Wolfgang Hottgenroth
bcbca70496
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
1.8 KiB
1.8 KiB
Integration of the Trivy Operator in Kubernetes with DefectDojo
Installation of the Trivy Operator
namespace
security
install.sh
#!/bin/bash
NAMESPACE=$(cat namespace)
VERSION=0.28.1
helm repo add aqua https://aquasecurity.github.io/helm-charts/
helm repo update
helm upgrade --install trivy-operator aqua/trivy-operator \
-f values.yml \
--namespace $NAMESPACE \
--version $VERSION
values.yml
trivy:
timeout: "10m0s"
operator:
scanJobTimeout: 10m
targetNamespaces: "homea"
If targetNamespaces is skipped, all namespaces will be scanned. If only a limited set of namespaces shall be scanned, put those namespace comma-separated into this option.
Installation of the Trivy Dojo Report Operator
namespace
security
install.sh
#!/bin/bash
NAMESPACE=$(cat namespace)
VERSION=0.8.8
helm repo add trivy-dojo-report-operator https://telekom-mms.github.io/trivy-dojo-report-operator/
helm repo update
helm install chart-name trivy-dojo-report-operator/trivy-dojo-report-operator \
-f values.yml \
--namespace $NAMESPACE \
--version $VERSION
values.yml
defectDojoApiCredentials:
apiKey: "geheim"
url: "https://defectdojo.hottis.de"
operator:
trivyDojoReportOperator:
env:
defectDojoEvalEngagementName: "true"
defectDojoEngagementName: "body['report']['artifact']['tag']"
defectDojoEvalProductName: "true"
defectDojoProductName: "meta['namespace']+':'+meta['name']"
Make sure to set the correct apiKey. And make sure not to store it in a repo. A secure approach will be provided.