From cc1c4c3b96160b30858d4df36ecf517467564260 Mon Sep 17 00:00:00 2001 From: chenk Date: Tue, 12 Mar 2024 17:15:07 +0200 Subject: [PATCH] release: prepare v0.19.0-rc (#1908) * release: prepare v0.19.0-rc Signed-off-by: chenk * release: prepare v0.19.0-rc Signed-off-by: chenk --------- Signed-off-by: chenk --- CONTRIBUTING.md | 2 +- README.md | 7 +--- RELEASING.md | 10 ++--- deploy/helm/Chart.yaml | 4 +- deploy/helm/README.md | 2 +- deploy/helm/templates/specs/cis-1.23.yaml | 2 +- deploy/helm/templates/specs/nsa-1.0.yaml | 2 +- deploy/helm/templates/specs/pss-baseline.yaml | 2 +- .../helm/templates/specs/pss-restricted.yaml | 2 +- deploy/static/namespace.yaml | 2 +- deploy/static/trivy-operator.yaml | 38 +++++++++---------- docs/docs/crds/clustercompliance-report.md | 2 +- docs/docs/crds/configaudit-report.md | 2 +- docs/docs/crds/exposedsecret-report.md | 2 +- docs/docs/crds/rbacassessment-report.md | 2 +- .../caching_scan_results_by_repo_digest.md | 4 +- docs/docs/design/design_compliance_report.md | 4 +- .../design_starboard_at_scale.excalidraw | 4 +- ..._scan_job_in_same_namespace_of_workload.md | 2 +- docs/docs/design/ttl_scans.md | 2 +- docs/index.md | 29 +++----------- docs/tutorials/private-registries.md | 2 +- itest/helper/helper.go | 2 +- mkdocs.yml | 4 +- 24 files changed, 56 insertions(+), 78 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a15e22fe3..e5ec0ff9c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -351,7 +351,7 @@ kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manage or ``` -curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.6/install.sh -o install.sh +curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.21.0-rc/install.sh -o install.sh chmod +x install.sh ./install.sh v0.20.0 ``` diff --git a/README.md b/README.md index 91d05acc9..02dff3b07 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,7 @@ Install the Helm Chart: helm install trivy-operator aqua/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.20.6 + --version 0.21.0-rc ``` #### Option 2: Install from OCI registry (supported in Helm v3.8.0+) @@ -78,7 +78,7 @@ Install the Helm Chart: helm install trivy-operator oci://ghcr.io/aquasecurity/helm-charts/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.20.6 + --version 0.21.0-rc ``` This will install the Trivy Helm Chart into the `trivy-system` namespace and start triggering the scans. @@ -112,10 +112,7 @@ Join the community, and talk to us about any matter in [GitHub Discussions] or [ [action-release-snapshot]: https://github.com/aquasecurity/trivy-operator/actions/workflows/release-snapshot.yaml [report-card-img]: https://goreportcard.com/badge/github.com/aquasecurity/trivy-operator [report-card]: https://goreportcard.com/report/github.com/aquasecurity/trivy-operator -[license-img]: https://img.shields.io/github/license/aquasecurity/trivy-operator.svg -[license]: https://github.com/aquasecurity/trivy-operator/blob/main/LICENSE [github-all-releases-img]: https://img.shields.io/github/downloads/aquasecurity/trivy-operator/total?logo=github -[docker-pulls-trivy-operator]: https://img.shields.io/docker/pulls/aquasec/trivy-operator?logo=docker&label=docker%20pulls%20%2F%20trivy%20operator [Contributing]: CONTRIBUTING.md [GitHub Discussions]: https://github.com/aquasecurity/trivy-operator/discussions [Slack]: https://slack.aquasec.com/ diff --git a/RELEASING.md b/RELEASING.md index 8c2a60133..c07ae3e7e 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -46,17 +46,17 @@ 5. Create an annotated git tag and push it to the `upstream`. This will trigger the [`.github/workflows/release.yaml`] workflow ```sh - git tag -v0.18.5 -m 'Release v0.18.5' - git push upstream v0.18.5 + git tag -v0.19.0-rc -m 'Release v0.19.0-rc' + git push upstream v0.19.0-rc ``` 6. Verify that the `release` workflow has built and published the following artifacts 1. Trivy-operator container images published to DockerHub - `docker.io/aquasec/trivy-operator:0.18.5` + `docker.io/aquasec/trivy-operator:0.19.0-rc` 2. Trivy-operator container images published to Amazon ECR Public Gallery - `public.ecr.aws/aquasecurity/trivy-operator:0.18.5` + `public.ecr.aws/aquasecurity/trivy-operator:0.19.0-rc` 3. Trivy-operator container images published to GitHub Container Registry - `ghcr.io/aquasecurity/trivy-operator:0.18.5` + `ghcr.io/aquasecurity/trivy-operator:0.19.0-rc` 7. Submit trivy-operator Operator to OperatorHub and ArtifactHUB by opening the PR to the repository. diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml index 4b562cd94..e642763b6 100644 --- a/deploy/helm/Chart.yaml +++ b/deploy/helm/Chart.yaml @@ -6,12 +6,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.20.6 +version: 0.21.0-rc # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.18.5 +appVersion: 0.19.0-rc # kubeVersion: A SemVer range of compatible Kubernetes versions (optional) diff --git a/deploy/helm/README.md b/deploy/helm/README.md index 367d0186f..450cbe310 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -1,6 +1,6 @@ # trivy-operator -![Version: 0.20.6](https://img.shields.io/badge/Version-0.20.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.18.5](https://img.shields.io/badge/AppVersion-0.18.5-informational?style=flat-square) +![Version: 0.21.0-rc](https://img.shields.io/badge/Version-0.21.0--rc-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.19.0-rc](https://img.shields.io/badge/AppVersion-0.19.0--rc-informational?style=flat-square) Keeps security report resources updated diff --git a/deploy/helm/templates/specs/cis-1.23.yaml b/deploy/helm/templates/specs/cis-1.23.yaml index 6ec92a9f4..006748946 100644 --- a/deploy/helm/templates/specs/cis-1.23.yaml +++ b/deploy/helm/templates/specs/cis-1.23.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.5 + app.kubernetes.io/version: 0.19.0-rc app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote}} diff --git a/deploy/helm/templates/specs/nsa-1.0.yaml b/deploy/helm/templates/specs/nsa-1.0.yaml index 43109953c..a90b0f0b1 100644 --- a/deploy/helm/templates/specs/nsa-1.0.yaml +++ b/deploy/helm/templates/specs/nsa-1.0.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/helm/templates/specs/pss-baseline.yaml b/deploy/helm/templates/specs/pss-baseline.yaml index e7124854d..1f7b7fba8 100644 --- a/deploy/helm/templates/specs/pss-baseline.yaml +++ b/deploy/helm/templates/specs/pss-baseline.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.5 + app.kubernetes.io/version: 0.19.0-rc app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/helm/templates/specs/pss-restricted.yaml b/deploy/helm/templates/specs/pss-restricted.yaml index 3edc76ecb..f8335a401 100644 --- a/deploy/helm/templates/specs/pss-restricted.yaml +++ b/deploy/helm/templates/specs/pss-restricted.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.5 + app.kubernetes.io/version: 0.19.0-rc app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/static/namespace.yaml b/deploy/static/namespace.yaml index 8b5dcc735..48b9e93a2 100644 --- a/deploy/static/namespace.yaml +++ b/deploy/static/namespace.yaml @@ -6,5 +6,5 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml index c4fe4c876..164420742 100644 --- a/deploy/static/trivy-operator.yaml +++ b/deploy/static/trivy-operator.yaml @@ -2864,7 +2864,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl --- # Source: trivy-operator/templates/configmaps/operator.yaml @@ -2876,7 +2876,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl data: nodeCollector.volumes: "[{\"hostPath\":{\"path\":\"/var/lib/etcd\"},\"name\":\"var-lib-etcd\"},{\"hostPath\":{\"path\":\"/var/lib/kubelet\"},\"name\":\"var-lib-kubelet\"},{\"hostPath\":{\"path\":\"/var/lib/kube-scheduler\"},\"name\":\"var-lib-kube-scheduler\"},{\"hostPath\":{\"path\":\"/var/lib/kube-controller-manager\"},\"name\":\"var-lib-kube-controller-manager\"},{\"hostPath\":{\"path\":\"/etc/systemd\"},\"name\":\"etc-systemd\"},{\"hostPath\":{\"path\":\"/lib/systemd\"},\"name\":\"lib-systemd\"},{\"hostPath\":{\"path\":\"/etc/kubernetes\"},\"name\":\"etc-kubernetes\"},{\"hostPath\":{\"path\":\"/etc/cni/net.d/\"},\"name\":\"etc-cni-netd\"}]" @@ -2900,7 +2900,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl data: --- @@ -2913,7 +2913,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl data: OPERATOR_LOG_DEV_MODE: "false" @@ -2965,7 +2965,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl data: trivy.repository: "ghcr.io/aquasecurity/trivy" @@ -3001,7 +3001,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl data: --- @@ -3014,7 +3014,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl data: --- @@ -3027,7 +3027,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl spec: replicas: 1 @@ -3047,7 +3047,7 @@ spec: automountServiceAccountToken: true containers: - name: "trivy-operator" - image: "ghcr.io/aquasecurity/trivy-operator:0.18.5" + image: "ghcr.io/aquasecurity/trivy-operator:0.19.0-rc" imagePullPolicy: IfNotPresent env: - name: OPERATOR_NAMESPACE @@ -3108,7 +3108,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl spec: @@ -3501,7 +3501,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3522,7 +3522,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl rules: - apiGroups: @@ -3549,7 +3549,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3569,7 +3569,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl rules: - apiGroups: @@ -3599,7 +3599,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3619,7 +3619,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3644,7 +3644,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3669,7 +3669,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3694,5 +3694,5 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" app.kubernetes.io/managed-by: kubectl diff --git a/docs/docs/crds/clustercompliance-report.md b/docs/docs/crds/clustercompliance-report.md index 0586fa304..c0aac4f4a 100644 --- a/docs/docs/crds/clustercompliance-report.md +++ b/docs/docs/crds/clustercompliance-report.md @@ -1346,7 +1346,7 @@ status: "app.kubernetes.io/instance": "trivy-operator", "app.kubernetes.io/managed-by": "kubectl", "app.kubernetes.io/name": "trivy-operator", - "app.kubernetes.io/version": "0.18.5" + "app.kubernetes.io/version": "0.19.0-rc" }, "name": "cis", "resourceVersion": "8985", diff --git a/docs/docs/crds/configaudit-report.md b/docs/docs/crds/configaudit-report.md index 6dff40de3..2f1be6291 100644 --- a/docs/docs/crds/configaudit-report.md +++ b/docs/docs/crds/configaudit-report.md @@ -34,7 +34,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: '0.18.5' + version: '0.19.0-rc' summary: criticalCount: 2 highCount: 0 diff --git a/docs/docs/crds/exposedsecret-report.md b/docs/docs/crds/exposedsecret-report.md index 1bf4a87a2..25716698b 100644 --- a/docs/docs/crds/exposedsecret-report.md +++ b/docs/docs/crds/exposedsecret-report.md @@ -33,7 +33,7 @@ metadata: report: artifact: repository: myimagewithsecret - tag: v0.18.5 + tag: v0.19.0-rc registry: server: index.docker.io scanner: diff --git a/docs/docs/crds/rbacassessment-report.md b/docs/docs/crds/rbacassessment-report.md index fca9a9c61..a18ab4e34 100644 --- a/docs/docs/crds/rbacassessment-report.md +++ b/docs/docs/crds/rbacassessment-report.md @@ -176,7 +176,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: '0.18.5' + version: '0.19.0-rc' summary: criticalCount: 1 highCount: 0 diff --git a/docs/docs/design/caching_scan_results_by_repo_digest.md b/docs/docs/design/caching_scan_results_by_repo_digest.md index b14fa7c89..18278335e 100644 --- a/docs/docs/design/caching_scan_results_by_repo_digest.md +++ b/docs/docs/design/caching_scan_results_by_repo_digest.md @@ -129,5 +129,5 @@ We can't use something like ownerReference since it would delete all vulnerabili a gate. * Both Trivy-Operator CLI and Trivy-Operator Operator can read and leverage ClusterVulnerabilityReports. -[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.18.5/integrations/vulnerability-scanners/trivy/#standalone -[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.18.5/integrations/vulnerability-scanners/trivy/#clientserver +[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.19.0-rc/integrations/vulnerability-scanners/trivy/#standalone +[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.19.0-rc/integrations/vulnerability-scanners/trivy/#clientserver diff --git a/docs/docs/design/design_compliance_report.md b/docs/docs/design/design_compliance_report.md index 941e004db..84a3d8fc0 100644 --- a/docs/docs/design/design_compliance_report.md +++ b/docs/docs/design/design_compliance_report.md @@ -542,7 +542,7 @@ metadata: name: clustercompliancereports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" spec: group: aquasecurity.github.io scope: Cluster @@ -678,7 +678,7 @@ metadata: name: clustercompliancedetailreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.18.5" + app.kubernetes.io/version: "0.19.0-rc" spec: group: aquasecurity.github.io versions: diff --git a/docs/docs/design/design_starboard_at_scale.excalidraw b/docs/docs/design/design_starboard_at_scale.excalidraw index b51df6aec..c64ea18a4 100644 --- a/docs/docs/design/design_starboard_at_scale.excalidraw +++ b/docs/docs/design/design_starboard_at_scale.excalidraw @@ -11835,7 +11835,7 @@ "versionNonce": 596868769, "isDeleted": false, "boundElementIds": null, - "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: scan-vulnerabilityreport-\n namespace: trivy-system\nspec:\n template:\n spec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.5\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n restartPolicy: Never\n backoffLimit: 1", + "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: scan-vulnerabilityreport-\n namespace: trivy-system\nspec:\n template:\n spec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.19.0-rc\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n restartPolicy: Never\n backoffLimit: 1", "fontSize": 20, "fontFamily": 3, "textAlign": "left", @@ -11895,7 +11895,7 @@ "boundElementIds": [], "fontSize": 20, "fontFamily": 3, - "text": "apiVersion: v1\nkind: Pod\nmetadata:\n name: scan-vulnerabilityreport--\n namespace: trivy-system\nspec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.5\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n", + "text": "apiVersion: v1\nkind: Pod\nmetadata:\n name: scan-vulnerabilityreport--\n namespace: trivy-system\nspec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.19.0-rc\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n", "baseline": 259, "textAlign": "left", "verticalAlign": "top" diff --git a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md index 9d17b41bc..cfd8abfc9 100644 --- a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md +++ b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md @@ -219,6 +219,6 @@ With this approach trivy operator will not have to worry about managing(create/d - As we will run scan job with service account of workload and if there are some very strict PSP defined in the cluster then scan job will be blocked due to the PSP. -[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.18.5/integrations/managed-registries/#amazon-elastic-container-registry-ecr +[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.19.0-rc/integrations/managed-registries/#amazon-elastic-container-registry-ecr [IAM role to service account]: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html [Trivy fs command]: https://github.com/aquasecurity/trivy-operator/blob/main/docs/design/design_trivy_file_system_scanner.md diff --git a/docs/docs/design/ttl_scans.md b/docs/docs/design/ttl_scans.md index 373bcb8a8..283c443af 100644 --- a/docs/docs/design/ttl_scans.md +++ b/docs/docs/design/ttl_scans.md @@ -44,7 +44,7 @@ metadata: report: artifact: repository: fluxcd/source-controller - tag: v0.18.5 + tag: v0.19.0-rc registry: server: ghcr.io scanner: diff --git a/docs/index.md b/docs/index.md index 416a106ea..6a6863f9b 100644 --- a/docs/index.md +++ b/docs/index.md @@ -5,7 +5,7 @@ The Trivy Operator leverages [Trivy](https://github.com/aquasecurity/trivy) to continuously scan your Kubernetes cluster for security issues. The scans are summarised in security reports as Kubernetes [Custom Resource Definitions], which become accessible through the Kubernetes API. The Operator does this by watching Kubernetes for state changes and automatically triggering security scans in response. For example, a vulnerability scan is initiated when a new Pod is created. This way, users can find and view the risks that relate to different resources in a `Kubernetes-native` way. -## In-cluster Security Scans +## In-cluster Security Scans The Trivy Operator automatically generates and updates security reports. These reports are generated in response to new workload and other changes on a Kubernetes cluster, generating the following reports: @@ -14,7 +14,7 @@ The Trivy Operator automatically generates and updates security reports. These r - Exposed Secret Scans: Automated secret scans which find and detail the location of exposed Secrets within your cluster. - RBAC scans: Role Based Access Control scans provide detailed information on the access rights of the different resources installed. - K8s core component infra assessment scan Kubernetes infra core components (etcd,apiserver,scheduler,controller-manager and etc) setting and configuration. -- k8s outdated api validation - a configaudit check will validate if the resource api has been deprecated and planned for removal +- k8s outdated api validation - a configaudit check will validate if the resource api has been deprecated and planned for removal - Compliance reports - NSA, CISA Kubernetes Hardening Guidance v1.1 cybersecurity technical report is produced. - CIS Kubernetes Benchmark v1.23 cybersecurity technical report is produced. @@ -66,7 +66,7 @@ Install the Helm Chart: helm install trivy-operator oci://ghcr.io/aquasecurity/helm-charts/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.20.6 + --version 0.21.0-rc ``` This will install the Trivy Helm Chart into the `trivy-system` namespace and start triggering the scans. @@ -82,40 +82,21 @@ At this early stage we would love your feedback on the overall concept of Trivy- contributions integrating different security tools so that users can access security information in standard, Kubernetes-native ways. -* See [Contributing] for information about setting up your development environment, and the contribution workflow that +- See [Contributing] for information about setting up your development environment, and the contribution workflow that we expect. -* Please ensure that you are following our [Code Of Conduct](https://github.com/aquasecurity/community/blob/main/CODE_OF_CONDUCT.md) during any interaction with the Aqua projects and their community. +- Please ensure that you are following our [Code Of Conduct](https://github.com/aquasecurity/community/blob/main/CODE_OF_CONDUCT.md) during any interaction with the Aqua projects and their community. --- Trivy-Operator is an [Aqua Security](https://aquasec.com) open source project. Learn about our [Open Source Work and Portfolio]. Join the community, and talk to us about any matter in [GitHub Discussions] or [Slack]. -[release-img]: https://img.shields.io/github/release/aquasecurity/trivy-operator.svg?logo=github -[release]: https://github.com/aquasecurity/trivy-operator/releases -[action-build-img]: https://github.com/aquasecurity/trivy-operator/actions/workflows/build.yaml/badge.svg -[action-build]: https://github.com/aquasecurity/trivy-operator/actions/workflows/build.yaml -[action-release-snapshot-img]: https://github.com/aquasecurity/trivy-operator/actions/workflows/release-snapshot.yaml/badge.svg -[action-release-snapshot]: https://github.com/aquasecurity/trivy-operator/actions/workflows/release-snapshot.yaml -[cov-img]: https://codecov.io/github/aquasecurity/trivy-operator/branch/main/graph/badge.svg -[cov]: https://codecov.io/github/aquasecurity/trivy-operator -[report-card-img]: https://goreportcard.com/badge/github.com/aquasecurity/trivy-operator -[report-card]: https://goreportcard.com/report/github.com/aquasecurity/trivy-operator -[license-img]: https://img.shields.io/github/license/aquasecurity/trivy-operator.svg -[license]: https://github.com/aquasecurity/trivy-operator/blob/main/LICENSE -[github-all-releases-img]: https://img.shields.io/github/downloads/aquasecurity/trivy-operator/total?logo=github -[docker-pulls-trivy-operator]: https://img.shields.io/docker/pulls/aquasec/trivy-operator?logo=docker&label=docker%20pulls%20%2F%20trivy%20operator [Contributing]: https://github.com/aquasecurity/trivy-operator/blob/main/CONTRIBUTING.md [GitHub Discussions]: https://github.com/aquasecurity/trivy-operator/discussions [Slack]: https://slack.aquasec.com/ [Open Source Work and Portfolio]: https://www.aquasec.com/products/open-source-projects/ [Custom Resource Definitions]: https://aquasecurity.github.io/trivy-operator/latest/docs/crds/ -[Go module]: https://pkg.go.dev/github.com/aquasecurity/trivy-operator/pkg [Documentation]: https://aquasecurity.github.io/trivy-operator/latest [Static YAML Manifests]: https://aquasecurity.github.io/trivy-operator/latest/getting-started/installation/kubectl/ [getting-started-operator]: https://aquasecurity.github.io/trivy-operator/latest/ -[Kubernetes operator]: https://aquasecurity.github.io/trivy-operator/latest - -[Lens Extension]: https://github.com/aquasecurity/trivy-operator-lens-extension -[kubectl]: https://kubernetes.io/docs/reference/kubectl \ No newline at end of file diff --git a/docs/tutorials/private-registries.md b/docs/tutorials/private-registries.md index 65ffb2898..f79601aa4 100644 --- a/docs/tutorials/private-registries.md +++ b/docs/tutorials/private-registries.md @@ -303,4 +303,4 @@ data: The last way that you could give the Trivy operator access to your private container registry is through managed registries. In this case, the container registry and your Kubernetes cluster would have to be on the same cloud provider; then you can define access to your container namespace as part of the IAM account. Once defined, trivy will already have the permissions for the registry. -For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.18.5/docs/vulnerability-scanning/managed-registries/) +For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.19.0-rc/docs/vulnerability-scanning/managed-registries/) diff --git a/itest/helper/helper.go b/itest/helper/helper.go index ec1e34c61..de675d452 100644 --- a/itest/helper/helper.go +++ b/itest/helper/helper.go @@ -236,7 +236,7 @@ var ( trivyScanner = v1alpha1.Scanner{ Name: v1alpha1.ScannerNameTrivy, Vendor: "Aqua Security", - Version: "0.18.5", + Version: "0.19.0-rc", } ) diff --git a/mkdocs.yml b/mkdocs.yml index ff8fd188f..697ad1230 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -89,8 +89,8 @@ extra: method: mike provider: mike var: - prev_git_tag: "v0.18.4" - chart_version: "0.20.6" + prev_git_tag: "v0.18.5" + chart_version: "0.21.0-rc" plugins: - search