dtrack-defectdojo-automation/trivy-operator-integration.md

# Integration of the Trivy Operator in Kubernetes with DefectDojo

## Installation of the Trivy Operator

*namespace*
```
security
```

*install.sh* 
```
#!/bin/bash

NAMESPACE=$(cat namespace)
VERSION=0.28.1


helm repo add aqua https://aquasecurity.github.io/helm-charts/
helm repo update
helm upgrade --install trivy-operator aqua/trivy-operator \
  -f values.yml \
  --namespace $NAMESPACE \
  --version $VERSION
```

*values.yml*
trivy:
  timeout: "10m0s"
operator:
  scanJobTimeout: 10m
targetNamespaces: "homea"
```

If `targetNamespaces` is skipped, all namespaces will be scanned. If only a limited set of namespaces shall be scanned, put those namespace comma-separated into this option.


## Installation of the Trivy Dojo Report Operator

*namespace*
```
security
```

*install.sh*
```
#!/bin/bash

NAMESPACE=$(cat namespace)
VERSION=0.8.8

helm repo add trivy-dojo-report-operator https://telekom-mms.github.io/trivy-dojo-report-operator/
helm repo update
helm install chart-name trivy-dojo-report-operator/trivy-dojo-report-operator \
  -f values.yml \
  --namespace $NAMESPACE \
  --version $VERSION
```

*values.yml*
```
defectDojoApiCredentials:
  apiKey: "geheim"
  url: "https://defectdojo.hottis.de"
operator:
  trivyDojoReportOperator:
    env:
      defectDojoEvalEngagementName: "true"
      defectDojoEngagementName: "body['report']['artifact']['tag']"
      defectDojoEvalProductName: "true"
      defectDojoProductName: "meta['namespace']+':'+meta['name']"
```

Make sure to set the correct apiKey. And make sure not to store it in a repo. A secure approach will be provided.

Details on this operator can be found [here](https://medium.com/@alexander.murylev/implementing-centralized-security-scanning-across-multiple-kubernetes-clusters-with-trivy-and-989f3d5b0f4a) and [here](https://github.com/telekom-mms/trivy-dojo-report-operator).