Merge pull request #57 from giantswarm/update-trivy-0.31.3

Update Trivy to upstream app version v0.30.4
giantswarm · Sep 15, 2022 · 7ed7eee · 7ed7eee
2 parents e55bb54 + 5262ebb
commit 7ed7eee
Show file tree

Hide file tree

Showing 9 changed files with 19 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Update to upstream version `0.4.17`/app version `0.30.4`.
+
 ## [0.5.0] - 2022-09-09
 
 ### Added

diff --git a/helm/trivy-app/Chart.yaml b/helm/trivy-app/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 0.29.2
+appVersion: 0.30.4
 annotations:
   application.giantswarm.io/team: "shield"
   config.giantswarm.io/version: 1.x.x
@@ -17,4 +17,4 @@ version: [[ .Version ]]
 
 dependencies:
 - name: trivy
-  version: 0.4.15
+  version: 0.4.17
diff --git a/helm/trivy-app/charts/trivy/Chart.yaml b/helm/trivy-app/charts/trivy/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: trivy
-version: 0.4.15
-appVersion: 0.27.0
+version: 0.4.17
+appVersion: 0.30.4
 description: Trivy helm chart
 keywords:
   - scanner

diff --git a/helm/trivy-app/charts/trivy/README.md b/helm/trivy-app/charts/trivy/README.md
@@ -73,6 +73,7 @@ The following table lists the configurable parameters of the Trivy chart and the
 | `trivy.cache.redis.enabled`           | Enable Redis as caching backend                                         | `false` |
 | `trivy.cache.redis.url`               | Specify redis connection url, e.g. redis://redis.redis.svc:6379         | `` |
 | `trivy.serverToken`                   | The token to authenticate Trivy client with Trivy server                | `` |
+| `trivy.existingSecret`                | existingSecret if an existing secret has been created outside the chart. Overrides gitHubToken, registryUsername, registryPassword, serverToken | `` |
 | `trivy.podAnnotations`                | Annotations for pods created by statefulset                             | `{}` |
 | `service.name`                        | If specified, the name used for the Trivy service                       |     |
 | `service.type`                        | Kubernetes service type                                                 | `ClusterIP` |
@@ -102,5 +103,5 @@ This chart uses a PersistentVolumeClaim to reduce the number of database downloa
 
 ## Caching
 
-You can specify a Redis server as cache backend. This Redis server has to be already present. You can use the [bitname chart](https://bitnami.com/stack/redis/helm).
+You can specify a Redis server as cache backend. This Redis server has to be already present. You can use the [bitnami chart](https://bitnami.com/stack/redis/helm).
 More Information about the caching backends can be found [here](https://github.com/aquasecurity/trivy#specify-cache-backend).
diff --git a/helm/trivy-app/charts/trivy/templates/secret.yaml b/helm/trivy-app/charts/trivy/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.trivy.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -12,3 +13,4 @@ data:
   TRIVY_USERNAME: {{ .Values.trivy.registryUsername | default "" | b64enc | quote }}
   TRIVY_PASSWORD: {{ .Values.trivy.registryPassword | default "" | b64enc | quote }}
 {{- end -}}
+{{- end }}
diff --git a/helm/trivy-app/charts/trivy/templates/statefulset.yaml b/helm/trivy-app/charts/trivy/templates/statefulset.yaml
@@ -110,7 +110,11 @@ spec:
             - configMapRef:
                 name: {{ include "trivy.fullname" . }}
             - secretRef:
+                {{- if not .Values.trivy.existingSecret }}
                 name: {{ include "trivy.fullname" . }}
+                {{- else }}
+                name: {{ .Values.trivy.existingSecret }}
+                {{- end }}
           ports:
             - name: trivy-http
               containerPort: {{ .Values.service.port }}

diff --git a/helm/trivy-app/charts/trivy/values.yaml b/helm/trivy-app/charts/trivy/values.yaml
@@ -120,6 +120,9 @@ trivy:
   labels: {}
   # serverToken is the token to authenticate Trivy client with Trivy server.
   serverToken: ""
+  # existingSecret if an existing secret has been created outside the chart.
+  # Overrides gitHubToken, registryUsername, registryPassword, serverToken
+  existingSecret: ""
 
 service:
   # If specified, the name used for the Trivy service.

diff --git a/helm/trivy-app/values.schema.json b/helm/trivy-app/values.schema.json
@@ -32,9 +32,6 @@
                         },
                         "repository": {
                             "type": "string"
-                        },
-                        "tag": {
-                            "type": "string"
                         }
                     }
                 },

diff --git a/helm/trivy-app/values.yaml b/helm/trivy-app/values.yaml
@@ -10,7 +10,6 @@ trivy:
     repository: giantswarm/trivy
     # Tag must also be updated to match in trivy-operator-app
     # If not set here, the image version is taken from the appVersion of the upstream chart.
-    tag: 0.29.2
   service:
     port:
   modules: