From cc8f5295e32433d87a1f60f00c7e18b6644ba59f Mon Sep 17 00:00:00 2001 From: chenk Date: Wed, 20 Mar 2024 15:51:28 +0200 Subject: [PATCH 1/2] release: prepare v0.19.1 Signed-off-by: chenk --- CONTRIBUTING.md | 2 +- README.md | 4 +- RELEASING.md | 10 ++--- deploy/helm/Chart.yaml | 4 +- deploy/helm/README.md | 5 +-- deploy/helm/templates/configmaps/trivy.yaml | 4 +- deploy/helm/templates/specs/cis-1.23.yaml | 2 +- deploy/helm/templates/specs/nsa-1.0.yaml | 2 +- deploy/helm/templates/specs/pss-baseline.yaml | 2 +- .../helm/templates/specs/pss-restricted.yaml | 2 +- deploy/static/namespace.yaml | 2 +- deploy/static/trivy-operator.yaml | 38 +++++++++---------- docs/docs/crds/clustercompliance-report.md | 2 +- docs/docs/crds/configaudit-report.md | 2 +- docs/docs/crds/exposedsecret-report.md | 2 +- docs/docs/crds/rbacassessment-report.md | 2 +- .../caching_scan_results_by_repo_digest.md | 4 +- docs/docs/design/design_compliance_report.md | 4 +- .../design_starboard_at_scale.excalidraw | 4 +- ..._scan_job_in_same_namespace_of_workload.md | 2 +- docs/docs/design/ttl_scans.md | 2 +- docs/index.md | 2 +- docs/tutorials/private-registries.md | 2 +- itest/helper/helper.go | 2 +- mkdocs.yml | 4 +- 25 files changed, 55 insertions(+), 56 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5f84ec5d7..d25b06138 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -351,7 +351,7 @@ kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manage or ``` -curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.21.0/install.sh -o install.sh +curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.21.1/install.sh -o install.sh chmod +x install.sh ./install.sh v0.20.0 ``` diff --git a/README.md b/README.md index 5c4adaf30..bb9b82d7a 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,7 @@ Install the Helm Chart: helm install trivy-operator aqua/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.21.0 + --version 0.21.1 ``` #### Option 2: Install from OCI registry (supported in Helm v3.8.0+) @@ -78,7 +78,7 @@ Install the Helm Chart: helm install trivy-operator oci://ghcr.io/aquasecurity/helm-charts/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.21.0 + --version 0.21.1 ``` This will install the Trivy Helm Chart into the `trivy-system` namespace and start triggering the scans. diff --git a/RELEASING.md b/RELEASING.md index a800c32d9..684bfdbff 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -46,17 +46,17 @@ 5. Create an annotated git tag and push it to the `upstream`. This will trigger the [`.github/workflows/release.yaml`] workflow ```sh - git tag -v0.19.0 -m 'Release v0.19.0' - git push upstream v0.19.0 + git tag -v0.19.1 -m 'Release v0.19.1' + git push upstream v0.19.1 ``` 6. Verify that the `release` workflow has built and published the following artifacts 1. Trivy-operator container images published to DockerHub - `docker.io/aquasec/trivy-operator:0.19.0` + `docker.io/aquasec/trivy-operator:0.19.1` 2. Trivy-operator container images published to Amazon ECR Public Gallery - `public.ecr.aws/aquasecurity/trivy-operator:0.19.0` + `public.ecr.aws/aquasecurity/trivy-operator:0.19.1` 3. Trivy-operator container images published to GitHub Container Registry - `ghcr.io/aquasecurity/trivy-operator:0.19.0` + `ghcr.io/aquasecurity/trivy-operator:0.19.1` 7. Submit trivy-operator Operator to OperatorHub and ArtifactHUB by opening the PR to the repository. diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml index 1f1d733be..c53dc9676 100644 --- a/deploy/helm/Chart.yaml +++ b/deploy/helm/Chart.yaml @@ -6,12 +6,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.21.0 +version: 0.21.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.19.0 +appVersion: 0.19.1 # kubeVersion: A SemVer range of compatible Kubernetes versions (optional) diff --git a/deploy/helm/README.md b/deploy/helm/README.md index d80f9d4d0..2b548626b 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -1,6 +1,6 @@ # trivy-operator -![Version: 0.21.0](https://img.shields.io/badge/Version-0.21.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.19.0](https://img.shields.io/badge/AppVersion-0.19.0-informational?style=flat-square) +![Version: 0.21.1](https://img.shields.io/badge/Version-0.21.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.19.1](https://img.shields.io/badge/AppVersion-0.19.1-informational?style=flat-square) Keeps security report resources updated @@ -174,7 +174,7 @@ Keeps security report resources updated | trivyOperator.additionalReportLabels | string | `""` | additionalReportLabels comma-separated representation of the labels which the user wants the scanner pods to be labeled with. Example: `foo=bar,env=stage` will labeled the reports with the labels `foo: bar` and `env: stage` | | trivyOperator.configAuditReportsPlugin | string | `"Trivy"` | configAuditReportsPlugin the name of the plugin that generates config audit reports. | | trivyOperator.metricsResourceLabelsPrefix | string | `"k8s_label_"` | metricsResourceLabelsPrefix Prefix that will be prepended to the labels names indicated in `reportResourceLabels` when including them in the Prometheus metrics | -| trivyOperator.policiesConfig | string | `""` | policiesConfig Custom Rego Policies to be used by the config audit scanner See https://github.com/aquasecurity/trivy-operator/blob/main/docs/tutorials/writing-custom-configuration-audit-policies.md for more details. | +| trivyOperator.policiesConfig | string | `""` | policiesConfig Custom Rego Policies to be used by the config audit scanner See for more details. | | trivyOperator.reportRecordFailedChecksOnly | bool | `true` | reportRecordFailedChecksOnly flag is to record only failed checks on misconfiguration reports (config-audit and rbac assessment) | | trivyOperator.reportResourceLabels | string | `""` | reportResourceLabels comma-separated scanned resource labels which the user wants to include in the Prometheus metrics report. Example: `owner,app` | | trivyOperator.scanJobAffinity | list | `[]` | scanJobAffinity affinity to be applied to the scanner pods and node-collector | @@ -195,4 +195,3 @@ Keeps security report resources updated | volumeMounts[0].readOnly | bool | `false` | | | volumes[0].emptyDir | object | `{}` | | | volumes[0].name | string | `"cache-policies"` | | - diff --git a/deploy/helm/templates/configmaps/trivy.yaml b/deploy/helm/templates/configmaps/trivy.yaml index 4dfae4182..d60b7c684 100644 --- a/deploy/helm/templates/configmaps/trivy.yaml +++ b/deploy/helm/templates/configmaps/trivy.yaml @@ -79,7 +79,7 @@ data: {{- end }} {{- if .Values.trivy.ignoreFile }} trivy.ignoreFile: | - {{- range .Values.trivy.ignoreFile }} +{{- range .Values.trivy.ignoreFile }} {{ . | indent 4 }} {{- end }} {{- end }} @@ -95,7 +95,7 @@ data: {{- else }} trivy.mode: {{ .Values.trivy.mode | quote }} {{- if eq .Values.trivy.mode "ClientServer" }} - trivy.serverURL: {{ required ".Values.trivy.serverURL is required" .Values.trivy.serverURL | quote }} + trivy.serverURL: {{ required ".Values.trivy.serverUrl is required" .Values.trivy.serverUrl | quote }} {{- with .Values.trivy.clientServerSkipUpdate }} trivy.clientServerSkipUpdate: {{ . | quote }} {{- end }} diff --git a/deploy/helm/templates/specs/cis-1.23.yaml b/deploy/helm/templates/specs/cis-1.23.yaml index 372e9d302..d032adfcb 100644 --- a/deploy/helm/templates/specs/cis-1.23.yaml +++ b/deploy/helm/templates/specs/cis-1.23.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.19.0 + app.kubernetes.io/version: 0.19.1 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote}} diff --git a/deploy/helm/templates/specs/nsa-1.0.yaml b/deploy/helm/templates/specs/nsa-1.0.yaml index c0a655bec..d02f04745 100644 --- a/deploy/helm/templates/specs/nsa-1.0.yaml +++ b/deploy/helm/templates/specs/nsa-1.0.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/helm/templates/specs/pss-baseline.yaml b/deploy/helm/templates/specs/pss-baseline.yaml index 313b1cdee..fc39ae206 100644 --- a/deploy/helm/templates/specs/pss-baseline.yaml +++ b/deploy/helm/templates/specs/pss-baseline.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.19.0 + app.kubernetes.io/version: 0.19.1 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/helm/templates/specs/pss-restricted.yaml b/deploy/helm/templates/specs/pss-restricted.yaml index 0558a7323..ee1460c22 100644 --- a/deploy/helm/templates/specs/pss-restricted.yaml +++ b/deploy/helm/templates/specs/pss-restricted.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.19.0 + app.kubernetes.io/version: 0.19.1 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/static/namespace.yaml b/deploy/static/namespace.yaml index b32991643..d6add274e 100644 --- a/deploy/static/namespace.yaml +++ b/deploy/static/namespace.yaml @@ -6,5 +6,5 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml index 8c812f295..67847ab5e 100644 --- a/deploy/static/trivy-operator.yaml +++ b/deploy/static/trivy-operator.yaml @@ -2864,7 +2864,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl --- # Source: trivy-operator/templates/configmaps/operator.yaml @@ -2876,7 +2876,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl data: nodeCollector.volumes: "[{\"hostPath\":{\"path\":\"/var/lib/etcd\"},\"name\":\"var-lib-etcd\"},{\"hostPath\":{\"path\":\"/var/lib/kubelet\"},\"name\":\"var-lib-kubelet\"},{\"hostPath\":{\"path\":\"/var/lib/kube-scheduler\"},\"name\":\"var-lib-kube-scheduler\"},{\"hostPath\":{\"path\":\"/var/lib/kube-controller-manager\"},\"name\":\"var-lib-kube-controller-manager\"},{\"hostPath\":{\"path\":\"/etc/systemd\"},\"name\":\"etc-systemd\"},{\"hostPath\":{\"path\":\"/lib/systemd\"},\"name\":\"lib-systemd\"},{\"hostPath\":{\"path\":\"/etc/kubernetes\"},\"name\":\"etc-kubernetes\"},{\"hostPath\":{\"path\":\"/etc/cni/net.d/\"},\"name\":\"etc-cni-netd\"}]" @@ -2900,7 +2900,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl data: --- @@ -2913,7 +2913,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl data: OPERATOR_LOG_DEV_MODE: "false" @@ -2965,7 +2965,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl data: trivy.repository: "ghcr.io/aquasecurity/trivy" @@ -3001,7 +3001,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl data: --- @@ -3014,7 +3014,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl data: --- @@ -3027,7 +3027,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl spec: replicas: 1 @@ -3047,7 +3047,7 @@ spec: automountServiceAccountToken: true containers: - name: "trivy-operator" - image: "ghcr.io/aquasecurity/trivy-operator:0.19.0" + image: "ghcr.io/aquasecurity/trivy-operator:0.19.1" imagePullPolicy: IfNotPresent env: - name: OPERATOR_NAMESPACE @@ -3108,7 +3108,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl spec: @@ -3501,7 +3501,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3522,7 +3522,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl rules: - apiGroups: @@ -3549,7 +3549,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3569,7 +3569,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl rules: - apiGroups: @@ -3599,7 +3599,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3619,7 +3619,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3644,7 +3644,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3669,7 +3669,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3694,5 +3694,5 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" app.kubernetes.io/managed-by: kubectl diff --git a/docs/docs/crds/clustercompliance-report.md b/docs/docs/crds/clustercompliance-report.md index f3c011f95..0b6e1a68c 100644 --- a/docs/docs/crds/clustercompliance-report.md +++ b/docs/docs/crds/clustercompliance-report.md @@ -1346,7 +1346,7 @@ status: "app.kubernetes.io/instance": "trivy-operator", "app.kubernetes.io/managed-by": "kubectl", "app.kubernetes.io/name": "trivy-operator", - "app.kubernetes.io/version": "0.19.0" + "app.kubernetes.io/version": "0.19.1" }, "name": "cis", "resourceVersion": "8985", diff --git a/docs/docs/crds/configaudit-report.md b/docs/docs/crds/configaudit-report.md index 267770d75..163d20612 100644 --- a/docs/docs/crds/configaudit-report.md +++ b/docs/docs/crds/configaudit-report.md @@ -34,7 +34,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: '0.19.0' + version: '0.19.1' summary: criticalCount: 2 highCount: 0 diff --git a/docs/docs/crds/exposedsecret-report.md b/docs/docs/crds/exposedsecret-report.md index a481fe61e..da272b8c9 100644 --- a/docs/docs/crds/exposedsecret-report.md +++ b/docs/docs/crds/exposedsecret-report.md @@ -33,7 +33,7 @@ metadata: report: artifact: repository: myimagewithsecret - tag: v0.19.0 + tag: v0.19.1 registry: server: index.docker.io scanner: diff --git a/docs/docs/crds/rbacassessment-report.md b/docs/docs/crds/rbacassessment-report.md index 1ecc3de5b..22efcd6cb 100644 --- a/docs/docs/crds/rbacassessment-report.md +++ b/docs/docs/crds/rbacassessment-report.md @@ -176,7 +176,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: '0.19.0' + version: '0.19.1' summary: criticalCount: 1 highCount: 0 diff --git a/docs/docs/design/caching_scan_results_by_repo_digest.md b/docs/docs/design/caching_scan_results_by_repo_digest.md index 9454c86a7..e4085beb0 100644 --- a/docs/docs/design/caching_scan_results_by_repo_digest.md +++ b/docs/docs/design/caching_scan_results_by_repo_digest.md @@ -129,5 +129,5 @@ We can't use something like ownerReference since it would delete all vulnerabili a gate. * Both Trivy-Operator CLI and Trivy-Operator Operator can read and leverage ClusterVulnerabilityReports. -[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.19.0/integrations/vulnerability-scanners/trivy/#standalone -[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.19.0/integrations/vulnerability-scanners/trivy/#clientserver +[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.19.1/integrations/vulnerability-scanners/trivy/#standalone +[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.19.1/integrations/vulnerability-scanners/trivy/#clientserver diff --git a/docs/docs/design/design_compliance_report.md b/docs/docs/design/design_compliance_report.md index 2b13ed8f5..3df503fed 100644 --- a/docs/docs/design/design_compliance_report.md +++ b/docs/docs/design/design_compliance_report.md @@ -542,7 +542,7 @@ metadata: name: clustercompliancereports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" spec: group: aquasecurity.github.io scope: Cluster @@ -678,7 +678,7 @@ metadata: name: clustercompliancedetailreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.19.0" + app.kubernetes.io/version: "0.19.1" spec: group: aquasecurity.github.io versions: diff --git a/docs/docs/design/design_starboard_at_scale.excalidraw b/docs/docs/design/design_starboard_at_scale.excalidraw index 94f26482a..de4b04c8d 100644 --- a/docs/docs/design/design_starboard_at_scale.excalidraw +++ b/docs/docs/design/design_starboard_at_scale.excalidraw @@ -11835,7 +11835,7 @@ "versionNonce": 596868769, "isDeleted": false, "boundElementIds": null, - "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: scan-vulnerabilityreport-\n namespace: trivy-system\nspec:\n template:\n spec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.19.0\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n restartPolicy: Never\n backoffLimit: 1", + "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: scan-vulnerabilityreport-\n namespace: trivy-system\nspec:\n template:\n spec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.19.1\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n restartPolicy: Never\n backoffLimit: 1", "fontSize": 20, "fontFamily": 3, "textAlign": "left", @@ -11895,7 +11895,7 @@ "boundElementIds": [], "fontSize": 20, "fontFamily": 3, - "text": "apiVersion: v1\nkind: Pod\nmetadata:\n name: scan-vulnerabilityreport--\n namespace: trivy-system\nspec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.19.0\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n", + "text": "apiVersion: v1\nkind: Pod\nmetadata:\n name: scan-vulnerabilityreport--\n namespace: trivy-system\nspec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.19.1\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n", "baseline": 259, "textAlign": "left", "verticalAlign": "top" diff --git a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md index 38f1f4074..d90afc31c 100644 --- a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md +++ b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md @@ -219,6 +219,6 @@ With this approach trivy operator will not have to worry about managing(create/d - As we will run scan job with service account of workload and if there are some very strict PSP defined in the cluster then scan job will be blocked due to the PSP. -[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.19.0/integrations/managed-registries/#amazon-elastic-container-registry-ecr +[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.19.1/integrations/managed-registries/#amazon-elastic-container-registry-ecr [IAM role to service account]: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html [Trivy fs command]: https://github.com/aquasecurity/trivy-operator/blob/main/docs/design/design_trivy_file_system_scanner.md diff --git a/docs/docs/design/ttl_scans.md b/docs/docs/design/ttl_scans.md index b1582d87a..1cf76d18c 100644 --- a/docs/docs/design/ttl_scans.md +++ b/docs/docs/design/ttl_scans.md @@ -44,7 +44,7 @@ metadata: report: artifact: repository: fluxcd/source-controller - tag: v0.19.0 + tag: v0.19.1 registry: server: ghcr.io scanner: diff --git a/docs/index.md b/docs/index.md index 3ced02078..d53b81f53 100644 --- a/docs/index.md +++ b/docs/index.md @@ -66,7 +66,7 @@ Install the Helm Chart: helm install trivy-operator oci://ghcr.io/aquasecurity/helm-charts/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.21.0 + --version 0.21.1 ``` This will install the Trivy Helm Chart into the `trivy-system` namespace and start triggering the scans. diff --git a/docs/tutorials/private-registries.md b/docs/tutorials/private-registries.md index 3f79109d9..7616dd28c 100644 --- a/docs/tutorials/private-registries.md +++ b/docs/tutorials/private-registries.md @@ -303,4 +303,4 @@ data: The last way that you could give the Trivy operator access to your private container registry is through managed registries. In this case, the container registry and your Kubernetes cluster would have to be on the same cloud provider; then you can define access to your container namespace as part of the IAM account. Once defined, trivy will already have the permissions for the registry. -For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.19.0/docs/vulnerability-scanning/managed-registries/) +For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.19.1/docs/vulnerability-scanning/managed-registries/) diff --git a/itest/helper/helper.go b/itest/helper/helper.go index 7d0a09157..59e0ea281 100644 --- a/itest/helper/helper.go +++ b/itest/helper/helper.go @@ -236,7 +236,7 @@ var ( trivyScanner = v1alpha1.Scanner{ Name: v1alpha1.ScannerNameTrivy, Vendor: "Aqua Security", - Version: "0.19.0", + Version: "0.19.1", } ) diff --git a/mkdocs.yml b/mkdocs.yml index fc444398d..da525951d 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -89,8 +89,8 @@ extra: method: mike provider: mike var: - prev_git_tag: "v0.18.5" - chart_version: "0.21.0" + prev_git_tag: "v0.19.0" + chart_version: "0.21.1" plugins: - search From 23721f23d4d4a5f7c37501d6fa098f653f9dfa46 Mon Sep 17 00:00:00 2001 From: chenk Date: Wed, 20 Mar 2024 15:58:29 +0200 Subject: [PATCH 2/2] release: prepare v0.19.1 Signed-off-by: chenk --- deploy/helm/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/helm/README.md b/deploy/helm/README.md index 2b548626b..c3fd2359c 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -174,7 +174,7 @@ Keeps security report resources updated | trivyOperator.additionalReportLabels | string | `""` | additionalReportLabels comma-separated representation of the labels which the user wants the scanner pods to be labeled with. Example: `foo=bar,env=stage` will labeled the reports with the labels `foo: bar` and `env: stage` | | trivyOperator.configAuditReportsPlugin | string | `"Trivy"` | configAuditReportsPlugin the name of the plugin that generates config audit reports. | | trivyOperator.metricsResourceLabelsPrefix | string | `"k8s_label_"` | metricsResourceLabelsPrefix Prefix that will be prepended to the labels names indicated in `reportResourceLabels` when including them in the Prometheus metrics | -| trivyOperator.policiesConfig | string | `""` | policiesConfig Custom Rego Policies to be used by the config audit scanner See for more details. | +| trivyOperator.policiesConfig | string | `""` | policiesConfig Custom Rego Policies to be used by the config audit scanner See https://github.com/aquasecurity/trivy-operator/blob/main/docs/tutorials/writing-custom-configuration-audit-policies.md for more details. | | trivyOperator.reportRecordFailedChecksOnly | bool | `true` | reportRecordFailedChecksOnly flag is to record only failed checks on misconfiguration reports (config-audit and rbac assessment) | | trivyOperator.reportResourceLabels | string | `""` | reportResourceLabels comma-separated scanned resource labels which the user wants to include in the Prometheus metrics report. Example: `owner,app` | | trivyOperator.scanJobAffinity | list | `[]` | scanJobAffinity affinity to be applied to the scanner pods and node-collector | @@ -195,3 +195,4 @@ Keeps security report resources updated | volumeMounts[0].readOnly | bool | `false` | | | volumes[0].emptyDir | object | `{}` | | | volumes[0].name | string | `"cache-policies"` | | +