secureCodeBox · J12934 · Mar 7, 2025 · Mar 5, 2025 · Mar 7, 2025
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
@@ -57,4 +57,5 @@ Committing with `git commit -s` will add the sign-off at the end of the commit m
 - Tobias Stenby Brixen <kind.job1347@fastmail.com>
 - Eline Henriksen <mains.moon.0x@icloud.com>
 - Michael Kruggel <michael.kruggel@defenseunicorns.com>
-- Ochi Daiki <lbfdeatq@gmail.com>
+- Ochi Daiki <lbfdeatq@gmail.com>
+- Kai Schäfer <kai.schaefer@claranet.com>
diff --git a/scanners/trivy/templates/trivy-database-cache.yaml b/scanners/trivy/templates/trivy-database-cache.yaml
@@ -37,6 +37,10 @@ spec:
       labels:
         app: trivy-database
     spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       containers:
       - name: trivy-database
         image: "{{ .Values.scanner.image.repository }}:{{ .Values.scanner.image.tag | default .Chart.AppVersion }}"

diff --git a/scanners/trivy/templates/trivy-scan-type.yaml b/scanners/trivy/templates/trivy-scan-type.yaml
@@ -154,6 +154,10 @@ spec:
       {{- end }}
       template:
         spec:
+          {{- with .Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           restartPolicy: OnFailure
           affinity:
             {{- toYaml .Values.scanner.affinity | nindent 12 }}
@@ -216,6 +220,10 @@ spec:
             {{- toYaml .Values.scanner.affinity | nindent 12 }}
           tolerations: 
             {{- toYaml .Values.scanner.tolerations | nindent 12 }}
+          {{- with .Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           containers:
             - name: trivy
               image: "{{ .Values.scanner.image.repository }}:{{ .Values.scanner.image.tag | default .Chart.AppVersion }}"
@@ -267,6 +275,10 @@ spec:
       {{- end }}
       template:
         spec:
+          {{- with .Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           restartPolicy: OnFailure
           affinity:
             {{- toYaml .Values.scanner.affinity | nindent 12 }}

diff --git a/scanners/trivy/tests/__snapshot__/scanner_test.yaml.snap b/scanners/trivy/tests/__snapshot__/scanner_test.yaml.snap
@@ -61,6 +61,8 @@ matches the snapshot:
                 initialDelaySeconds: 5
                 periodSeconds: 10
                 successThreshold: 1
+          imagePullSecrets:
+            - name: foo
   3: |
     apiVersion: execution.securecodebox.io/v1
     kind: ParseDefinition
@@ -256,6 +258,8 @@ matches the snapshot:
                   volumeMounts: []
                 - image: bar
                   name: foo
+              imagePullSecrets:
+                - name: foo
               restartPolicy: OnFailure
               tolerations:
                 - foo: bar
@@ -307,6 +311,8 @@ matches the snapshot:
                   volumeMounts: []
                 - image: bar
                   name: foo
+              imagePullSecrets:
+                - name: foo
               restartPolicy: OnFailure
               tolerations:
                 - foo: bar
@@ -357,6 +363,8 @@ matches the snapshot:
                   volumeMounts: []
                 - image: bar
                   name: foo
+              imagePullSecrets:
+                - name: foo
               restartPolicy: OnFailure
               serviceAccountName: trivy-k8s
               tolerations: