Skip to content

Trivy Config Schema

Note

This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.

Return to the root config schema

https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/trivy

Configure Trivy Operator.

Trivy automatically scans the cluster for vulnerabilities, misconfigurations, and exposed secrets.

Abstract Extensible Status Identifiable Custom Properties Additional Properties Access Restrictions Defined In
Can be instantiated No Unknown status No Forbidden Forbidden none config/schemas/config.yaml*

TYPE:

object (Trivy Config)

PROPERTIES:

Property Type Required Nullable Defined by
enabled boolean Required cannot be null Welkin Apps Config
excludeNamespaces string Optional cannot be null Welkin Apps Config
scanJobs object Optional cannot be null Welkin Apps Config
scanner object Optional cannot be null Welkin Apps Config
vulnerabilityScanner object Optional cannot be null Welkin Apps Config
serviceMonitor object Optional cannot be null Welkin Apps Config
nodeCollector object Optional cannot be null Welkin Apps Config
resources object Optional cannot be null Welkin Apps Config
tolerations array Optional cannot be null Welkin Apps Config
affinity object Optional cannot be null Welkin Apps Config
\w+Enabled$ boolean Optional cannot be null Welkin Apps Config

enabled

enabled

TYPE:

boolean (Trivy Config Enabled)

DEFAULTS:

The default value is:

true

excludeNamespaces

Configure a comma separated list of namespaces (or glob patterns) to be excluded from Trivy scanners.

excludeNamespaces

TYPE:

string (Trivy Config Excluded Namespaces)

scanJobs

Configure the scan jobs created by Trivy.

scanJobs

TYPE:

object (Trivy Scan Jobs)

scanner

Configure the scanner used by Trivy.

Note

Many of these must be configured to support an air-gapped environment. See the admin documentation for reference.

scanner

TYPE:

object (Trivy Scanner)

vulnerabilityScanner

Configure the vulnerability scanner for Trivy.

vulnerabilityScanner

TYPE:

object (Trivy Vulnerability Scanner)

serviceMonitor

Configure the service monitor collecting metrics from Trivy.

serviceMonitor

TYPE:

object (Trivy Service Monitor)

nodeCollector

Configure the node collector created by Trivy.

nodeCollector

TYPE:

object (Trivy Node Collector)

resources

Resource requests are used by the kube-scheduler to pick a node to schedule pods on.

Limits are enforced. Resources are commonly 'cpu' and 'memory'.

resources

TYPE:

object (Kubernetes Resource Requirements)

EXAMPLES:

requests:
  memory: 128Mi
  cpu: 100m
limits:
  memory: 256Mi
  cpu: 250m

tolerations

Kubernetes Tolerations

Kubernetes taint and toleration

tolerations

TYPE:

an array of merged types (Details)

affinity

Affinity is a group of affinity scheduling rules.

affinity

TYPE:

object (Affinity)

Pattern: \w+Enabled$

Enable or disable various security scanners

This definition applies to any key that ends with 'Enabled', which are all booleans. In the future it may be desirable to replace this with individual entries under properties in order to provide documentation for each scanner.

\w+Enabled$

TYPE:

boolean

Return to the root config schema

Generated Sun Nov 17 03:51:36 UTC 2024 from elastisys/compliantkubernetes-apps@main