docs: Updating documentation structure and content in the tutorial section #2333
Conversation
|
Anais Urlichs seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
AnaisUrlichs
changed the title
|
@knqyf263 could you please review and merge the docs with the next release or similar? |
|
I don't have a strong opinion. I'm ok if Itay approves it. One thing to note is that we added some updates on our doc such as SBOM attestation. We need to make sure all the changes are reflected to this PR. |
|
@knqyf263 I've merged the main branch into this one in one of my last commits |
AnaisUrlichs
requested review from
josedonizetti and
chen-keinan
as code owners
|
@knqyf263 just merged main into it |
|
@AnaisUrlichs Thanks. |
| @@ -0,0 +1,452 @@ | |||
| # Scan for vulnerabilities and misconfigurations of your OVHcloud Managed Kubernetes with Trivy | |||
There was a problem hiding this comment.
Are we sure this is a "first party" tutorial and not "third party"? do we want to maintain it?
There was a problem hiding this comment.
No, we can't. The first party tutorial should be
- GitHub Actions
- We have an official action
- CircleCI
- Travis CI
- GitLab CI
- GitLab folks maintain our tutorial
- Bitbucket Pipelines
- We have an official repo
- (AWS CodePipeline)
- It should be moved to third party as the blog is written by AWS, not us.
- AWS Security Hub
- as we maintain asff.tpl
There was a problem hiding this comment.
Hmm in addition to those we need tutorials such as Deploy the Trivy Operator through GitOps Where do you see those?
|
|
||
| How to add a tutorial | ||
|
|
||
| 1. Simply create a new `.md` file in the tutorials folder of the docs |
There was a problem hiding this comment.
is there a specific place for "community tutorials" or just anywhere in tutorials? is this what the "tools" are for? if so, need to refine this instruction and also rename tools. otherwise lets clarify what tools are for
There was a problem hiding this comment.
I would only accept tutorials here that we want to maintain e.g. installing Trivy Operator through Flux, Visualising Metrics in Grafana etc. or similar, re Trivy -- using Trivy in an air-gapped environment -- and similar -- otherwise, tutorials should be added in the additional resource section and just reference an external link. This is how I had it in mind
|
@itaysk @knqyf263 I made several changes based on your comments
|
docs/home/installation.md
Outdated
| @@ -248,6 +248,38 @@ podAnnotations: {} | |||
|
|
|||
| > **Tip**: List all releases using `helm list`. | |||
|
|
|||
| # Trivy Operator Installation | |||
There was a problem hiding this comment.
First of all, # is not shown in the navigator bar, so we should have a single # per a single page.
And do we want to put only Operator installation here though we have many related tools such as Docker Extension?
There was a problem hiding this comment.
I would add the Docker Extension as a tutorial and then link here to it since it does not seem too straightforward and is more about the use rather than the installation. What do you think?
There was a problem hiding this comment.
actually made the link to Trivy Operator part of the Helm installation. That makes more sense to me (didn't change much)
There was a problem hiding this comment.
I would add the Docker Extension as a tutorial and then link here to it since it does not seem too straightforward and is more about the use rather than the installation. What do you think?
Hmm. I thought Trivy Operator, Docker Extensions, and other tools would move to Integrations or Tools. Do we have links in the Installation section to all the tools?
| @@ -0,0 +1,125 @@ | |||
| # Installing the Trivy-Operator through GitOps | |||
There was a problem hiding this comment.
"CI/CD" section details how to run Trivy in CI/CD, but this section is how to install Trivy Operator through GitOps. I feel like this section is different from others.
Also, do we want to Trivy Operator things in the Trivy doc?
There was a problem hiding this comment.
This boils down to the question -- if Trivy is marketed as the all in one security scanner, do we want to send people do one docs where they can discover all features or to different docs -- or moreover, at what point do we send people to different docs?
When Itay and I spoke, we agreed to put the tutorials first into the trivy docs and then at some point move them over to the operator docs when there are too many -- but this might be counterintuitive since links might not work like expected.
Independently, I could add the GitOps tutorial to the Kubernetes tutorial section
There was a problem hiding this comment.
When Itay and I spoke, we agreed to put the tutorials first into the trivy docs and then at some point move them over to the operator docs when there are too many -- but this might be counterintuitive since links might not work like expected.
Does it mean we will not have the same tutorial in the Trivy Operator doc? I just want to avoid duplication so that it could reduce the maintenance cost.
There was a problem hiding this comment.
I think of this more as "installing Trivy in k8s through GitOps" rather than "installing Trivy Operator through GitOps". In my mind Trivy Operator is just another face of Trivy. Does that make sense?
There was a problem hiding this comment.
I'm ok with "installing Trivy in k8s through GitOps". I just wondered if we want to include all Trivy-related tools in the tutorial. For example, Docker Extension is also another face of Trivy. In that case, don't we have the same tutorial in the Trivy Operator doc? Where is the single truth of source?
There was a problem hiding this comment.
Last time we discussed documentation for integrations, we said that:
- reference docs will live in the integration's own repo
- we will link from the menu of trivy docs to the individual readmes/docs or other projects
- tutorials will live in Trivy docs under dedicated tutorials sections covering different scenarios
Examples:
- Trivy github actions document with all possible options is in the readme of the action's repo. It is linked to from the integrations section of trivy docs. the tutorial for using trivy in github actions is in trivy docs and linked in the triby tutorials section.
- trivy semaphore document with all possible options is in the semaphore documentation. It is linked to from the integrations section of trivy docs. the tutorial for using trivy with semaphore is in the semaphore blog and linked in the trivy tutorials section.
does this still makes sense? @knqyf263 @AnaisUrlichs
There was a problem hiding this comment.
We planned to put a link to Trivy Operator at the top header -- this turned now into Trivy Ecosystem linking to the external repos/docs -- so you are saying that you would like to keep it as Trivy Operator in the header and link to external tools in the integration section?
We could still have the Trivy Ecosystem overview somewhere -- maybe in an overview in integrations?
There was a problem hiding this comment.
No I didn't mean to revert anything, just wanted to answer Teppei's comment. I think (?) this model I described still works with ecosystem page
There was a problem hiding this comment.
OK, we can keep Operator tutorials then.
mkdocs.yml
Outdated
| - Tutorials: | ||
| - Overview: tutorials/overview.md | ||
| - Trivy Kubernetes: | ||
| - Trivy K8s: tutorials/kubernetes/trivy-kubernetes.md |
There was a problem hiding this comment.
Trivy K8s is not clear. I think we should mention what users can do with this tutorial, e.g. "Cluster scanning" or something like that.
| ### Aqua Security Blog posts | ||
|
|
||
| - Supply chain security best [practices][supply-chain-best-practices] | ||
| - Supply chain [attacks][supply-chain-attacks] | ||
| - | ||
|
|
There was a problem hiding this comment.
They are not CKS relevant, no?
There was a problem hiding this comment.
yes but they are also not trivy-focused and teach people something
There was a problem hiding this comment.
So, should we move these links to somewhere else? Otherwise, it looks like these links help users pass the CKS exam.
There was a problem hiding this comment.
Well, it is study material, that's why I wanted to include it
| @@ -0,0 +1,61 @@ | |||
| # Additional References | |||
| Below is a list of additional resources from the community. | |||
There was a problem hiding this comment.
Most of them are our blogs, not from the community.
There was a problem hiding this comment.
yes, will add more community ones -- you have a point tho hahah
There was a problem hiding this comment.
We may want to have two sections:
- Additional References
- All of the contents are from Aqua (official)
- Community Tutorials
- All of the contents are from the community (unofficial)
There was a problem hiding this comment.
I renamed it to additional resources -- the thing is that official vs unofficial is going to be a bit scarce, and people would have to look at multiple places that have the same goal
|
consider adding tekton tutorial: https://www.redhat.com/architect/cicd-pipeline-openshift-tekton |
mkdocs.yml
Outdated
| - AWS CodePipeline: tutorials/integrations/aws-codepipeline.md | ||
| - AWS Security Hub: tutorials/integrations/aws-security-hub.md | ||
| - Additional Resources: | ||
| - Tools: tutorials/other-resources/tools.md |
There was a problem hiding this comment.
We moved Tools to Ecosystem. We don't need it anymore, right?
docs/getting-started/installation.md
Outdated
| - Scan public and private images that are either locally or in the Docker Hub. | ||
| - Generate an SBOM for your container images. | ||
|
|
||
| Watch the [tutorial for further information.](https://youtu.be/99tiVZLMujs) |
There was a problem hiding this comment.
As for Trivy Operator Installation and Docker Desktop Extension, can we just put "Other tools" and say See the Ecosystem` tab?
mkdocs.yml
Outdated
| - Installation: home/installation.md | ||
| - Tutorials: | ||
| - Overview: tutorials/overview.md | ||
| - Trivy Kubernetes: |
mkdocs.yml
Outdated
| - Tutorials: | ||
| - Overview: tutorials/overview.md | ||
| - Trivy Kubernetes: | ||
| - Trivy K8s: tutorials/kubernetes/trivy-kubernetes.md |
| - Trivy Kubernetes: | ||
| - Trivy K8s: tutorials/kubernetes/trivy-kubernetes.md | ||
| - GitOps: tutorials/kubernetes/gitops.md | ||
| - CI/CD: |
There was a problem hiding this comment.
Can we put CI/CD on the Kubernetes section? CI/CD integration is the first citizen in Trivy.
mkdocs.yml
Outdated
| - Tutorials: | ||
| - Overview: tutorials/overview.md | ||
| - Trivy Kubernetes: | ||
| - Trivy K8s: tutorials/kubernetes/trivy-kubernetes.md |
| | [Trivy Vulnerability Explorer][explorer] | Explore trivy vulnerability reports in your browser and create .trivyignore files interactively. Can be integrated in your CI/CD tooling with deep links. | | ||
|
|
||
|
|
||
| ## Official Trivy Tools |
There was a problem hiding this comment.
People might try unofficial tools first because community tools are listed first. Can we put official tools before community tools?
|
@knqyf263 could you please have another look 🙃 |
|
@AnaisUrlichs Would you resolve conflicts and merge the main branch? Then I hope we can merge this PR🤞 |
|
@knqyf263 merged main and resolved conflicts |
|
I saw several rendering errors and fixed them. Also, I added some small changes. |
|
@AnaisUrlichs Do you have two accounts? Looks like one of them has not signed CLA yet. |
Description
Checklist