initial
This commit is contained in:
8
.gitignore
vendored
Normal file
8
.gitignore
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
ENV
|
||||
defs/
|
||||
*/.venv/
|
||||
__pycache__/
|
||||
.*.swp
|
||||
tmp/
|
||||
secrets.txt
|
||||
|
||||
53
install.sh
Executable file
53
install.sh
Executable file
@ -0,0 +1,53 @@
|
||||
#!/bin/bash
|
||||
|
||||
TRIVY_OPERATOR_VERSION=0.28.1
|
||||
TRIVY_DOJO_OPERATOR_VERSION=0.8.8
|
||||
|
||||
|
||||
NAMESPACE=security
|
||||
TRIVY_OPERATOR_NAME=trivy-operator
|
||||
TRIVY_DOJO_OPERATOR_NAME=trivy-dojo-operator
|
||||
|
||||
kubectl create namespace $NAMESPACE \
|
||||
--dry-run=client \
|
||||
-o yaml | \
|
||||
kubectl -f - apply
|
||||
|
||||
|
||||
if [ -f secrets.txt ]; then
|
||||
. secrets.txt
|
||||
else
|
||||
if [ "$GPG_PASSPHRASE" = "" ]; then
|
||||
echo "gpg passphrase for secret decrypting not set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
SECRETS_FILE=`mktemp`
|
||||
gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
|
||||
. $SECRETS_FILE
|
||||
rm $SECRETS_FILE
|
||||
fi
|
||||
|
||||
kubectl create secret generic ${TRIVY_DOJO_OPERATOR_NAME}-trivy-dojo-report-operator-defect-dojo-api-credentials \
|
||||
--dry-run=client \
|
||||
-o yaml \
|
||||
--save-config \
|
||||
--from-literal=apiKey="$DOJO_API_KEY" \
|
||||
--from-literal=url="$DOJO_URL" | \
|
||||
kubectl apply -f - -n $NAMESPACE
|
||||
|
||||
|
||||
helm repo add aqua https://aquasecurity.github.io/helm-charts/
|
||||
helm repo update
|
||||
helm upgrade --install $TRIVY_OPERATOR_NAME aqua/trivy-operator \
|
||||
-f values-trivy-operator.yml \
|
||||
--namespace $NAMESPACE \
|
||||
--version $TRIVY_OPERATOR_VERSION
|
||||
|
||||
helm repo add trivy-dojo-report-operator https://telekom-mms.github.io/trivy-dojo-report-operator/
|
||||
helm repo update
|
||||
helm upgrade --install $TRIVY_DOJO_OPERATOR_NAME trivy-dojo-report-operator/trivy-dojo-report-operator \
|
||||
-f values-trivy-dojo-operator.yml \
|
||||
--namespace $NAMESPACE \
|
||||
--version $TRIVY_DOJO_OPERATOR_VERSION
|
||||
|
||||
8
secrets.asc
Normal file
8
secrets.asc
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
jA0ECQMIm1olSwhkMHD+0psBVajxT2yy+YxRX0iYWm48OHeo7aLMtQLfrrFSDTNq
|
||||
uENsy11GeUdMoZhbEgRGO1ARp1dSgGuFQ8ZI4aAkg1k5wa6T4lM8PLedrTPWMzY2
|
||||
hqXMVxYiG0sYblA7N2hWTRLjpEGaMTkDO4RkiZuRJdWUFxB813/vUD5waQKXBJLe
|
||||
fxCDLWqhX9NcCZCYfgKXufdlDuGSbkd5yqmrDQ==
|
||||
=BBCk
|
||||
-----END PGP MESSAGE-----
|
||||
9
values-trivy-dojo-operator.yml
Normal file
9
values-trivy-dojo-operator.yml
Normal file
@ -0,0 +1,9 @@
|
||||
defectDojoApiCredentials:
|
||||
createSecret: false
|
||||
operator:
|
||||
trivyDojoReportOperator:
|
||||
env:
|
||||
defectDojoEvalEngagementName: "true"
|
||||
defectDojoEngagementName: "body['report']['artifact']['tag']"
|
||||
defectDojoEvalProductName: "true"
|
||||
defectDojoProductName: "meta['namespace']+':'+meta['name']"
|
||||
6
values-trivy-operator.yml
Normal file
6
values-trivy-operator.yml
Normal file
@ -0,0 +1,6 @@
|
||||
trivy:
|
||||
timeout: "10m0s"
|
||||
operator:
|
||||
scanJobTimeout: 10m
|
||||
targetNamespaces: "homea"
|
||||
|
||||
Reference in New Issue
Block a user