diff --git a/RELEASING.md b/RELEASING.md index 3a8d0620d..ebaeac6e5 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -46,17 +46,17 @@ 5. Create an annotated git tag and push it to the `upstream`. This will trigger the [`.github/workflows/release.yaml`] workflow ```sh - git tag -v0.18.0-rc2 -m 'Release v0.18.0-rc2' - git push upstream v0.18.0-rc2 + git tag -v0.18.0 -m 'Release v0.18.0' + git push upstream v0.18.0 ``` 6. Verify that the `release` workflow has built and published the following artifacts 1. Trivy-operator container images published to DockerHub - `docker.io/aquasec/trivy-operator:0.18.0-rc2` + `docker.io/aquasec/trivy-operator:0.18.0` 2. Trivy-operator container images published to Amazon ECR Public Gallery - `public.ecr.aws/aquasecurity/trivy-operator:0.18.0-rc2` + `public.ecr.aws/aquasecurity/trivy-operator:0.18.0` 3. Trivy-operator container images published to GitHub Container Registry - `ghcr.io/aquasecurity/trivy-operator:0.18.0-rc2` + `ghcr.io/aquasecurity/trivy-operator:0.18.0` 7. Submit trivy-operator Operator to OperatorHub and ArtifactHUB by opening the PR to the repository. diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml index deecc180c..6c0c5ee11 100644 --- a/deploy/helm/Chart.yaml +++ b/deploy/helm/Chart.yaml @@ -6,12 +6,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.20.0-rc2 +version: 0.20.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.18.0-rc2 +appVersion: 0.18.0 # kubeVersion: A SemVer range of compatible Kubernetes versions (optional) diff --git a/deploy/helm/README.md b/deploy/helm/README.md index 07a159019..8faa389f8 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -1,6 +1,6 @@ # trivy-operator -![Version: 0.20.0-rc2](https://img.shields.io/badge/Version-0.20.0--rc2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.18.0-rc2](https://img.shields.io/badge/AppVersion-0.18.0--rc2-informational?style=flat-square) +![Version: 0.20.0](https://img.shields.io/badge/Version-0.20.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.18.0](https://img.shields.io/badge/AppVersion-0.18.0-informational?style=flat-square) Keeps security report resources updated diff --git a/deploy/helm/templates/specs/cis-1.23.yaml b/deploy/helm/templates/specs/cis-1.23.yaml index 7c8ce3d9f..9af694dbd 100644 --- a/deploy/helm/templates/specs/cis-1.23.yaml +++ b/deploy/helm/templates/specs/cis-1.23.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.0-rc2 + app.kubernetes.io/version: 0.18.0 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote}} diff --git a/deploy/helm/templates/specs/nsa-1.0.yaml b/deploy/helm/templates/specs/nsa-1.0.yaml index 49d980692..442ddce78 100644 --- a/deploy/helm/templates/specs/nsa-1.0.yaml +++ b/deploy/helm/templates/specs/nsa-1.0.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/helm/templates/specs/pss-baseline.yaml b/deploy/helm/templates/specs/pss-baseline.yaml index 2ee24e5f8..1387b2e15 100644 --- a/deploy/helm/templates/specs/pss-baseline.yaml +++ b/deploy/helm/templates/specs/pss-baseline.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.0-rc2 + app.kubernetes.io/version: 0.18.0 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/helm/templates/specs/pss-restricted.yaml b/deploy/helm/templates/specs/pss-restricted.yaml index 142b2caa1..0b4183103 100644 --- a/deploy/helm/templates/specs/pss-restricted.yaml +++ b/deploy/helm/templates/specs/pss-restricted.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.0-rc2 + app.kubernetes.io/version: 0.18.0 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/static/namespace.yaml b/deploy/static/namespace.yaml index 6bd0691a1..1b6d88088 100644 --- a/deploy/static/namespace.yaml +++ b/deploy/static/namespace.yaml @@ -6,5 +6,5 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml index 655c07cc6..fe8ed871b 100644 --- a/deploy/static/trivy-operator.yaml +++ b/deploy/static/trivy-operator.yaml @@ -2730,7 +2730,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl --- # Source: trivy-operator/templates/configmaps/operator.yaml @@ -2742,7 +2742,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl data: nodeCollector.volumes: "[{\"hostPath\":{\"path\":\"/var/lib/etcd\"},\"name\":\"var-lib-etcd\"},{\"hostPath\":{\"path\":\"/var/lib/kubelet\"},\"name\":\"var-lib-kubelet\"},{\"hostPath\":{\"path\":\"/var/lib/kube-scheduler\"},\"name\":\"var-lib-kube-scheduler\"},{\"hostPath\":{\"path\":\"/var/lib/kube-controller-manager\"},\"name\":\"var-lib-kube-controller-manager\"},{\"hostPath\":{\"path\":\"/etc/systemd\"},\"name\":\"etc-systemd\"},{\"hostPath\":{\"path\":\"/lib/systemd\"},\"name\":\"lib-systemd\"},{\"hostPath\":{\"path\":\"/etc/kubernetes\"},\"name\":\"etc-kubernetes\"},{\"hostPath\":{\"path\":\"/etc/cni/net.d/\"},\"name\":\"etc-cni-netd\"}]" @@ -2764,7 +2764,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl data: --- @@ -2777,7 +2777,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl data: trivy.repository: "ghcr.io/aquasecurity/trivy" @@ -2813,7 +2813,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl --- # Source: trivy-operator/templates/secrets/trivy.yaml @@ -2825,7 +2825,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl data: --- @@ -2838,7 +2838,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl spec: replicas: 1 @@ -2858,7 +2858,7 @@ spec: automountServiceAccountToken: true containers: - name: "trivy-operator" - image: "ghcr.io/aquasecurity/trivy-operator:0.18.0-rc2" + image: "ghcr.io/aquasecurity/trivy-operator:0.18.0" imagePullPolicy: IfNotPresent env: - name: OPERATOR_NAMESPACE @@ -2987,7 +2987,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl spec: @@ -3379,7 +3379,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3400,7 +3400,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl rules: - apiGroups: @@ -3427,7 +3427,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3447,7 +3447,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl rules: - apiGroups: @@ -3477,7 +3477,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3497,7 +3497,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3522,7 +3522,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3547,7 +3547,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3572,5 +3572,5 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl diff --git a/docs/docs/crds/clustercompliance-report.md b/docs/docs/crds/clustercompliance-report.md index aa1b42caf..5f0986db8 100644 --- a/docs/docs/crds/clustercompliance-report.md +++ b/docs/docs/crds/clustercompliance-report.md @@ -1346,7 +1346,7 @@ status: "app.kubernetes.io/instance": "trivy-operator", "app.kubernetes.io/managed-by": "kubectl", "app.kubernetes.io/name": "trivy-operator", - "app.kubernetes.io/version": "0.18.0-rc2" + "app.kubernetes.io/version": "0.18.0" }, "name": "cis", "resourceVersion": "8985", diff --git a/docs/docs/crds/configaudit-report.md b/docs/docs/crds/configaudit-report.md index 9a1748d0c..1375ed9b4 100644 --- a/docs/docs/crds/configaudit-report.md +++ b/docs/docs/crds/configaudit-report.md @@ -34,7 +34,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: '0.18.0-rc2' + version: '0.18.0' summary: criticalCount: 2 highCount: 0 diff --git a/docs/docs/crds/exposedsecret-report.md b/docs/docs/crds/exposedsecret-report.md index f42e255d8..cf952f74f 100644 --- a/docs/docs/crds/exposedsecret-report.md +++ b/docs/docs/crds/exposedsecret-report.md @@ -33,7 +33,7 @@ metadata: report: artifact: repository: myimagewithsecret - tag: v0.18.0-rc2 + tag: v0.18.0 registry: server: index.docker.io scanner: diff --git a/docs/docs/crds/rbacassessment-report.md b/docs/docs/crds/rbacassessment-report.md index b6a46d78c..9e6ef4c87 100644 --- a/docs/docs/crds/rbacassessment-report.md +++ b/docs/docs/crds/rbacassessment-report.md @@ -176,7 +176,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: '0.18.0-rc2' + version: '0.18.0' summary: criticalCount: 1 highCount: 0 diff --git a/docs/docs/design/caching_scan_results_by_repo_digest.md b/docs/docs/design/caching_scan_results_by_repo_digest.md index ae21a4c7d..6e9294806 100644 --- a/docs/docs/design/caching_scan_results_by_repo_digest.md +++ b/docs/docs/design/caching_scan_results_by_repo_digest.md @@ -129,5 +129,5 @@ We can't use something like ownerReference since it would delete all vulnerabili a gate. * Both Trivy-Operator CLI and Trivy-Operator Operator can read and leverage ClusterVulnerabilityReports. -[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.18.0-rc2/integrations/vulnerability-scanners/trivy/#standalone -[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.18.0-rc2/integrations/vulnerability-scanners/trivy/#clientserver +[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.18.0/integrations/vulnerability-scanners/trivy/#standalone +[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.18.0/integrations/vulnerability-scanners/trivy/#clientserver diff --git a/docs/docs/design/design_compliance_report.md b/docs/docs/design/design_compliance_report.md index f75b6f8c6..3c16360cf 100644 --- a/docs/docs/design/design_compliance_report.md +++ b/docs/docs/design/design_compliance_report.md @@ -542,7 +542,7 @@ metadata: name: clustercompliancereports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" spec: group: aquasecurity.github.io scope: Cluster @@ -678,7 +678,7 @@ metadata: name: clustercompliancedetailreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" spec: group: aquasecurity.github.io versions: diff --git a/docs/docs/design/design_starboard_at_scale.excalidraw b/docs/docs/design/design_starboard_at_scale.excalidraw index 7d4b6fda6..fde33379a 100644 --- a/docs/docs/design/design_starboard_at_scale.excalidraw +++ b/docs/docs/design/design_starboard_at_scale.excalidraw @@ -11835,7 +11835,7 @@ "versionNonce": 596868769, "isDeleted": false, "boundElementIds": null, - "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: scan-vulnerabilityreport-\n namespace: trivy-system\nspec:\n template:\n spec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.0-rc2\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n restartPolicy: Never\n backoffLimit: 1", + "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: scan-vulnerabilityreport-\n namespace: trivy-system\nspec:\n template:\n spec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.0\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n restartPolicy: Never\n backoffLimit: 1", "fontSize": 20, "fontFamily": 3, "textAlign": "left", @@ -11895,7 +11895,7 @@ "boundElementIds": [], "fontSize": 20, "fontFamily": 3, - "text": "apiVersion: v1\nkind: Pod\nmetadata:\n name: scan-vulnerabilityreport--\n namespace: trivy-system\nspec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.0-rc2\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n", + "text": "apiVersion: v1\nkind: Pod\nmetadata:\n name: scan-vulnerabilityreport--\n namespace: trivy-system\nspec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.0\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n", "baseline": 259, "textAlign": "left", "verticalAlign": "top" diff --git a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md index 02c7f382b..feea38fd7 100644 --- a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md +++ b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md @@ -219,6 +219,6 @@ With this approach trivy operator will not have to worry about managing(create/d - As we will run scan job with service account of workload and if there are some very strict PSP defined in the cluster then scan job will be blocked due to the PSP. -[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.18.0-rc2/integrations/managed-registries/#amazon-elastic-container-registry-ecr +[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.18.0/integrations/managed-registries/#amazon-elastic-container-registry-ecr [IAM role to service account]: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html [Trivy fs command]: https://github.com/aquasecurity/trivy-operator/blob/main/docs/design/design_trivy_file_system_scanner.md diff --git a/docs/docs/design/ttl_scans.md b/docs/docs/design/ttl_scans.md index 012fb3bf7..bd2163fb9 100644 --- a/docs/docs/design/ttl_scans.md +++ b/docs/docs/design/ttl_scans.md @@ -44,7 +44,7 @@ metadata: report: artifact: repository: fluxcd/source-controller - tag: v0.18.0-rc2 + tag: v0.18.0 registry: server: ghcr.io scanner: diff --git a/docs/docs/vulnerability-scanning/managed-registries.md b/docs/docs/vulnerability-scanning/managed-registries.md index e6a5bc30b..3ba4358cd 100644 --- a/docs/docs/vulnerability-scanning/managed-registries.md +++ b/docs/docs/vulnerability-scanning/managed-registries.md @@ -40,7 +40,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.0-rc2" + app.kubernetes.io/version: "0.18.0" app.kubernetes.io/managed-by: kubectl azure.workload.identity/use: "true" annotations: diff --git a/docs/tutorials/private-registries.md b/docs/tutorials/private-registries.md index 6b1c8d43b..65fbd35df 100644 --- a/docs/tutorials/private-registries.md +++ b/docs/tutorials/private-registries.md @@ -303,4 +303,4 @@ data: The last way that you could give the Trivy operator access to your private container registry is through managed registries. In this case, the container registry and your Kubernetes cluster would have to be on the same cloud provider; then you can define access to your container namespace as part of the IAM account. Once defined, trivy will already have the permissions for the registry. -For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.18.0-rc2/docs/vulnerability-scanning/managed-registries/) +For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.18.0/docs/vulnerability-scanning/managed-registries/) diff --git a/itest/helper/helper.go b/itest/helper/helper.go index 0be53a85c..76bf5d1a0 100644 --- a/itest/helper/helper.go +++ b/itest/helper/helper.go @@ -236,7 +236,7 @@ var ( trivyScanner = v1alpha1.Scanner{ Name: v1alpha1.ScannerNameTrivy, Vendor: "Aqua Security", - Version: "0.18.0-rc2", + Version: "0.18.0", } ) diff --git a/mkdocs.yml b/mkdocs.yml index b60d0127e..4c070ec57 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -90,7 +90,7 @@ extra: provider: mike var: prev_git_tag: "v0.17.1" - chart_version: "0.20.0-rc2" + chart_version: "0.20.0" plugins: - search