Trivy Config Schema¶
Note
This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.
Return to the root config schema
https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/trivy
Configure Trivy Operator.
Trivy automatically scans the cluster for vulnerabilities, misconfigurations, and exposed secrets.
| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
|---|---|---|---|---|---|---|---|
| Can be instantiated | No | Unknown status | No | Forbidden | Forbidden | none | config/schemas/config.yaml* |
TYPE:
object (Trivy Config)
PROPERTIES:
| Property | Type | Required | Nullable | Defined by |
|---|---|---|---|---|
| enabled | boolean |
Required | cannot be null | Compliant Kubernetes Apps Config |
| excludeNamespaces | string |
Optional | cannot be null | Compliant Kubernetes Apps Config |
| scanJobs | object |
Optional | cannot be null | Compliant Kubernetes Apps Config |
| scanner | object |
Optional | cannot be null | Compliant Kubernetes Apps Config |
| vulnerabilityScanner | object |
Optional | cannot be null | Compliant Kubernetes Apps Config |
| serviceMonitor | object |
Optional | cannot be null | Compliant Kubernetes Apps Config |
| nodeCollector | object |
Optional | cannot be null | Compliant Kubernetes Apps Config |
| resources | object |
Optional | cannot be null | Compliant Kubernetes Apps Config |
| tolerations | array |
Optional | cannot be null | Compliant Kubernetes Apps Config |
| affinity | object |
Optional | cannot be null | Compliant Kubernetes Apps Config |
\w+Enabled$ |
boolean |
Optional | cannot be null | Compliant Kubernetes Apps Config |
enabled¶
enabled
-
is required
-
Type:
boolean(Trivy Config Enabled) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
boolean (Trivy Config Enabled)
DEFAULTS:
The default value is:
true
excludeNamespaces¶
Configure a comma separated list of namespaces (or glob patterns) to be excluded from Trivy scanners.
excludeNamespaces
-
is optional
-
Type:
string(Trivy Config Excluded Namespaces) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
string (Trivy Config Excluded Namespaces)
scanJobs¶
Configure the scan jobs created by Trivy.
scanJobs
-
is optional
-
Type:
object(Trivy Scan Jobs) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object (Trivy Scan Jobs)
scanner¶
Configure the scanner used by Trivy.
Note
Many of these must be configured to support an air-gapped environment. See the admin documentation for reference.
scanner
-
is optional
-
Type:
object(Trivy Scanner) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object (Trivy Scanner)
vulnerabilityScanner¶
Configure the vulnerability scanner for Trivy.
vulnerabilityScanner
-
is optional
-
Type:
object(Trivy Vulnerability Scanner) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object (Trivy Vulnerability Scanner)
serviceMonitor¶
Configure the service monitor collecting metrics from Trivy.
serviceMonitor
-
is optional
-
Type:
object(Trivy Service Monitor) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object (Trivy Service Monitor)
nodeCollector¶
Configure the node collector created by Trivy.
nodeCollector
-
is optional
-
Type:
object(Trivy Node Collector) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object (Trivy Node Collector)
resources¶
Resource requests are used by the kube-scheduler to pick a node to schedule pods on.
Limits are enforced. Resources are commonly 'cpu' and 'memory'.
resources
-
is optional
-
Type:
object(Kubernetes Resource Requirements) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object (Kubernetes Resource Requirements)
EXAMPLES:
requests:
memory: 128Mi
cpu: 100m
limits:
memory: 256Mi
cpu: 250m
tolerations¶
Kubernetes Tolerations
Kubernetes taint and toleration
tolerations
-
is optional
-
Type: an array of merged types (Details)
-
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
an array of merged types (Details)
affinity¶
Affinity is a group of affinity scheduling rules.
affinity
-
is optional
-
Type:
object(Affinity) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object (Affinity)
Pattern: \w+Enabled$¶
Enable or disable various security scanners
This definition applies to any key that ends with 'Enabled', which are all booleans. In the future it may be desirable to replace this with individual entries under
propertiesin order to provide documentation for each scanner.
\w+Enabled$
-
is optional
-
Type:
boolean -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
boolean
Return to the root config schema
Generated Sat Jun 22 03:48:20 UTC 2024 from elastisys/compliantkubernetes-apps@main