8000 Update / Fix `trivy k8s` scope and change default to `namespace` by J12934 · Pull Request #3025 · secureCodeBox/secureCodeBox · GitHub
[go: up one dir, main page]
Skip to content

Update / Fix trivy k8s scope and change default to namespace #3025

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Reet00 merged 8 commits into from
May 9, 2025
Merged

Update / Fix trivy k8s scope and change default to namespace #3025

Reet00 merged 8 commits into from
May 9, 2025

Conversation

@J12934
Copy link
Member
@J12934 J12934 commented May 7, 2025

Description

  • kubeauditScope never really made sense for trivy, this was always more of a copy paste misstake, taken from the kubeaudit scanner
  • Change default trivy k8sScanScope to namespace to make the default installation path easier / require less RBAC
    permissions
  • Fix / update required RBAC permissions for trivy k8s scan. The current RBAC setup was missing some permissions, which caused error logs by the scanner
  • Split example into a cluster wide and a namespaced example, to better clarify how it can be used.

Checklist

  • Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure that all your commits are signed-off and that you are added to the Contributors file.
  • Make sure that all CI finish successfully.
  • Optional (but appreciated): Make sure that all commits are Verified.

J12934 added 5 commits May 7, 2025 20:50
@J12934
Rename kubeauditScope to k8sScanScope
2af85b0 
kubeauditScope never really made sense for trivy, this was always more of a copy paste misstake, taken from the kubeaudit scanner

Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934
Change default trivy k8sScanScope to namespace to make the default in…
9954fa4 
…stallation path easier / require less RBAC permissions

Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934
Fix / update required RBAC permissions for trivy k8s scan
74316a1 
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934
Update trivy k8s examples for a cluster wide and a namespaced example
4077c2c 
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934
Add upgrading notes regarding trivy k8s changes
ff22411 
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934 J12934 self-assigned this May 7, 2025
@J12934 J12934 added bug Bugs breaking Changes requiring a major release labels May 7, 2025
@secureCodeBoxBot
Copy link
Contributor
secureCodeBoxBot commented May 7, 2025

This pull request includes breaking changes. Please make sure that you included the breaking changes and the steps required to upgrade in Upgrading.
✨ Thank you for your contribution! ✨

@netlify
Copy link
netlify bot commented May 7, 2025
edited
Loading

Deploy Preview for docs-securecodebox canceled.

Name Link
🔨 Latest commit 9a4ca20
🔍 Latest deploy log https://app.netlify.com/sites/docs-securecodebox/deploys/681ccb135d4fa40008bb15ea

@J12934 J12934 mentioned this pull request May 7, 2025
Merged
4 tasks
J12934 added 2 commits May 7, 2025 21:06
@J12934
Update trivy snapshot for now expected namespace mode by default
1b9fd64 
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934
Add unit test for k8sScanScope=cluster mode
345cd28 
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934 J12934 moved this from Triage to In Progress in secureCodeBox May 8, 2025
@J12934
Run trivy integration tests in cluster mode to allow it to scan the s…
9a4ca20 
…ecurecodebox-system namespace

Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@sonarqubecloud
Copy link
sonarqubecloud bot commented May 8, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-project-automation github-project-automation bot moved this from In Progress to Reviewer Approved in secureCodeBox May 9, 2025
@Reet00 Reet00 merged commit 280520b into secureCodeBox:main May 9, 2025
50 checks passed
@github-project-automation github-project-automation bot moved this from Reviewer Approved to Done in secureCodeBox May 9, 2025
@J12934 J12934 deleted the bugfix/correct-trivy-scope branch May 9, 2025 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Reet00 Reet00 Reet00 approved these changes

Assignees

@J12934 J12934

Labels

breaking Changes requiring a major release bug Bugs

Projects

secureCodeBox
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@J12934 @secureCodeBoxBot @Reet00
0