trivy dojo report operator

trivy-operator-integration.md

@@ -0,0 +1,78 @@
+# Integration of the Trivy Operator in Kubernetes with DefectDojo
+
+## Installation of the Trivy Operator
+
+*namespace*
+```
+security
+```
+
+*install.sh* 
+```
+#!/bin/bash
+
+NAMESPACE=$(cat namespace)
+VERSION=0.28.1
+
+
+helm repo add aqua https://aquasecurity.github.io/helm-charts/
+helm repo update
+helm upgrade --install trivy-operator aqua/trivy-operator \
+  -f values.yml \
+  --namespace $NAMESPACE \
+  --version $VERSION
+```
+
+*values.yml*
+trivy:
+  timeout: "10m0s"
+operator:
+  scanJobTimeout: 10m
+targetNamespaces: "homea"
+```
+
+If `targetNamespaces` is skipped, all namespaces will be scanned. If only a limited set of namespaces shall be scanned, put those namespace comma-separated into this option.
+
+
+## Installation of the Trivy Dojo Report Operator
+
+*namespace*
+```
+security
+```
+
+*install.sh*
+```
+#!/bin/bash
+
+NAMESPACE=$(cat namespace)
+VERSION=0.8.8
+
+helm repo add trivy-dojo-report-operator https://telekom-mms.github.io/trivy-dojo-report-operator/
+helm repo update
+helm install chart-name trivy-dojo-report-operator/trivy-dojo-report-operator \
+  -f values.yml \
+  --namespace $NAMESPACE \
+  --version $VERSION
+```
+
+*values.yml*
+```
+defectDojoApiCredentials:
+  apiKey: "geheim"
+  url: "https://defectdojo.hottis.de"
+operator:
+  trivyDojoReportOperator:
+    env:
+      defectDojoEvalEngagementName: "true"
+      defectDojoEngagementName: "body['report']['artifact']['tag']"
+      defectDojoEvalProductName: "true"
+      defectDojoProductName: "meta['namespace']+':'+meta['name']"
+```
+
+Make sure to set the correct apiKey. And make sure not to store it in a repo. A secure approach will be provided.
+
+Details on this operator can be found [here](https://medium.com/@alexander.murylev/implementing-centralized-security-scanning-across-multiple-kubernetes-clusters-with-trivy-and-989f3d5b0f4a) and [here](https://github.com/telekom-mms/trivy-dojo-report-operator).
+
+
+