New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: Updating documentation structure and content in the tutorial section #2333
Conversation
Anais Urlichs seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
@knqyf263 could you please review and merge the docs with the next release or similar? |
I don't have a strong opinion. I'm ok if Itay approves it. One thing to note is that we added some updates on our doc such as SBOM attestation. We need to make sure all the changes are reflected to this PR. |
@knqyf263 I've merged the main branch into this one in one of my last commits |
@knqyf263 just merged main into it |
@AnaisUrlichs Thanks. |
@@ -0,0 +1,452 @@ | |||
# Scan for vulnerabilities and misconfigurations of your OVHcloud Managed Kubernetes with Trivy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we sure this is a "first party" tutorial and not "third party"? do we want to maintain it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, we can't. The first party tutorial should be
- GitHub Actions
- We have an official action
- CircleCI
- Travis CI
- GitLab CI
- GitLab folks maintain our tutorial
- Bitbucket Pipelines
- We have an official repo
- (AWS CodePipeline)
- It should be moved to third party as the blog is written by AWS, not us.
- AWS Security Hub
- as we maintain asff.tpl
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm in addition to those we need tutorials such as Deploy the Trivy Operator through GitOps
Where do you see those?
|
||
How to add a tutorial | ||
|
||
1. Simply create a new `.md` file in the tutorials folder of the docs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there a specific place for "community tutorials" or just anywhere in tutorials? is this what the "tools" are for? if so, need to refine this instruction and also rename tools. otherwise lets clarify what tools are for
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would only accept tutorials here that we want to maintain e.g. installing Trivy Operator through Flux, Visualising Metrics in Grafana etc. or similar, re Trivy -- using Trivy in an air-gapped environment -- and similar -- otherwise, tutorials should be added in the additional resource section and just reference an external link. This is how I had it in mind
@itaysk @knqyf263 I made several changes based on your comments
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I said I was ok, but after all I left some comments😄
docs/home/installation.md
Outdated
@@ -248,6 +248,38 @@ podAnnotations: {} | |||
|
|||
> **Tip**: List all releases using `helm list`. | |||
|
|||
# Trivy Operator Installation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would add the Docker Extension as a tutorial and then link here to it since it does not seem too straightforward and is more about the use rather than the installation. What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
actually made the link to Trivy Operator part of the Helm installation. That makes more sense to me (didn't change much)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would add the Docker Extension as a tutorial and then link here to it since it does not seem too straightforward and is more about the use rather than the installation. What do you think?
Hmm. I thought Trivy Operator, Docker Extensions, and other tools would move to Integrations
or Tools
. Do we have links in the Installation
section to all the tools?
@@ -0,0 +1,125 @@ | |||
# Installing the Trivy-Operator through GitOps |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"CI/CD" section details how to run Trivy in CI/CD, but this section is how to install Trivy Operator through GitOps. I feel like this section is different from others.
Also, do we want to Trivy Operator things in the Trivy doc?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This boils down to the question -- if Trivy is marketed as the all in one security scanner, do we want to send people do one docs where they can discover all features or to different docs -- or moreover, at what point do we send people to different docs?
When Itay and I spoke, we agreed to put the tutorials first into the trivy docs and then at some point move them over to the operator docs when there are too many -- but this might be counterintuitive since links might not work like expected.
Independently, I could add the GitOps tutorial to the Kubernetes tutorial section
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When Itay and I spoke, we agreed to put the tutorials first into the trivy docs and then at some point move them over to the operator docs when there are too many -- but this might be counterintuitive since links might not work like expected.
Does it mean we will not have the same tutorial in the Trivy Operator doc? I just want to avoid duplication so that it could reduce the maintenance cost.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think of this more as "installing Trivy in k8s through GitOps" rather than "installing Trivy Operator through GitOps". In my mind Trivy Operator is just another face of Trivy. Does that make sense?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm ok with "installing Trivy in k8s through GitOps". I just wondered if we want to include all Trivy-related tools in the tutorial. For example, Docker Extension is also another face of Trivy. In that case, don't we have the same tutorial in the Trivy Operator doc? Where is the single truth of source?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Last time we discussed documentation for integrations, we said that:
- reference docs will live in the integration's own repo
- we will link from the menu of trivy docs to the individual readmes/docs or other projects
- tutorials will live in Trivy docs under dedicated tutorials sections covering different scenarios
Examples:
- Trivy github actions document with all possible options is in the readme of the action's repo. It is linked to from the integrations section of trivy docs. the tutorial for using trivy in github actions is in trivy docs and linked in the triby tutorials section.
- trivy semaphore document with all possible options is in the semaphore documentation. It is linked to from the integrations section of trivy docs. the tutorial for using trivy with semaphore is in the semaphore blog and linked in the trivy tutorials section.
does this still makes sense? @knqyf263 @AnaisUrlichs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We planned to put a link to Trivy Operator at the top header -- this turned now into Trivy Ecosystem linking to the external repos/docs -- so you are saying that you would like to keep it as Trivy Operator in the header and link to external tools in the integration section?
We could still have the Trivy Ecosystem overview somewhere -- maybe in an overview in integrations?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No I didn't mean to revert anything, just wanted to answer Teppei's comment. I think (?) this model I described still works with ecosystem page
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, we can keep Operator tutorials then.
mkdocs.yml
Outdated
- Tutorials: | ||
- Overview: tutorials/overview.md | ||
- Trivy Kubernetes: | ||
- Trivy K8s: tutorials/kubernetes/trivy-kubernetes.md |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Trivy K8s
is not clear. I think we should mention what users can do with this tutorial, e.g. "Cluster scanning" or something like that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe Kubernetes scanning
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
### Aqua Security Blog posts | ||
|
||
- Supply chain security best [practices][supply-chain-best-practices] | ||
- Supply chain [attacks][supply-chain-attacks] | ||
- | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They are not CKS relevant, no?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes but they are also not trivy-focused and teach people something
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, should we move these links to somewhere else? Otherwise, it looks like these links help users pass the CKS exam.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, it is study material, that's why I wanted to include it
@@ -0,0 +1,61 @@ | |||
# Additional References | |||
Below is a list of additional resources from the community. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Most of them are our blogs, not from the community.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, will add more community ones -- you have a point tho hahah
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We may want to have two sections:
- Additional References
- All of the contents are from Aqua (official)
- Community Tutorials
- All of the contents are from the community (unofficial)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I renamed it to additional resources -- the thing is that official vs unofficial is going to be a bit scarce, and people would have to look at multiple places that have the same goal
consider adding tekton tutorial: https://www.redhat.com/architect/cicd-pipeline-openshift-tekton |
mkdocs.yml
Outdated
- AWS CodePipeline: tutorials/integrations/aws-codepipeline.md | ||
- AWS Security Hub: tutorials/integrations/aws-security-hub.md | ||
- Additional Resources: | ||
- Tools: tutorials/other-resources/tools.md |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We moved Tools
to Ecosystem
. We don't need it anymore, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed it
docs/getting-started/installation.md
Outdated
- Scan public and private images that are either locally or in the Docker Hub. | ||
- Generate an SBOM for your container images. | ||
|
||
Watch the [tutorial for further information.](https://youtu.be/99tiVZLMujs) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As for Trivy Operator Installation
and Docker Desktop Extension
, can we just put "Other tools" and say See the
Ecosystem` tab?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
mkdocs.yml
Outdated
- Installation: home/installation.md | ||
- Tutorials: | ||
- Overview: tutorials/overview.md | ||
- Trivy Kubernetes: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not fixed yet?
mkdocs.yml
Outdated
- Tutorials: | ||
- Overview: tutorials/overview.md | ||
- Trivy Kubernetes: | ||
- Trivy K8s: tutorials/kubernetes/trivy-kubernetes.md |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
- Trivy Kubernetes: | ||
- Trivy K8s: tutorials/kubernetes/trivy-kubernetes.md | ||
- GitOps: tutorials/kubernetes/gitops.md | ||
- CI/CD: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we put CI/CD
on the Kubernetes
section? CI/CD integration is the first citizen in Trivy.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you mean?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah got it
mkdocs.yml
Outdated
- Tutorials: | ||
- Overview: tutorials/overview.md | ||
- Trivy Kubernetes: | ||
- Trivy K8s: tutorials/kubernetes/trivy-kubernetes.md |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left some small comments. I believe this is the last review.
| [Trivy Vulnerability Explorer][explorer] | Explore trivy vulnerability reports in your browser and create .trivyignore files interactively. Can be integrated in your CI/CD tooling with deep links. | | ||
|
||
|
||
## Official Trivy Tools |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
People might try unofficial tools first because community tools are listed first. Can we put official tools before community tools?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done :)
@knqyf263 could you please have another look 🙃 |
@AnaisUrlichs Would you resolve conflicts and merge the main branch? Then I hope we can merge this PR🤞 |
@knqyf263 merged main and resolved conflicts |
I saw several rendering errors and fixed them. Also, I added some small changes. |
@AnaisUrlichs Do you have two accounts? Looks like one of them has not signed CLA yet. |
Description
Checklist