From 056ce8bac4301fb699f9dafbd1010d603e70ca7f Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <wolfgang.hottgenroth@icloud.com>
Date: Fri, 23 May 2025 14:55:01 +0200
Subject: [PATCH] initial

---
 .gitignore                     |  8 +++++
 install.sh                     | 53 ++++++++++++++++++++++++++++++++++
 secrets.asc                    |  8 +++++
 values-trivy-dojo-operator.yml |  9 ++++++
 values-trivy-operator.yml      |  6 ++++
 5 files changed, 84 insertions(+)
 create mode 100644 .gitignore
 create mode 100755 install.sh
 create mode 100644 secrets.asc
 create mode 100644 values-trivy-dojo-operator.yml
 create mode 100644 values-trivy-operator.yml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..fbc7d91
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,8 @@
+ENV
+defs/
+*/.venv/
+__pycache__/
+.*.swp
+tmp/
+secrets.txt
+
diff --git a/install.sh b/install.sh
new file mode 100755
index 0000000..ada9335
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+TRIVY_OPERATOR_VERSION=0.28.1
+TRIVY_DOJO_OPERATOR_VERSION=0.8.8
+
+
+NAMESPACE=security
+TRIVY_OPERATOR_NAME=trivy-operator
+TRIVY_DOJO_OPERATOR_NAME=trivy-dojo-operator
+
+kubectl create namespace $NAMESPACE \
+  --dry-run=client \
+  -o yaml | \
+  kubectl -f - apply
+
+
+if [ -f secrets.txt ]; then
+  . secrets.txt
+else
+  if [ "$GPG_PASSPHRASE" = "" ]; then
+    echo "gpg passphrase for secret decrypting not set"
+    exit 1
+  fi
+
+  SECRETS_FILE=`mktemp`
+  gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
+  . $SECRETS_FILE
+  rm $SECRETS_FILE
+fi
+
+kubectl create secret generic ${TRIVY_DOJO_OPERATOR_NAME}-trivy-dojo-report-operator-defect-dojo-api-credentials \
+  --dry-run=client \
+  -o yaml \
+  --save-config \
+  --from-literal=apiKey="$DOJO_API_KEY" \
+  --from-literal=url="$DOJO_URL" | \
+  kubectl apply -f - -n $NAMESPACE
+
+
+helm repo add aqua https://aquasecurity.github.io/helm-charts/
+helm repo update
+helm upgrade --install $TRIVY_OPERATOR_NAME aqua/trivy-operator \
+  -f values-trivy-operator.yml \
+  --namespace $NAMESPACE \
+  --version $TRIVY_OPERATOR_VERSION
+
+helm repo add trivy-dojo-report-operator https://telekom-mms.github.io/trivy-dojo-report-operator/
+helm repo update
+helm upgrade --install $TRIVY_DOJO_OPERATOR_NAME trivy-dojo-report-operator/trivy-dojo-report-operator \
+  -f values-trivy-dojo-operator.yml \
+  --namespace $NAMESPACE \
+  --version $TRIVY_DOJO_OPERATOR_VERSION
+
diff --git a/secrets.asc b/secrets.asc
new file mode 100644
index 0000000..90956de
--- /dev/null
+++ b/secrets.asc
@@ -0,0 +1,8 @@
+-----BEGIN PGP MESSAGE-----
+
+jA0ECQMIm1olSwhkMHD+0psBVajxT2yy+YxRX0iYWm48OHeo7aLMtQLfrrFSDTNq
+uENsy11GeUdMoZhbEgRGO1ARp1dSgGuFQ8ZI4aAkg1k5wa6T4lM8PLedrTPWMzY2
+hqXMVxYiG0sYblA7N2hWTRLjpEGaMTkDO4RkiZuRJdWUFxB813/vUD5waQKXBJLe
+fxCDLWqhX9NcCZCYfgKXufdlDuGSbkd5yqmrDQ==
+=BBCk
+-----END PGP MESSAGE-----
diff --git a/values-trivy-dojo-operator.yml b/values-trivy-dojo-operator.yml
new file mode 100644
index 0000000..18237de
--- /dev/null
+++ b/values-trivy-dojo-operator.yml
@@ -0,0 +1,9 @@
+defectDojoApiCredentials:
+  createSecret: false
+operator:
+  trivyDojoReportOperator:
+    env:
+      defectDojoEvalEngagementName: "true"
+      defectDojoEngagementName: "body['report']['artifact']['tag']"
+      defectDojoEvalProductName: "true"
+      defectDojoProductName: "meta['namespace']+':'+meta['name']"
diff --git a/values-trivy-operator.yml b/values-trivy-operator.yml
new file mode 100644
index 0000000..9c9fba9
--- /dev/null
+++ b/values-trivy-operator.yml
@@ -0,0 +1,6 @@
+trivy:
+  timeout: "10m0s"
+operator:
+  scanJobTimeout: 10m
+targetNamespaces: "homea"
+