Wolfgang Hottgenroth
e5fd8709a9
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
1.8 KiB
1.8 KiB
Integration of the Trivy Operator in Kubernetes with DefectDojo
Installation of the Trivy Operator
namespace
security
install.sh
#!/bin/bash
NAMESPACE=$(cat namespace)
VERSION=0.28.1
helm repo add aqua https://aquasecurity.github.io/helm-charts/
helm repo update
helm upgrade --install trivy-operator aqua/trivy-operator \
-f values.yml \
--namespace $NAMESPACE \
--version $VERSION
values.yml trivy: timeout: "10m0s" operator: scanJobTimeout: 10m targetNamespaces: "homea"
If `targetNamespaces` is skipped, all namespaces will be scanned. If only a limited set of namespaces shall be scanned, put those namespace comma-separated into this option.
## Installation of the Trivy Dojo Report Operator
*namespace*
security
*install.sh*
#!/bin/bash
NAMESPACE=$(cat namespace) VERSION=0.8.8
helm repo add trivy-dojo-report-operator https://telekom-mms.github.io/trivy-dojo-report-operator/
helm repo update
helm install chart-name trivy-dojo-report-operator/trivy-dojo-report-operator
-f values.yml
--namespace $NAMESPACE
--version $VERSION
*values.yml*
defectDojoApiCredentials: apiKey: "geheim" url: "https://defectdojo.hottis.de" operator: trivyDojoReportOperator: env: defectDojoEvalEngagementName: "true" defectDojoEngagementName: "body['report']['artifact']['tag']" defectDojoEvalProductName: "true" defectDojoProductName: "meta['namespace']+':'+meta['name']"
Make sure to set the correct apiKey. And make sure not to store it in a repo. A secure approach will be provided.
Details on this operator can be found [here](https://medium.com/@alexander.murylev/implementing-centralized-security-scanning-across-multiple-kubernetes-clusters-with-trivy-and-989f3d5b0f4a) and [here](https://github.com/telekom-mms/trivy-dojo-report-operator).