object | `{}` | | | volumes[0].name | string | `"cache-policies"` | | - diff --git a/deploy/helm/templates/specs/cis-1.23.yaml b/deploy/helm/templates/specs/cis-1.23.yaml index 6ec92a9f4..368dfaa78 100644 --- a/deploy/helm/templates/specs/cis-1.23.yaml +++ b/deploy/helm/templates/specs/cis-1.23.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.5 + app.kubernetes.io/version: v0.19.0-rc app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote}} diff --git a/deploy/helm/templates/specs/nsa-1.0.yaml b/deploy/helm/templates/specs/nsa-1.0.yaml index 43109953c..250310101 100644 --- a/deploy/helm/templates/specs/nsa-1.0.yaml +++ b/deploy/helm/templates/specs/nsa-1.0.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/helm/templates/specs/pss-baseline.yaml b/deploy/helm/templates/specs/pss-baseline.yaml index e7124854d..518efa1e0 100644 --- a/deploy/helm/templates/specs/pss-baseline.yaml +++ b/deploy/helm/templates/specs/pss-baseline.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.5 + app.kubernetes.io/version: v0.19.0-rc app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/helm/templates/specs/pss-restricted.yaml b/deploy/helm/templates/specs/pss-restricted.yaml index 3edc76ecb..f693fe127 100644 --- a/deploy/helm/templates/specs/pss-restricted.yaml +++ b/deploy/helm/templates/specs/pss-restricted.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.5 + app.kubernetes.io/version: v0.19.0-rc app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/static/namespace.yaml b/deploy/static/namespace.yaml index 8b5dcc735..f5404ea2e 100644 --- a/deploy/static/namespace.yaml +++ b/deploy/static/namespace.yaml @@ -6,5 +6,5 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml index c4fe4c876..5b172cb57 100644 --- a/deploy/static/trivy-operator.yaml +++ b/deploy/static/trivy-operator.yaml @@ -2864,7 +2864,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl --- # Source: trivy-operator/templates/configmaps/operator.yaml @@ -2876,7 +2876,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl data: nodeCollector.volumes: "[{\"hostPath\":{\"path\":\"/var/lib/etcd\"},\"name\":\"var-lib-etcd\"},{\"hostPath\":{\"path\":\"/var/lib/kubelet\"},\"name\":\"var-lib-kubelet\"},{\"hostPath\":{\"path\":\"/var/lib/kube-scheduler\"},\"name\":\"var-lib-kube-scheduler\"},{\"hostPath\":{\"path\":\"/var/lib/kube-controller-manager\"},\"name\":\"var-lib-kube-controller-manager\"},{\"hostPath\":{\"path\":\"/etc/systemd\"},\"name\":\"etc-systemd\"},{\"hostPath\":{\"path\":\"/lib/systemd\"},\"name\":\"lib-systemd\"},{\"hostPath\":{\"path\":\"/etc/kubernetes\"},\"name\":\"etc-kubernetes\"},{\"hostPath\":{\"path\":\"/etc/cni/net.d/\"},\"name\":\"etc-cni-netd\"}]" @@ -2900,7 +2900,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl data: --- @@ -2913,7 +2913,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl data: OPERATOR_LOG_DEV_MODE: "false" @@ -2965,7 +2965,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl data: trivy.repository: "ghcr.io/aquasecurity/trivy" @@ -3001,7 +3001,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl data: --- @@ -3014,7 +3014,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl data: --- @@ -3027,7 +3027,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl spec: replicas: 1 @@ -3047,7 +3047,7 @@ spec: automountServiceAccountToken: true containers: - name: "trivy-operator" - image: "ghcr.io/aquasecurity/trivy-operator:0.18.5" + image: "ghcr.io/aquasecurity/trivy-operator:v0.19.0-rc" imagePullPolicy: IfNotPresent env: - name: OPERATOR_NAMESPACE @@ -3108,7 +3108,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl spec: @@ -3501,7 +3501,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3522,7 +3522,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl rules: - apiGroups: @@ -3549,7 +3549,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3569,7 +3569,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl rules: - apiGroups: @@ -3599,7 +3599,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3619,7 +3619,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3644,7 +3644,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3669,7 +3669,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3694,5 +3694,5 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" app.kubernetes.io/managed-by: kubectl diff --git a/docs/docs/crds/clustercompliance-report.md b/docs/docs/crds/clustercompliance-report.md index 0586fa304..d00215e1b 100644 --- a/docs/docs/crds/clustercompliance-report.md +++ b/docs/docs/crds/clustercompliance-report.md @@ -1346,7 +1346,7 @@ status: "app.kubernetes.io/instance": "trivy-operator", "app.kubernetes.io/managed-by": "kubectl", "app.kubernetes.io/name": "trivy-operator", - "app.kubernetes.io/version": "0.18.5" + "app.kubernetes.io/version": "v0.19.0-rc" }, "name": "cis", "resourceVersion": "8985", diff --git a/docs/docs/crds/configaudit-report.md b/docs/docs/crds/configaudit-report.md index 6dff40de3..b13602ce7 100644 --- a/docs/docs/crds/configaudit-report.md +++ b/docs/docs/crds/configaudit-report.md @@ -34,7 +34,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: '0.18.5' + version: 'v0.19.0-rc' summary: criticalCount: 2 highCount: 0 diff --git a/docs/docs/crds/exposedsecret-report.md b/docs/docs/crds/exposedsecret-report.md index 1bf4a87a2..25716698b 100644 --- a/docs/docs/crds/exposedsecret-report.md +++ b/docs/docs/crds/exposedsecret-report.md @@ -33,7 +33,7 @@ metadata: report: artifact: repository: myimagewithsecret - tag: v0.18.5 + tag: v0.19.0-rc registry: server: index.docker.io scanner: diff --git a/docs/docs/crds/rbacassessment-report.md b/docs/docs/crds/rbacassessment-report.md index fca9a9c61..4d8d12f15 100644 --- a/docs/docs/crds/rbacassessment-report.md +++ b/docs/docs/crds/rbacassessment-report.md @@ -176,7 +176,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: '0.18.5' + version: 'v0.19.0-rc' summary: criticalCount: 1 highCount: 0 diff --git a/docs/docs/design/caching_scan_results_by_repo_digest.md b/docs/docs/design/caching_scan_results_by_repo_digest.md index b14fa7c89..18278335e 100644 --- a/docs/docs/design/caching_scan_results_by_repo_digest.md +++ b/docs/docs/design/caching_scan_results_by_repo_digest.md @@ -129,5 +129,5 @@ We can't use something like ownerReference since it would delete all vulnerabili a gate. * Both Trivy-Operator CLI and Trivy-Operator Operator can read and leverage ClusterVulnerabilityReports. -[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.18.5/integrations/vulnerability-scanners/trivy/#standalone -[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.18.5/integrations/vulnerability-scanners/trivy/#clientserver +[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.19.0-rc/integrations/vulnerability-scanners/trivy/#standalone +[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.19.0-rc/integrations/vulnerability-scanners/trivy/#clientserver diff --git a/docs/docs/design/design_compliance_report.md b/docs/docs/design/design_compliance_report.md index 941e004db..8f6c9463d 100644 --- a/docs/docs/design/design_compliance_report.md +++ b/docs/docs/design/design_compliance_report.md @@ -542,7 +542,7 @@ metadata: name: clustercompliancereports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" spec: group: aquasecurity.github.io scope: Cluster @@ -678,7 +678,7 @@ metadata: name: clustercompliancedetailreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "v0.19.0-rc" spec: group: aquasecurity.github.io versions: diff --git a/docs/docs/design/design_starboard_at_scale.excalidraw b/docs/docs/design/design_starboard_at_scale.excalidraw index b51df6aec..9fcaf9aec 100644 --- a/docs/docs/design/design_starboard_at_scale.excalidraw +++ b/docs/docs/design/design_starboard_at_scale.excalidraw @@ -11835,7 +11835,7 @@ "versionNonce": 596868769, "isDeleted": false, "boundElementIds": null, - "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: scan-vulnerabilityreport-\n namespace: trivy-system\nspec:\n template:\n spec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.5\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n restartPolicy: Never\n backoffLimit: 1", + "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: scan-vulnerabilityreport-\n namespace: trivy-system\nspec:\n template:\n spec:\n containers:\n - name: nginx\n image: aquasec/trivy:v0.19.0-rc\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n restartPolicy: Never\n backoffLimit: 1", "fontSize": 20, "fontFamily": 3, "textAlign": "left", @@ -11895,7 +11895,7 @@ "boundElementIds": [], "fontSize": 20, "fontFamily": 3, - "text": "apiVersion: v1\nkind: Pod\nmetadata:\n name: scan-vulnerabilityreport--\n namespace: trivy-system\nspec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.5\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n", + "text": "apiVersion: v1\nkind: Pod\nmetadata:\n name: scan-vulnerabilityreport--\n namespace: trivy-system\nspec:\n containers:\n - name: nginx\n image: aquasec/trivy:v0.19.0-rc\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n", "baseline": 259, "textAlign": "left", "verticalAlign": "top" diff --git a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md index 9d17b41bc..cfd8abfc9 100644 --- a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md +++ b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md @@ -219,6 +219,6 @@ With this approach trivy operator will not have to worry about managing(create/d - As we will run scan job with service account of workload and if there are some very strict PSP defined in the cluster then scan job will be blocked due to the PSP. -[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.18.5/integrations/managed-registries/#amazon-elastic-container-registry-ecr +[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.19.0-rc/integrations/managed-registries/#amazon-elastic-container-registry-ecr [IAM role to service account]: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html [Trivy fs command]: https://github.com/aquasecurity/trivy-operator/blob/main/docs/design/design_trivy_file_system_scanner.md diff --git a/docs/docs/design/ttl_scans.md b/docs/docs/design/ttl_scans.md index 373bcb8a8..283c443af 100644 --- a/docs/docs/design/ttl_scans.md +++ b/docs/docs/design/ttl_scans.md @@ -44,7 +44,7 @@ metadata: report: artifact: repository: fluxcd/source-controller - tag: v0.18.5 + tag: v0.19.0-rc registry: server: ghcr.io scanner: diff --git a/docs/index.md b/docs/index.md index 416a106ea..6a6863f9b 100644 --- a/docs/index.md +++ b/docs/index.md @@ -5,7 +5,7 @@ The Trivy Operator leverages [Trivy](https://github.com/aquasecurity/trivy) to continuously scan your Kubernetes cluster for security issues. The scans are summarised in security reports as Kubernetes [Custom Resource Definitions], which become accessible through the Kubernetes API. The Operator does this by watching Kubernetes for state changes and automatically triggering security scans in response. For example, a vulnerability scan is initiated when a new Pod is created. This way, users can find and view the risks that relate to different resources in a `Kubernetes-native` way. -## In-cluster Security Scans +## In-cluster Security Scans The Trivy Operator automatically generates and updates security reports. These reports are generated in response to new workload and other changes on a Kubernetes cluster, generating the following reports: @@ -14,7 +14,7 @@ The Trivy Operator automatically generates and updates security reports. These r - Exposed Secret Scans: Automated secret scans which find and detail the location of exposed Secrets within your cluster. - RBAC scans: Role Based Access Control scans provide detailed information on the access rights of the different resources installed. - K8s core component infra assessment scan Kubernetes infra core components (etcd,apiserver,scheduler,controller-manager and etc) setting and configuration. -- k8s outdated api validation - a configaudit check will validate if the resource api has been deprecated and planned for removal +- k8s outdated api validation - a configaudit check will validate if the resource api has been deprecated and planned for removal - Compliance reports - NSA, CISA Kubernetes Hardening Guidance v1.1 cybersecurity technical report is produced. - CIS Kubernetes Benchmark v1.23 cybersecurity technical report is produced. @@ -66,7 +66,7 @@ Install the Helm Chart: helm install trivy-operator oci://ghcr.io/aquasecurity/helm-charts/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.20.6 + --version 0.21.0-rc ``` This will install the Trivy Helm Chart into the `trivy-system` namespace and start triggering the scans. @@ -82,40 +82,21 @@ At this early stage we would love your feedback on the overall concept of Trivy- contributions integrating different security tools so that users can access security information in standard, Kubernetes-native ways. -* See [Contributing] for information about setting up your development environment, and the contribution workflow that +- See [Contributing] for information about setting up your development environment, and the contribution workflow that we expect. -* Please ensure that you are following our [Code Of Conduct](https://github.com/aquasecurity/community/blob/main/CODE_OF_CONDUCT.md) during any interaction with the Aqua projects and their community. +- Please ensure that you are following our [Code Of Conduct](https://github.com/aquasecurity/community/blob/main/CODE_OF_CONDUCT.md) during any interaction with the Aqua projects and their community. --- Trivy-Operator is an [Aqua Security](https://aquasec.com) open source project. Learn about our [Open Source Work and Portfolio]. Join the community, and talk to us about any matter in [GitHub Discussions] or [Slack]. -[release-img]: https://img.shields.io/github/release/aquasecurity/trivy-operator.svg?logo=github -[release]: https://github.com/aquasecurity/trivy-operator/releases -[action-build-img]: https://github.com/aquasecurity/trivy-operator/actions/workflows/build.yaml/badge.svg -[action-build]: https://github.com/aquasecurity/trivy-operator/actions/workflows/build.yaml -[action-release-snapshot-img]: https://github.com/aquasecurity/trivy-operator/actions/workflows/release-snapshot.yaml/badge.svg -[action-release-snapshot]: https://github.com/aquasecurity/trivy-operator/actions/workflows/release-snapshot.yaml -[cov-img]: https://codecov.io/github/aquasecurity/trivy-operator/branch/main/graph/badge.svg -[cov]: https://codecov.io/github/aquasecurity/trivy-operator -[report-card-img]: https://goreportcard.com/badge/github.com/aquasecurity/trivy-operator -[report-card]: https://goreportcard.com/report/github.com/aquasecurity/trivy-operator -[license-img]: https://img.shields.io/github/license/aquasecurity/trivy-operator.svg -[license]: https://github.com/aquasecurity/trivy-operator/blob/main/LICENSE -[github-all-releases-img]: https://img.shields.io/github/downloads/aquasecurity/trivy-operator/total?logo=github -[docker-pulls-trivy-operator]: https://img.shields.io/docker/pulls/aquasec/trivy-operator?logo=docker&label=docker%20pulls%20%2F%20trivy%20operator [Contributing]: https://github.com/aquasecurity/trivy-operator/blob/main/CONTRIBUTING.md [GitHub Discussions]: https://github.com/aquasecurity/trivy-operator/discussions [Slack]: https://slack.aquasec.com/ [Open Source Work and Portfolio]: https://www.aquasec.com/products/open-source-projects/ [Custom Resource Definitions]: https://aquasecurity.github.io/trivy-operator/latest/docs/crds/ -[Go module]: https://pkg.go.dev/github.com/aquasecurity/trivy-operator/pkg [Documentation]: https://aquasecurity.github.io/trivy-operator/latest [Static YAML Manifests]: https://aquasecurity.github.io/trivy-operator/latest/getting-started/installation/kubectl/ [getting-started-operator]: https://aquasecurity.github.io/trivy-operator/latest/ -[Kubernetes operator]: https://aquasecurity.github.io/trivy-operator/latest - -[Lens Extension]: https://github.com/aquasecurity/trivy-operator-lens-extension -[kubectl]: https://kubernetes.io/docs/reference/kubectl \ No newline at end of file diff --git a/docs/tutorials/private-registries.md b/docs/tutorials/private-registries.md index 65ffb2898..f79601aa4 100644 --- a/docs/tutorials/private-registries.md +++ b/docs/tutorials/private-registries.md @@ -303,4 +303,4 @@ data: The last way that you could give the Trivy operator access to your private container registry is through managed registries. In this case, the container registry and your Kubernetes cluster would have to be on the same cloud provider; then you can define access to your container namespace as part of the IAM account. Once defined, trivy will already have the permissions for the registry. -For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.18.5/docs/vulnerability-scanning/managed-registries/) +For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.19.0-rc/docs/vulnerability-scanning/managed-registries/) diff --git a/itest/helper/helper.go b/itest/helper/helper.go index ec1e34c61..44b30fa23 100644 --- a/itest/helper/helper.go +++ b/itest/helper/helper.go @@ -236,7 +236,7 @@ var ( trivyScanner = v1alpha1.Scanner{ Name: v1alpha1.ScannerNameTrivy, Vendor: "Aqua Security", - Version: "0.18.5", + Version: "v0.19.0-rc", } ) diff --git a/mkdocs.yml b/mkdocs.yml index ff8fd188f..697ad1230 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -89,8 +89,8 @@ extra: method: mike provider: mike var: - prev_git_tag: "v0.18.4" - chart_version: "0.20.6" + prev_git_tag: "v0.18.5" + chart_version: "0.21.0-rc" plugins: - search