feat: add flag to disable secret scan

[josedonizetti]

Signed-off-by: Jose Donizetti jdbjunior@gmail.com

Description

I chose a design for this feature that I would prefer to refactor later, mostly because of #415. Configurations to enable/disable scanner are considered operatorConfig, and are done through env variables, which are not passed in the context of the scanning plugin. Scanning configurations are configured as a ConfigMap, considered trivyOperatorConfig, and passed as context to the plugin. Because of this separation I'm setting the options from operatorConfig into trivyOperatorConfig. Preferably I think we should only have one source of configuration, ConfigMap for all options related to the operator, which would be passed in the plugin context.

Note, I'm not talking about the specific scanner configmap (trivy-operator-trivy-config) which is yet another configuration file, specific only for the trivy plugin.

Related issues

• Close feat: add flag to disable exposedsecret scan #226

Remove this section if you don't have related PRs.

Checklist

• I've read the guidelines for contributing to this repository.
• I've added tests that prove my fix is effective or that my feature works.
• I've updated the documentation with the relevant information (if needed).

[erikgb]

Changes done LGTM, but shouldn't we also update the Helm chart (static resources) and config docs?

[josedonizetti]

@erikgb the pr is marked as draft, not ready for review.

[chen-keinan]

@josedonizetti maybe it better skipping the secret scanning on the trivy scan job command ,also good for performance , wdyt? :

If your scanning is slow, please try 'trivy image --security-checks vuln <image name>' to disable secret scanning