From 5ca0f7f876449f5e500e05d13f33af230a651bf3 Mon Sep 17 00:00:00 2001 From: chenk Date: Tue, 9 Jan 2024 20:49:06 +0200 Subject: [PATCH] operator [CI] trivy-operator (0.18.1) --- ...s.v1alpha1.aquasecurity.github.io.crd.yaml | 257 +++++++++++++ ...s.v1alpha1.aquasecurity.github.io.crd.yaml | 173 +++++++++ ...s.v1alpha1.aquasecurity.github.io.crd.yaml | 172 +++++++++ ...s.v1alpha1.aquasecurity.github.io.crd.yaml | 172 +++++++++ ...s.v1alpha1.aquasecurity.github.io.crd.yaml | 327 +++++++++++++++++ ...s.v1alpha1.aquasecurity.github.io.crd.yaml | 284 +++++++++++++++ ...s.v1alpha1.aquasecurity.github.io.crd.yaml | 174 +++++++++ ...s.v1alpha1.aquasecurity.github.io.crd.yaml | 206 +++++++++++ ...s.v1alpha1.aquasecurity.github.io.crd.yaml | 173 +++++++++ ...s.v1alpha1.aquasecurity.github.io.crd.yaml | 173 +++++++++ ...s.v1alpha1.aquasecurity.github.io.crd.yaml | 328 +++++++++++++++++ ...perator.v0.18.1.clusterserviceversion.yaml | 340 ++++++++++++++++++ ...s.v1alpha1.aquasecurity.github.io.crd.yaml | 285 +++++++++++++++ .../0.18.1/metadata/annotations.yaml | 7 + operators/trivy-operator/ci.yaml | 1 - 15 files changed, 3071 insertions(+), 1 deletion(-) create mode 100644 operators/trivy-operator/0.18.1/manifests/clustercompliancereports.v1alpha1.aquasecurity.github.io.crd.yaml create mode 100644 operators/trivy-operator/0.18.1/manifests/clusterconfigauditreports.v1alpha1.aquasecurity.github.io.crd.yaml create mode 100644 operators/trivy-operator/0.18.1/manifests/clusterinfraassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml create mode 100644 operators/trivy-operator/0.18.1/manifests/clusterrbacassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml create mode 100644 operators/trivy-operator/0.18.1/manifests/clustersbomreports.v1alpha1.aquasecurity.github.io.crd.yaml create mode 100644 operators/trivy-operator/0.18.1/manifests/clustervulnerabilityreports.v1alpha1.aquasecurity.github.io.crd.yaml create mode 100644 operators/trivy-operator/0.18.1/manifests/configauditreports.v1alpha1.aquasecurity.github.io.crd.yaml create mode 100644 operators/trivy-operator/0.18.1/manifests/exposedsecretreports.v1alpha1.aquasecurity.github.io.crd.yaml create mode 100644 operators/trivy-operator/0.18.1/manifests/infraassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml create mode 100644 operators/trivy-operator/0.18.1/manifests/rbacassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml create mode 100644 operators/trivy-operator/0.18.1/manifests/sbomreports.v1alpha1.aquasecurity.github.io.crd.yaml create mode 100644 operators/trivy-operator/0.18.1/manifests/trivy-operator.v0.18.1.clusterserviceversion.yaml create mode 100644 operators/trivy-operator/0.18.1/manifests/vulnerabilityreports.v1alpha1.aquasecurity.github.io.crd.yaml create mode 100644 operators/trivy-operator/0.18.1/metadata/annotations.yaml diff --git a/operators/trivy-operator/0.18.1/manifests/clustercompliancereports.v1alpha1.aquasecurity.github.io.crd.yaml b/operators/trivy-operator/0.18.1/manifests/clustercompliancereports.v1alpha1.aquasecurity.github.io.crd.yaml new file mode 100644 index 00000000000..2293a2e4b7e --- /dev/null +++ b/operators/trivy-operator/0.18.1/manifests/clustercompliancereports.v1alpha1.aquasecurity.github.io.crd.yaml @@ -0,0 +1,257 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: clustercompliancereports.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: ClusterComplianceReport + listKind: ClusterComplianceReportList + plural: clustercompliancereports + shortNames: + - compliance + singular: clustercompliancereport + scope: Cluster + versions: + - additionalPrinterColumns: + - description: The age of the report + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The number of checks that failed + jsonPath: .status.summary.failCount + name: Fail + priority: 1 + type: integer + - description: The number of checks that passed + jsonPath: .status.summary.passCount + name: Pass + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterComplianceReport is a specification for the ClusterComplianceReport + resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReportSpec represent the compliance specification + properties: + compliance: + properties: + controls: + description: Control represent the cps controls data and mapping + checks + items: + description: Control represent the cps controls data and mapping + checks + properties: + checks: + items: + description: SpecCheck represent the scanner who perform + the control check + properties: + id: + description: id define the check id as produced by + scanner + type: string + required: + - id + type: object + type: array + defaultStatus: + description: define the default value for check status in + case resource not found + enum: + - PASS + - WARN + - FAIL + type: string + description: + type: string + id: + description: id define the control check id + type: string + name: + type: string + severity: + description: define the severity of the control + enum: + - CRITICAL + - HIGH + - MEDIUM + - LOW + - UNKNOWN + type: string + required: + - id + - name + - severity + type: object + type: array + description: + type: string + id: + type: string + relatedResources: + items: + type: string + type: array + title: + type: string + version: + type: string + required: + - controls + - description + - id + - relatedResources + - title + - version + type: object + cron: + description: cron define the intervals for report generation + pattern: ^(((([\*]{1}){1})|((\*\/){0,1}(([0-9]{1}){1}|(([1-5]{1}){1}([0-9]{1}){1}){1}))) + ((([\*]{1}){1})|((\*\/){0,1}(([0-9]{1}){1}|(([1]{1}){1}([0-9]{1}){1}){1}|([2]{1}){1}([0-3]{1}){1}))) + ((([\*]{1}){1})|((\*\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))) + ((([\*]{1}){1})|((\*\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))|(jan|feb|mar|apr|may|jun|jul|aug|sep|okt|nov|dec)) + ((([\*]{1}){1})|((\*\/){0,1}(([0-7]{1}){1}))|(sun|mon|tue|wed|thu|fri|sat)))$ + type: string + reportType: + enum: + - summary + - all + type: string + required: + - compliance + - cron + - reportType + type: object + status: + properties: + detailReport: + description: ComplianceReport represents a kubernetes scan report + properties: + description: + type: string + id: + type: string + relatedVersion: + items: + type: string + type: array + results: + items: + properties: + checks: + items: + description: ComplianceCheck provides the result of conducting + a single compliance step. + properties: + category: + type: string + checkID: + type: string + description: + type: string + messages: + items: + type: string + type: array + remediation: + description: Remediation provides description or links + to external resources to remediate failing check. + type: string + severity: + description: Severity level of a vulnerability or + a configuration audit check. + type: string + success: + type: boolean + target: + type: string + title: + type: string + required: + - checkID + - severity + - success + type: object + type: array + description: + type: string + id: + type: string + name: + type: string + severity: + type: string + status: + type: string + required: + - checks + type: object + type: array + title: + type: string + version: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + summary: + properties: + failCount: + type: integer + passCount: + type: integer + type: object + summaryReport: + description: SummaryReport represents a kubernetes scan report with + consolidated findings + properties: + controlCheck: + items: + properties: + id: + type: string + name: + type: string + severity: + type: string + totalFail: + type: integer + type: object + type: array + id: + type: string + title: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + updateTimestamp: + format: date-time + type: string + required: + - updateTimestamp + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/trivy-operator/0.18.1/manifests/clusterconfigauditreports.v1alpha1.aquasecurity.github.io.crd.yaml b/operators/trivy-operator/0.18.1/manifests/clusterconfigauditreports.v1alpha1.aquasecurity.github.io.crd.yaml new file mode 100644 index 00000000000..641ff910676 --- /dev/null +++ b/operators/trivy-operator/0.18.1/manifests/clusterconfigauditreports.v1alpha1.aquasecurity.github.io.crd.yaml @@ -0,0 +1,173 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: clusterconfigauditreports.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: ClusterConfigAuditReport + listKind: ClusterConfigAuditReportList + plural: clusterconfigauditreports + shortNames: + - clusterconfigaudit + singular: clusterconfigauditreport + scope: Cluster + versions: + - additionalPrinterColumns: + - description: The name of the config audit scanner + jsonPath: .report.scanner.name + name: Scanner + type: string + - description: The age of the report + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The number of failed checks with critical severity + jsonPath: .report.summary.criticalCount + name: Critical + priority: 1 + type: integer + - description: The number of failed checks with high severity + jsonPath: .report.summary.highCount + name: High + priority: 1 + type: integer + - description: The number of failed checks with medium severity + jsonPath: .report.summary.mediumCount + name: Medium + priority: 1 + type: integer + - description: The number of failed checks with low severity + jsonPath: .report.summary.lowCount + name: Low + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterConfigAuditReport is a specification for the ClusterConfigAuditReport + resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + report: + properties: + checks: + description: Checks provides results of conducting audit steps. + items: + description: Check provides the result of conducting a single audit + step. + properties: + category: + type: string + checkID: + type: string + description: + type: string + messages: + items: + type: string + type: array + remediation: + description: Remediation provides description or links to external + resources to remediate failing check. + type: string + scope: + description: Scope indicates the section of config that was + audited. + properties: + type: + description: Type indicates type of this scope, e.g. Container, + ConfigMapKey or JSONPath. + type: string + value: + description: Value indicates value of this scope that depends + on Type, e.g. container name, ConfigMap key or JSONPath + expression + type: string + required: + - type + - value + type: object + severity: + description: Severity level of a vulnerability or a configuration + audit check. + type: string + success: + type: boolean + title: + type: string + required: + - checkID + - severity + - success + type: object + type: array + scanner: + description: Scanner is the spec for a scanner generating a security + assessment report. + properties: + name: + description: Name the name of the scanner. + type: string + vendor: + description: Vendor the name of the vendor providing the scanner. + type: string + version: + description: Version the version of the scanner. + type: string + required: + - name + - vendor + - version + type: object + summary: + description: ConfigAuditSummary counts failed checks by severity. + properties: + criticalCount: + description: CriticalCount is the number of failed checks with + critical severity. + type: integer + highCount: + description: HighCount is the number of failed checks with high + severity. + type: integer + lowCount: + description: LowCount is the number of failed check with low severity. + type: integer + mediumCount: + description: MediumCount is the number of failed checks with medium + severity. + type: integer + required: + - criticalCount + - highCount + - lowCount + - mediumCount + type: object + updateTimestamp: + format: date-time + type: string + required: + - checks + type: object + required: + - report + type: object + served: true + storage: true + subresources: {} diff --git a/operators/trivy-operator/0.18.1/manifests/clusterinfraassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml b/operators/trivy-operator/0.18.1/manifests/clusterinfraassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml new file mode 100644 index 00000000000..ac5f185d8db --- /dev/null +++ b/operators/trivy-operator/0.18.1/manifests/clusterinfraassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml @@ -0,0 +1,172 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: clusterinfraassessmentreports.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: ClusterInfraAssessmentReport + listKind: ClusterInfraAssessmentReportList + plural: clusterinfraassessmentreports + shortNames: + - clusterinfraassessment + singular: clusterinfraassessmentreport + scope: Cluster + versions: + - additionalPrinterColumns: + - description: The name of the infra assessement scanner + jsonPath: .report.scanner.name + name: Scanner + type: string + - description: The age of the report + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The number of failed checks with critical severity + jsonPath: .report.summary.criticalCount + name: Critical + priority: 1 + type: integer + - description: The number of failed checks with high severity + jsonPath: .report.summary.highCount + name: High + priority: 1 + type: integer + - description: The number of failed checks with medium severity + jsonPath: .report.summary.mediumCount + name: Medium + priority: 1 + type: integer + - description: The number of failed checks with low severity + jsonPath: .report.summary.lowCount + name: Low + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterInfraAssessmentReport is a specification for the ClusterInfraAssessmentReport + resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + report: + properties: + checks: + description: Checks provides results of conducting audit steps. + items: + description: Check provides the result of conducting a single audit + step. + properties: + category: + type: string + checkID: + type: string + description: + type: string + messages: + items: + type: string + type: array + remediation: + description: Remediation provides description or links to external + resources to remediate failing check. + type: string + scope: + description: Scope indicates the section of config that was + audited. + properties: + type: + description: Type indicates type of this scope, e.g. Container, + ConfigMapKey or JSONPath. + type: string + value: + description: Value indicates value of this scope that depends + on Type, e.g. container name, ConfigMap key or JSONPath + expression + type: string + required: + - type + - value + type: object + severity: + description: Severity level of a vulnerability or a configuration + audit check. + type: string + success: + type: boolean + title: + type: string + required: + - checkID + - severity + - success + type: object + type: array + scanner: + description: Scanner is the spec for a scanner generating a security + assessment report. + properties: + name: + description: Name the name of the scanner. + type: string + vendor: + description: Vendor the name of the vendor providing the scanner. + type: string + version: + description: Version the version of the scanner. + type: string + required: + - name + - vendor + - version + type: object + summary: + description: InfraAssessmentSummary counts failed checks by severity. + properties: + criticalCount: + description: CriticalCount is the number of failed checks with + critical severity. + type: integer + highCount: + description: HighCount is the number of failed checks with high + severity. + type: integer + lowCount: + description: LowCount is the number of failed check with low severity. + type: integer + mediumCount: + description: MediumCount is the number of failed checks with medium + severity. + type: integer + required: + - criticalCount + - highCount + - lowCount + - mediumCount + type: object + required: + - checks + - scanner + - summary + type: object + required: + - report + type: object + served: true + storage: true + subresources: {} diff --git a/operators/trivy-operator/0.18.1/manifests/clusterrbacassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml b/operators/trivy-operator/0.18.1/manifests/clusterrbacassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml new file mode 100644 index 00000000000..cefad624833 --- /dev/null +++ b/operators/trivy-operator/0.18.1/manifests/clusterrbacassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml @@ -0,0 +1,172 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: clusterrbacassessmentreports.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: ClusterRbacAssessmentReport + listKind: ClusterRbacAssessmentReportList + plural: clusterrbacassessmentreports + shortNames: + - clusterrbacassessmentreport + singular: clusterrbacassessmentreport + scope: Cluster + versions: + - additionalPrinterColumns: + - description: The name of the rbac assessment scanner + jsonPath: .report.scanner.name + name: Scanner + type: string + - description: The age of the report + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The number of failed checks with critical severity + jsonPath: .report.summary.criticalCount + name: Critical + priority: 1 + type: integer + - description: The number of failed checks with high severity + jsonPath: .report.summary.highCount + name: High + priority: 1 + type: integer + - description: The number of failed checks with medium severity + jsonPath: .report.summary.mediumCount + name: Medium + priority: 1 + type: integer + - description: The number of failed checks with low severity + jsonPath: .report.summary.lowCount + name: Low + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterRbacAssessmentReport is a specification for the ClusterRbacAssessmentReport + resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + report: + properties: + checks: + description: Checks provides results of conducting audit steps. + items: + description: Check provides the result of conducting a single audit + step. + properties: + category: + type: string + checkID: + type: string + description: + type: string + messages: + items: + type: string + type: array + remediation: + description: Remediation provides description or links to external + resources to remediate failing check. + type: string + scope: + description: Scope indicates the section of config that was + audited. + properties: + type: + description: Type indicates type of this scope, e.g. Container, + ConfigMapKey or JSONPath. + type: string + value: + description: Value indicates value of this scope that depends + on Type, e.g. container name, ConfigMap key or JSONPath + expression + type: string + required: + - type + - value + type: object + severity: + description: Severity level of a vulnerability or a configuration + audit check. + type: string + success: + type: boolean + title: + type: string + required: + - checkID + - severity + - success + type: object + type: array + scanner: + description: Scanner is the spec for a scanner generating a security + assessment report. + properties: + name: + description: Name the name of the scanner. + type: string + vendor: + description: Vendor the name of the vendor providing the scanner. + type: string + version: + description: Version the version of the scanner. + type: string + required: + - name + - vendor + - version + type: object + summary: + description: RbacAssessmentSummary counts failed checks by severity. + properties: + criticalCount: + description: CriticalCount is the number of failed checks with + critical severity. + type: integer + highCount: + description: HighCount is the number of failed checks with high + severity. + type: integer + lowCount: + description: LowCount is the number of failed check with low severity. + type: integer + mediumCount: + description: MediumCount is the number of failed checks with medium + severity. + type: integer + required: + - criticalCount + - highCount + - lowCount + - mediumCount + type: object + required: + - checks + - scanner + - summary + type: object + required: + - report + type: object + served: true + storage: true + subresources: {} diff --git a/operators/trivy-operator/0.18.1/manifests/clustersbomreports.v1alpha1.aquasecurity.github.io.crd.yaml b/operators/trivy-operator/0.18.1/manifests/clustersbomreports.v1alpha1.aquasecurity.github.io.crd.yaml new file mode 100644 index 00000000000..fef930991c0 --- /dev/null +++ b/operators/trivy-operator/0.18.1/manifests/clustersbomreports.v1alpha1.aquasecurity.github.io.crd.yaml @@ -0,0 +1,327 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: clustersbomreports.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: ClusterSbomReport + listKind: ClusterSbomReportList + plural: clustersbomreports + shortNames: + - clustersbom + singular: clustersbomreport + scope: Cluster + versions: + - additionalPrinterColumns: + - description: The name of image repository + jsonPath: .report.artifact.repository + name: Repository + type: string + - description: The name of image tag + jsonPath: .report.artifact.tag + name: Tag + type: string + - description: The name of the sbom generation scanner + jsonPath: .report.scanner.name + name: Scanner + type: string + - description: The age of the report + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The number of dependencies in bom + jsonPath: .report.summary.componentsCount + name: Components + priority: 1 + type: integer + - description: The the number of components in bom + jsonPath: .report.summary.dependenciesCount + name: Dependencies + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterSbomReport summarizes components and dependencies found + in container image + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + report: + description: Report is the actual sbom report data. + properties: + artifact: + description: Artifact represents a standalone, executable package + of software that includes everything needed to run an application. + properties: + digest: + description: Digest is a unique and immutable identifier of an + Artifact. + type: string + mimeType: + description: MimeType represents a type and format of an Artifact. + type: string + repository: + description: Repository is the name of the repository in the Artifact + registry. + type: string + tag: + description: Tag is a mutable, human-readable string used to identify + an Artifact. + type: string + type: object + components: + description: Bom isartifact bill of materials. + properties: + bomFormat: + type: string + components: + items: + properties: + bom-ref: + type: string + group: + type: string + hashes: + items: + properties: + alg: + type: string + content: + type: string + type: object + type: array + licenses: + items: + properties: + expression: + type: string + license: + properties: + id: + type: string + name: + type: string + url: + type: string + type: object + type: object + type: array + name: + type: string + properties: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + purl: + type: string + supplier: + properties: + contact: + items: + properties: + email: + type: string + name: + type: string + phone: + type: string + type: object + type: array + name: + type: string + url: + items: + type: string + type: array + type: object + type: + type: string + version: + type: string + type: object + type: array + dependencies: + items: + properties: + dependsOn: + items: + type: string + type: array + ref: + type: string + type: object + type: array + metadata: + properties: + component: + properties: + bom-ref: + type: string + group: + type: string + hashes: + items: + properties: + alg: + type: string + content: + type: string + type: object + type: array + licenses: + items: + properties: + expression: + type: string + license: + properties: + id: + type: string + name: + type: string + url: + type: string + type: object + type: object + type: array + name: + type: string + properties: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + purl: + type: string + supplier: + properties: + contact: + items: + properties: + email: + type: string + name: + type: string + phone: + type: string + type: object + type: array + name: + type: string + url: + items: + type: string + type: array + type: object + type: + type: string + version: + type: string + type: object + timestamp: + type: string + tools: + items: + properties: + name: + type: string + vendor: + type: string + version: + type: string + type: object + type: array + type: object + serialNumber: + type: string + specVersion: + type: string + version: + type: integer + required: + - bomFormat + - specVersion + type: object + registry: + description: Registry is the registry the Artifact was pulled from. + properties: + server: + description: Server the FQDN of registry server. + type: string + type: object + scanner: + description: Scanner is the scanner that generated this report. + properties: + name: + description: Name the name of the scanner. + type: string + vendor: + description: Vendor the name of the vendor providing the scanner. + type: string + version: + description: Version the version of the scanner. + type: string + required: + - name + - vendor + - version + type: object + summary: + description: Summary is a summary of sbom report. + properties: + componentsCount: + description: ComponentsCount is the number of components in bom. + minimum: 0 + type: integer + dependenciesCount: + description: DependenciesCount is the number of dependencies in + bom. + minimum: 0 + type: integer + required: + - componentsCount + - dependenciesCount + type: object + updateTimestamp: + description: UpdateTimestamp is a timestamp representing the server + time in UTC when this report was updated. + format: date-time + type: string + required: + - artifact + - components + - scanner + - summary + - updateTimestamp + type: object + required: + - report + type: object + served: true + storage: true + subresources: {} diff --git a/operators/trivy-operator/0.18.1/manifests/clustervulnerabilityreports.v1alpha1.aquasecurity.github.io.crd.yaml b/operators/trivy-operator/0.18.1/manifests/clustervulnerabilityreports.v1alpha1.aquasecurity.github.io.crd.yaml new file mode 100644 index 00000000000..dabb941a074 --- /dev/null +++ b/operators/trivy-operator/0.18.1/manifests/clustervulnerabilityreports.v1alpha1.aquasecurity.github.io.crd.yaml @@ -0,0 +1,284 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: clustervulnerabilityreports.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: ClusterVulnerabilityReport + listKind: ClusterVulnerabilityReportList + plural: clustervulnerabilityreports + shortNames: + - clustervuln + singular: clustervulnerabilityreport + scope: Cluster + versions: + - additionalPrinterColumns: + - description: The name of image repository + jsonPath: .report.artifact.repository + name: Repository + type: string + - description: The name of image tag + jsonPath: .report.artifact.tag + name: Tag + type: string + - description: The name of the vulnerability scanner + jsonPath: .report.scanner.name + name: Scanner + type: string + - description: The age of the report + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The number of critical vulnerabilities + jsonPath: .report.summary.criticalCount + name: Critical + priority: 1 + type: integer + - description: The number of high vulnerabilities + jsonPath: .report.summary.highCount + name: High + priority: 1 + type: integer + - description: The number of medium vulnerabilities + jsonPath: .report.summary.mediumCount + name: Medium + priority: 1 + type: integer + - description: The number of low vulnerabilities + jsonPath: .report.summary.lowCount + name: Low + priority: 1 + type: integer + - description: The number of unknown vulnerabilities + jsonPath: .report.summary.unknownCount + name: Unknown + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterVulnerabilityReport summarizes vulnerabilities in application + dependencies and operating system packages built into container images. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + report: + description: Report is the actual vulnerability report data. + properties: + artifact: + description: Artifact represents a standalone, executable package + of software that includes everything needed to run an application. + properties: + digest: + description: Digest is a unique and immutable identifier of an + Artifact. + type: string + mimeType: + description: MimeType represents a type and format of an Artifact. + type: string + repository: + description: Repository is the name of the repository in the Artifact + registry. + type: string + tag: + description: Tag is a mutable, human-readable string used to identify + an Artifact. + type: string + type: object + os: + description: OS information of the artifact + properties: + eosl: + description: Eosl is true if OS version has reached end of service + life + type: boolean + family: + description: Operating System Family + type: string + name: + description: Name or version of the OS + type: string + type: object + registry: + description: Registry is the registry the Artifact was pulled from. + properties: + server: + description: Server the FQDN of registry server. + type: string + type: object + scanner: + description: Scanner is the scanner that generated this report. + properties: + name: + description: Name the name of the scanner. + type: string + vendor: + description: Vendor the name of the vendor providing the scanner. + type: string + version: + description: Version the version of the scanner. + type: string + required: + - name + - vendor + - version + type: object + summary: + description: Summary is a summary of Vulnerability counts grouped + by Severity. + properties: + criticalCount: + description: CriticalCount is the number of vulnerabilities with + Critical Severity. + minimum: 0 + type: integer + highCount: + description: HighCount is the number of vulnerabilities with High + Severity. + minimum: 0 + type: integer + lowCount: + description: LowCount is the number of vulnerabilities with Low + Severity. + minimum: 0 + type: integer + mediumCount: + description: MediumCount is the number of vulnerabilities with + Medium Severity. + minimum: 0 + type: integer + noneCount: + description: NoneCount is the number of packages without any vulnerability. + minimum: 0 + type: integer + unknownCount: + description: UnknownCount is the number of vulnerabilities with + unknown severity. + minimum: 0 + type: integer + required: + - criticalCount + - highCount + - lowCount + - mediumCount + - unknownCount + type: object + updateTimestamp: + description: UpdateTimestamp is a timestamp representing the server + time in UTC when this report was updated. + format: date-time + type: string + vulnerabilities: + description: Vulnerabilities is a list of operating system (OS) or + application software Vulnerability items found in the Artifact. + items: + description: Vulnerability is the spec for a vulnerability record. + properties: + class: + type: string + cvss: + additionalProperties: + properties: + V2Score: + type: number + V2Vector: + type: string + V3Score: + type: number + V3Vector: + type: string + type: object + type: object + cvsssource: + type: string + description: + type: string + fixedVersion: + description: FixedVersion indicates the version of the Resource + in which this vulnerability has been fixed. + type: string + installedVersion: + description: InstalledVersion indicates the installed version + of the Resource. + type: string + lastModifiedDate: + description: LastModifiedDate indicates the last date CVE has + been modified. + type: string + links: + items: + type: string + type: array + packagePath: + type: string + packageType: + type: string + primaryLink: + type: string + publishedDate: + description: PublishedDate indicates the date of published CVE. + type: string + resource: + description: Resource is a vulnerable package, application, + or library. + type: string + score: + type: number + severity: + description: Severity level of a vulnerability or a configuration + audit check. + enum: + - CRITICAL + - HIGH + - MEDIUM + - LOW + - UNKNOWN + type: string + target: + type: string + title: + type: string + vulnerabilityID: + description: VulnerabilityID the vulnerability identifier. + type: string + required: + - fixedVersion + - installedVersion + - lastModifiedDate + - publishedDate + - resource + - severity + - title + - vulnerabilityID + type: object + type: array + required: + - artifact + - os + - scanner + - summary + - updateTimestamp + - vulnerabilities + type: object + required: + - report + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: {} diff --git a/operators/trivy-operator/0.18.1/manifests/configauditreports.v1alpha1.aquasecurity.github.io.crd.yaml b/operators/trivy-operator/0.18.1/manifests/configauditreports.v1alpha1.aquasecurity.github.io.crd.yaml new file mode 100644 index 00000000000..589f4b7eada --- /dev/null +++ b/operators/trivy-operator/0.18.1/manifests/configauditreports.v1alpha1.aquasecurity.github.io.crd.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: configauditreports.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: ConfigAuditReport + listKind: ConfigAuditReportList + plural: configauditreports + shortNames: + - configaudit + - configaudits + singular: configauditreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The name of the config audit scanner + jsonPath: .report.scanner.name + name: Scanner + type: string + - description: The age of the report + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The number of failed checks with critical severity + jsonPath: .report.summary.criticalCount + name: Critical + priority: 1 + type: integer + - description: The number of failed checks with high severity + jsonPath: .report.summary.highCount + name: High + priority: 1 + type: integer + - description: The number of failed checks with medium severity + jsonPath: .report.summary.mediumCount + name: Medium + priority: 1 + type: integer + - description: The number of failed checks with low severity + jsonPath: .report.summary.lowCount + name: Low + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: ConfigAuditReport is a specification for the ConfigAuditReport + resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + report: + properties: + checks: + description: Checks provides results of conducting audit steps. + items: + description: Check provides the result of conducting a single audit + step. + properties: + category: + type: string + checkID: + type: string + description: + type: string + messages: + items: + type: string + type: array + remediation: + description: Remediation provides description or links to external + resources to remediate failing check. + type: string + scope: + description: Scope indicates the section of config that was + audited. + properties: + type: + description: Type indicates type of this scope, e.g. Container, + ConfigMapKey or JSONPath. + type: string + value: + description: Value indicates value of this scope that depends + on Type, e.g. container name, ConfigMap key or JSONPath + expression + type: string + required: + - type + - value + type: object + severity: + description: Severity level of a vulnerability or a configuration + audit check. + type: string + success: + type: boolean + title: + type: string + required: + - checkID + - severity + - success + type: object + type: array + scanner: + description: Scanner is the spec for a scanner generating a security + assessment report. + properties: + name: + description: Name the name of the scanner. + type: string + vendor: + description: Vendor the name of the vendor providing the scanner. + type: string + version: + description: Version the version of the scanner. + type: string + required: + - name + - vendor + - version + type: object + summary: + description: ConfigAuditSummary counts failed checks by severity. + properties: + criticalCount: + description: CriticalCount is the number of failed checks with + critical severity. + type: integer + highCount: + description: HighCount is the number of failed checks with high + severity. + type: integer + lowCount: + description: LowCount is the number of failed check with low severity. + type: integer + mediumCount: + description: MediumCount is the number of failed checks with medium + severity. + type: integer + required: + - criticalCount + - highCount + - lowCount + - mediumCount + type: object + updateTimestamp: + format: date-time + type: string + required: + - checks + type: object + required: + - report + type: object + served: true + storage: true + subresources: {} diff --git a/operators/trivy-operator/0.18.1/manifests/exposedsecretreports.v1alpha1.aquasecurity.github.io.crd.yaml b/operators/trivy-operator/0.18.1/manifests/exposedsecretreports.v1alpha1.aquasecurity.github.io.crd.yaml new file mode 100644 index 00000000000..1646a1f8f6f --- /dev/null +++ b/operators/trivy-operator/0.18.1/manifests/exposedsecretreports.v1alpha1.aquasecurity.github.io.crd.yaml @@ -0,0 +1,206 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: exposedsecretreports.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: ExposedSecretReport + listKind: ExposedSecretReportList + plural: exposedsecretreports + shortNames: + - exposedsecret + - exposedsecrets + singular: exposedsecretreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The name of image repository + jsonPath: .report.artifact.repository + name: Repository + type: string + - description: The name of image tag + jsonPath: .report.artifact.tag + name: Tag + type: string + - description: The name of the exposed secret scanner + jsonPath: .report.scanner.name + name: Scanner + type: string + - description: The age of the report + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The number of critical exposed secrets + jsonPath: .report.summary.criticalCount + name: Critical + priority: 1 + type: integer + - description: The number of high exposed secrets + jsonPath: .report.summary.highCount + name: High + priority: 1 + type: integer + - description: The number of medium exposed secrets + jsonPath: .report.summary.mediumCount + name: Medium + priority: 1 + type: integer + - description: The number of low exposed secrets + jsonPath: .report.summary.lowCount + name: Low + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: ExposedSecretReport summarizes exposed secrets in plaintext files + built into container images. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + report: + description: Report is the actual exposed secret report data. + properties: + artifact: + description: Artifact represents a standalone, executable package + of software that includes everything needed to run an application. + properties: + digest: + description: Digest is a unique and immutable identifier of an + Artifact. + type: string + mimeType: + description: MimeType represents a type and format of an Artifact. + type: string + repository: + description: Repository is the name of the repository in the Artifact + registry. + type: string + tag: + description: Tag is a mutable, human-readable string used to identify + an Artifact. + type: string + type: object + registry: + description: Registry is the registry the Artifact was pulled from. + properties: + server: + description: Server the FQDN of registry server. + type: string + type: object + scanner: + description: Scanner is the scanner that generated this report. + properties: + name: + description: Name the name of the scanner. + type: string + vendor: + description: Vendor the name of the vendor providing the scanner. + type: string + version: + description: Version the version of the scanner. + type: string + required: + - name + - vendor + - version + type: object + secrets: + description: Exposed secrets is a list of passwords, api keys, tokens + and others items found in the Artifact. + items: + description: ExposedSecret is the spec for a exposed secret record. + properties: + category: + type: string + match: + description: Match where the exposed rule matched. + type: string + ruleID: + description: RuleID is rule the identifier. + type: string + severity: + description: Severity level of a vulnerability or a configuration + audit check. + enum: + - CRITICAL + - HIGH + - MEDIUM + - LOW + type: string + target: + description: Target is where the exposed secret was found. + type: string + title: + type: string + required: + - category + - match + - ruleID + - severity + - target + - title + type: object + type: array + summary: + description: Summary is the exposed secrets counts grouped by Severity. + properties: + criticalCount: + description: CriticalCount is the number of exposed secrets with + Critical Severity. + minimum: 0 + type: integer + highCount: + description: HighCount is the number of exposed secrets with High + Severity. + minimum: 0 + type: integer + lowCount: + description: LowCount is the number of exposed secrets with Low + Severity. + minimum: 0 + type: integer + mediumCount: + description: MediumCount is the number of exposed secrets with + Medium Severity. + minimum: 0 + type: integer + required: + - criticalCount + - highCount + - lowCount + - mediumCount + type: object + updateTimestamp: + description: UpdateTimestamp is a timestamp representing the server + time in UTC when this report was updated. + format: date-time + type: string + required: + - artifact + - scanner + - secrets + - summary + - updateTimestamp + type: object + required: + - report + type: object + served: true + storage: true + subresources: {} diff --git a/operators/trivy-operator/0.18.1/manifests/infraassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml b/operators/trivy-operator/0.18.1/manifests/infraassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml new file mode 100644 index 00000000000..3b096639d13 --- /dev/null +++ b/operators/trivy-operator/0.18.1/manifests/infraassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml @@ -0,0 +1,173 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: infraassessmentreports.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: InfraAssessmentReport + listKind: InfraAssessmentReportList + plural: infraassessmentreports + shortNames: + - infraassessment + - infraassessments + singular: infraassessmentreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The name of the infra assessment scanner + jsonPath: .report.scanner.name + name: Scanner + type: string + - description: The age of the report + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The number of failed checks with critical severity + jsonPath: .report.summary.criticalCount + name: Critical + priority: 1 + type: integer + - description: The number of failed checks with high severity + jsonPath: .report.summary.highCount + name: High + priority: 1 + type: integer + - description: The number of failed checks with medium severity + jsonPath: .report.summary.mediumCount + name: Medium + priority: 1 + type: integer + - description: The number of failed checks with low severity + jsonPath: .report.summary.lowCount + name: Low + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: InfraAssessmentReport is a specification for the InfraAssessmentReport + resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + report: + properties: + checks: + description: Checks provides results of conducting audit steps. + items: + description: Check provides the result of conducting a single audit + step. + properties: + category: + type: string + checkID: + type: string + description: + type: string + messages: + items: + type: string + type: array + remediation: + description: Remediation provides description or links to external + resources to remediate failing check. + type: string + scope: + description: Scope indicates the section of config that was + audited. + properties: + type: + description: Type indicates type of this scope, e.g. Container, + ConfigMapKey or JSONPath. + type: string + value: + description: Value indicates value of this scope that depends + on Type, e.g. container name, ConfigMap key or JSONPath + expression + type: string + required: + - type + - value + type: object + severity: + description: Severity level of a vulnerability or a configuration + audit check. + type: string + success: + type: boolean + title: + type: string + required: + - checkID + - severity + - success + type: object + type: array + scanner: + description: Scanner is the spec for a scanner generating a security + assessment report. + properties: + name: + description: Name the name of the scanner. + type: string + vendor: + description: Vendor the name of the vendor providing the scanner. + type: string + version: + description: Version the version of the scanner. + type: string + required: + - name + - vendor + - version + type: object + summary: + description: InfraAssessmentSummary counts failed checks by severity. + properties: + criticalCount: + description: CriticalCount is the number of failed checks with + critical severity. + type: integer + highCount: + description: HighCount is the number of failed checks with high + severity. + type: integer + lowCount: + description: LowCount is the number of failed check with low severity. + type: integer + mediumCount: + description: MediumCount is the number of failed checks with medium + severity. + type: integer + required: + - criticalCount + - highCount + - lowCount + - mediumCount + type: object + required: + - checks + - scanner + - summary + type: object + required: + - report + type: object + served: true + storage: true + subresources: {} diff --git a/operators/trivy-operator/0.18.1/manifests/rbacassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml b/operators/trivy-operator/0.18.1/manifests/rbacassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml new file mode 100644 index 00000000000..2408d4ac771 --- /dev/null +++ b/operators/trivy-operator/0.18.1/manifests/rbacassessmentreports.v1alpha1.aquasecurity.github.io.crd.yaml @@ -0,0 +1,173 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: rbacassessmentreports.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: RbacAssessmentReport + listKind: RbacAssessmentReportList + plural: rbacassessmentreports + shortNames: + - rbacassessment + - rbacassessments + singular: rbacassessmentreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The name of the rbac assessment scanner + jsonPath: .report.scanner.name + name: Scanner + type: string + - description: The age of the report + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The number of failed checks with critical severity + jsonPath: .report.summary.criticalCount + name: Critical + priority: 1 + type: integer + - description: The number of failed checks with high severity + jsonPath: .report.summary.highCount + name: High + priority: 1 + type: integer + - description: The number of failed checks with medium severity + jsonPath: .report.summary.mediumCount + name: Medium + priority: 1 + type: integer + - description: The number of failed checks with low severity + jsonPath: .report.summary.lowCount + name: Low + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: RbacAssessmentReport is a specification for the RbacAssessmentReport + resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + report: + properties: + checks: + description: Checks provides results of conducting audit steps. + items: + description: Check provides the result of conducting a single audit + step. + properties: + category: + type: string + checkID: + type: string + description: + type: string + messages: + items: + type: string + type: array + remediation: + description: Remediation provides description or links to external + resources to remediate failing check. + type: string + scope: + description: Scope indicates the section of config that was + audited. + properties: + type: + description: Type indicates type of this scope, e.g. Container, + ConfigMapKey or JSONPath. + type: string + value: + description: Value indicates value of this scope that depends + on Type, e.g. container name, ConfigMap key or JSONPath + expression + type: string + required: + - type + - value + type: object + severity: + description: Severity level of a vulnerability or a configuration + audit check. + type: string + success: + type: boolean + title: + type: string + required: + - checkID + - severity + - success + type: object + type: array + scanner: + description: Scanner is the spec for a scanner generating a security + assessment report. + properties: + name: + description: Name the name of the scanner. + type: string + vendor: + description: Vendor the name of the vendor providing the scanner. + type: string + version: + description: Version the version of the scanner. + type: string + required: + - name + - vendor + - version + type: object + summary: + description: RbacAssessmentSummary counts failed checks by severity. + properties: + criticalCount: + description: CriticalCount is the number of failed checks with + critical severity. + type: integer + highCount: + description: HighCount is the number of failed checks with high + severity. + type: integer + lowCount: + description: LowCount is the number of failed check with low severity. + type: integer + mediumCount: + description: MediumCount is the number of failed checks with medium + severity. + type: integer + required: + - criticalCount + - highCount + - lowCount + - mediumCount + type: object + required: + - checks + - scanner + - summary + type: object + required: + - report + type: object + served: true + storage: true + subresources: {} diff --git a/operators/trivy-operator/0.18.1/manifests/sbomreports.v1alpha1.aquasecurity.github.io.crd.yaml b/operators/trivy-operator/0.18.1/manifests/sbomreports.v1alpha1.aquasecurity.github.io.crd.yaml new file mode 100644 index 00000000000..2d60c6b2bb3 --- /dev/null +++ b/operators/trivy-operator/0.18.1/manifests/sbomreports.v1alpha1.aquasecurity.github.io.crd.yaml @@ -0,0 +1,328 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: sbomreports.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: SbomReport + listKind: SbomReportList + plural: sbomreports + shortNames: + - sbom + - sboms + singular: sbomreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The name of image repository + jsonPath: .report.artifact.repository + name: Repository + type: string + - description: The name of image tag + jsonPath: .report.artifact.tag + name: Tag + type: string + - description: The name of the sbom generation scanner + jsonPath: .report.scanner.name + name: Scanner + type: string + - description: The age of the report + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The number of dependencies in bom + jsonPath: .report.summary.componentsCount + name: Components + priority: 1 + type: integer + - description: The the number of components in bom + jsonPath: .report.summary.dependenciesCount + name: Dependencies + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: SbomReport summarizes components and dependencies found in container + image + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + report: + description: Report is the actual sbom report data. + properties: + artifact: + description: Artifact represents a standalone, executable package + of software that includes everything needed to run an application. + properties: + digest: + description: Digest is a unique and immutable identifier of an + Artifact. + type: string + mimeType: + description: MimeType represents a type and format of an Artifact. + type: string + repository: + description: Repository is the name of the repository in the Artifact + registry. + type: string + tag: + description: Tag is a mutable, human-readable string used to identify + an Artifact. + type: string + type: object + components: + description: Bom isartifact bill of materials. + properties: + bomFormat: + type: string + components: + items: + properties: + bom-ref: + type: string + group: + type: string + hashes: + items: + properties: + alg: + type: string + content: + type: string + type: object + type: array + licenses: + items: + properties: + expression: + type: string + license: + properties: + id: + type: string + name: + type: string + url: + type: string + type: object + type: object + type: array + name: + type: string + properties: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + purl: + type: string + supplier: + properties: + contact: + items: + properties: + email: + type: string + name: + type: string + phone: + type: string + type: object + type: array + name: + type: string + url: + items: + type: string + type: array + type: object + type: + type: string + version: + type: string + type: object + type: array + dependencies: + items: + properties: + dependsOn: + items: + type: string + type: array + ref: + type: string + type: object + type: array + metadata: + properties: + component: + properties: + bom-ref: + type: string + group: + type: string + hashes: + items: + properties: + alg: + type: string + content: + type: string + type: object + type: array + licenses: + items: + properties: + expression: + type: string + license: + properties: + id: + type: string + name: + type: string + url: + type: string + type: object + type: object + type: array + name: + type: string + properties: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + purl: + type: string + supplier: + properties: + contact: + items: + properties: + email: + type: string + name: + type: string + phone: + type: string + type: object + type: array + name: + type: string + url: + items: + type: string + type: array + type: object + type: + type: string + version: + type: string + type: object + timestamp: + type: string + tools: + items: + properties: + name: + type: string + vendor: + type: string + version: + type: string + type: object + type: array + type: object + serialNumber: + type: string + specVersion: + type: string + version: + type: integer + required: + - bomFormat + - specVersion + type: object + registry: + description: Registry is the registry the Artifact was pulled from. + properties: + server: + description: Server the FQDN of registry server. + type: string + type: object + scanner: + description: Scanner is the scanner that generated this report. + properties: + name: + description: Name the name of the scanner. + type: string + vendor: + description: Vendor the name of the vendor providing the scanner. + type: string + version: + description: Version the version of the scanner. + type: string + required: + - name + - vendor + - version + type: object + summary: + description: Summary is a summary of sbom report. + properties: + componentsCount: + description: ComponentsCount is the number of components in bom. + minimum: 0 + type: integer + dependenciesCount: + description: DependenciesCount is the number of dependencies in + bom. + minimum: 0 + type: integer + required: + - componentsCount + - dependenciesCount + type: object + updateTimestamp: + description: UpdateTimestamp is a timestamp representing the server + time in UTC when this report was updated. + format: date-time + type: string + required: + - artifact + - components + - scanner + - summary + - updateTimestamp + type: object + required: + - report + type: object + served: true + storage: true + subresources: {} diff --git a/operators/trivy-operator/0.18.1/manifests/trivy-operator.v0.18.1.clusterserviceversion.yaml b/operators/trivy-operator/0.18.1/manifests/trivy-operator.v0.18.1.clusterserviceversion.yaml new file mode 100644 index 00000000000..a59b074981d --- /dev/null +++ b/operators/trivy-operator/0.18.1/manifests/trivy-operator.v0.18.1.clusterserviceversion.yaml @@ -0,0 +1,340 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + name: trivy-operator.v0.18.1 + namespace: trivy-operator + annotations: + capabilities: Basic Install + categories: Security + description: Keeps security report resources updated + certified: "false" + containerImage: docker.io/aquasec/trivy-operator:0.18.1 + createdAt: 2023-01-09T20:26:20Z + support: Aqua Security + repository: https://github.com/aquasecurity/trivy-operator + alm-examples: |- + [] +spec: + displayName: Trivy Operator + version: 0.18.1 + replaces: trivy-operator.v0.18.0 + description: |- + This operator for Trivy automatically updates security report resources in response to workload and other + changes on a Kubernetes cluster - for example, initiating a vulnerability scan when a new Pod is started + + Trivy Operator provides: + + - Automated vulnerability scanning for Kubernetes applications. + - Automated configuration audits for Kubernetes resources with predefined rules or custom Open Policy Agent (OPA) policies. + - Automated exposed secrets scanning for Kubernetes applications. + - Automated Kubernetes applications bill of materials. + - Automated rbac assessment scanning for Kubernetes roles and clusterroles. + - Automated infra assessment scanning for Kubernetes core components. + + ## Documentation + + Please see the [Documentation](https://aquasecurity.github.io/trivy-operator/latest) for more info about the Trivy Operator project, + which manages a variety of security tools to make their reports accessible as Kubernetes custom resources. + + ## Installation + + Check this [Operator Lifecycle Manager](https://aquasecurity.github.io/trivy-operator/v0.18.1/operator/installation/olm/) + guide to install the operator from [OperatorHub](https://operatorhub.io/) or [ArtifactHUB](https://artifacthub.io/). + keywords: ["aqua-security", "scanning", "security"] + maintainers: + - name: Chen Keinan + email: chen.keinan@aquasec.com + - name: Jose Donizetti + email: jose.donizetti@aquasec.com + provider: + name: Aqua Security + maturity: alpha + labels: + name: trivy-operator + selector: + matchLabels: + name: trivy-operator + links: + - name: Trivy Operator on GitHub + url: https://github.com/aquasecurity/trivy-operator + - name: Trivy Operator Documentation + url: https://aquasecurity.github.io/trivy-operator/latest + icon: + - base64data: PHN2ZyB3aWR0aD0iMjY1IiBoZWlnaHQ9IjEzNSIgdmlld0JveD0iMCAwIDI2NSAxMzUiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxwYXRoIGQ9Ik0xNDguNjI5IDEwMy4wNzdWMTA5LjAwNUMxNDQuNTkxIDEwOS4wMDUgMTQwLjk1MyAxMDcuNTUxIDEzOC4wODQgMTA1LjE0MkMxMzQuNDc5IDEwMi4xMTcgMTMyLjE5IDk3LjU3NzQgMTMyLjE5IDkyLjUwNDRWNjIuODE2NEgxMzguMDg0Vjc2LjI4NzRIMTQ4LjYyOVY4Mi4yNTM0SDEzOC4wODRWOTIuNjQ4NEMxMzguMTY0IDk4LjQyMDQgMTQyLjg0IDEwMy4wNzcgMTQ4LjYyOSAxMDMuMDc3WiIgZmlsbD0iIzA3MjQyRCIvPgo8cGF0aCBkPSJNMTY5LjY1IDc2LjI4NTJWODIuMTc0MkMxNjQuMDU5IDgyLjE4NTIgMTU5LjUwNyA4Ni42MjAxIDE1OS4zMDUgOTIuMTU4MVYxMDkuMDAzSDE1My4zOTdWNzYuMjg1MkgxNTkuMzA1VjgwLjAyMDFDMTYyLjExMyA3Ny42ODkxIDE2NS43MTggNzYuMjkxMiAxNjkuNjUgNzYuMjg1MloiIGZpbGw9IiMwNzI0MkQiLz4KPHBhdGggZD0iTTE3My40NDcgNjguNjk4OFY2Mi43OTg4SDE3OS4zNDRWNjguNjk4OEgxNzMuNDQ3Wk0xNzMuNDQ3IDEwOS4wMDRWNzYuMjg1OEgxNzkuMzQ0VjEwOS4wMDVIMTczLjQ0N1YxMDkuMDA0WiIgZmlsbD0iIzA3MjQyRCIvPgo8cGF0aCBkPSJNMjE1LjUwOCA3Ni4yODUyTDE5OS4xNiAxMDkuMDA0TDE4Mi43OTYgNzYuMjg1MkgxODkuNDk1TDE5OS4xNiA5NS42MDUyTDIwOC44MDYgNzYuMjg1MkgyMTUuNTA4WiIgZmlsbD0iIzA3MjQyRCIvPgo8cGF0aCBkPSJNMjUwLjg3NCA3Ni4yODUyQzI1MC44NzQgNzYuMjg1MiAyNTAuODc0IDExMi4wNTYgMjUwLjg3NCAxMTQuNDJDMjUwLjg3NCAxMjMuNTU2IDI0My4zODEgMTMwLjg0OCAyMzQuNTA0IDEzMC44NDNDMjMwLjM0NyAxMzAuODQzIDIyNi40OTUgMTI5LjI2NyAyMjMuNTcgMTI2LjY0N0wyMjcuODEgMTIyLjQwN0MyMjkuNjE5IDEyMy45MzkgMjMxLjk1MyAxMjQuODcxIDIzNC41MDMgMTI0Ljg2NkMyNDAuMjQ4IDEyNC44NjYgMjQ0Ljg5OSAxMjAuMTcgMjQ0Ljg5OSAxMTQuNDJWMTA1LjI3OUMyNDIuMDQ5IDEwNy42MzggMjM4LjQxMSAxMDkuMDAzIDIzNC41MDMgMTA5LjAwM0MyMjUuNjA5IDEwOS4wMDggMjE4LjExOSAxMDEuODMyIDIxOC4xMTkgOTIuNjMxMUMyMTguMTE5IDkyLjQzNzEgMjE4LjExOSA3Ni4yODYyIDIxOC4xMTkgNzYuMjg2MkgyMjQuMDkxQzIyNC4wOTEgNzYuMjg2MiAyMjQuMDk0IDkyLjE5MzEgMjI0LjA5NCA5Mi42MzExQzIyNC4wOTQgOTguMzUzMSAyMjguNzUzIDEwMy4wODIgMjM0LjUwMyAxMDMuMDc3QzI0MC4yNDggMTAzLjA3NyAyNDQuODk5IDk4LjM3NjEgMjQ0Ljg5OSA5Mi42MzExVjc2LjI4NTJIMjUwLjg3NFoiIGZpbGw9IiMwNzI0MkQiLz4KPHBhdGggZD0iTTE2Ni4xMTQgNTkuMzc4MkgxNjkuMjQzVjM5Ljk0MzJDMTY5LjI1MyAzOS43NzIyIDE2OS4yNDMgMzkuNTk5MiAxNjkuMjQzIDM5LjQyNjJDMTY5LjI0MyAzNC42NzUyIDE2NS40MDIgMzAuODI0MiAxNjAuNjUxIDMwLjgyNDJDMTU1LjkgMzAuODI0MiAxNTIuMDQ5IDM0LjY3NTIgMTUyLjA0OSAzOS40MjYyQzE1Mi4wNDkgNDQuMTc3MiAxNTUuOSA0OC4wMjgyIDE2MC42NTEgNDguMDI4MkgxNjEuMDg2TDE2NC4yNSA0NC44NzgySDE2MC44OUgxNjAuNjUxQzE1Ny42NCA0NC44NzgyIDE1NS4yIDQyLjQzNzIgMTU1LjIgMzkuNDI3MkMxNTUuMiAzNi40MTcyIDE1Ny42NDEgMzMuOTc2MiAxNjAuNjUxIDMzLjk3NjJDMTYzLjY2MiAzMy45NzYyIDE2Ni4xMTQgMzYuNDE3MiAxNjYuMTE0IDM5LjQyNzJWNTkuMzc4MloiIGZpbGw9IiMwNzI0MkQiLz4KPHBhdGggZD0iTTE4NS44OTkgMzAuODI0MlYzOS41MzMyQzE4NS44OTkgNDIuNTc0MiAxODMuNDM0IDQ1LjA1MTIgMTgwLjM5NCA0NS4wNTEyQzE3Ny4zNTMgNDUuMDUxMiAxNzQuODg2IDQyLjU3NDIgMTc0Ljg4NiAzOS41MzMyVjMwLjgyNDJIMTcxLjgzN1YzOS41MzMyQzE3MS44MzcgMzkuNTMzMiAxNzEuODM3IDM5LjUzMzIgMTcxLjgzNyAzOS41NDAyQzE3MS44MzcgNDQuMjY5MiAxNzUuNjY1IDQ4LjEwODIgMTgwLjM5NCA0OC4xMDgyQzE4NS4xMjMgNDguMTA4MiAxODguOTU1IDQ0LjI4MTIgMTg4Ljk1NSAzOS41NTIyQzE4OC45NTUgMzkuNTQ2MiAxODguOTU1IDM5LjUzMzIgMTg4Ljk1NSAzOS41MzMyVjMwLjgyNDJIMTg1Ljg5OVoiIGZpbGw9IiMwNzI0MkQiLz4KPHBhdGggZD0iTTE0OC45NDEgMzYuNTEzNUMxNDUuNTM2IDI3LjUxOTUgMTMyLjMzOSAyOS43MDM1IDEzMi4xMzkgMzkuNDUyNUMxMzIuMTQ0IDQxLjU0NjUgMTMyLjg2MyA0My40MjQ1IDEzNC4xMTggNDQuOTU0NUMxMzUuNTkgNDYuNzQxNSAxMzcuNzY0IDQ3LjkyNzUgMTQwLjIxOSA0OC4wODg1QzE0MC40MDggNDguMTAwNSAxNDAuNTk4IDQ4LjEwNzUgMTQwLjc4OSA0OC4xMDc1SDE0OS40NTRDMTQ5LjQ1NCA0OC4xMDc1IDE0OS40NTQgMzkuNDUxNSAxNDkuNDU0IDM5LjQ1MjVDMTQ5LjQ1NCAzOC40NTM1IDE0OS4yODEgMzcuNDUxNSAxNDguOTQxIDM2LjUxMzVaTTE0Ni4yNTIgNDQuOTQ3NUMxNDYuMjUyIDQ0Ljk0NzUgMTQyLjMxNSA0NC45NDc1IDE0MC43OTcgNDQuOTQ3NUMxMzcuNzY5IDQ0Ljk0NzUgMTM1LjMxNSA0Mi40Nzk1IDEzNS4zMTUgMzkuNDUxNUMxMzUuMzE1IDM3LjkzNDUgMTM1LjkzMiAzNi41NzQ1IDEzNi45MjggMzUuNTgxNUwxMzYuOTI5IDM1LjU4MjVDMTQwLjMxNSAzMi4xNTE1IDE0Ni4yNzQgMzQuNTU4NSAxNDYuMjUzIDM5LjQ1MTVDMTQ2LjI1MiA0MC45Njk1IDE0Ni4yNTIgNDQuOTQ3NSAxNDYuMjUyIDQ0Ljk0NzVaIiBmaWxsPSIjMDcyNDJEIi8+CjxwYXRoIGQ9Ik0yMDguMzUxIDM2LjUxMzVDMjA0Ljk0NiAyNy41MTk1IDE5MS43NDkgMjkuNzAzNSAxOTEuNTQ5IDM5LjQ1MjVDMTkxLjU1NCA0MS41NDY1IDE5Mi4yNzMgNDMuNDI0NSAxOTMuNTI4IDQ0Ljk1NDVDMTk1IDQ2Ljc0MTUgMTk3LjE3NCA0Ny45Mjc1IDE5OS42MjkgNDguMDg4NUMxOTkuODE4IDQ4LjEwMDUgMjAwLjAwOCA0OC4xMDc1IDIwMC4xOTkgNDguMTA3NUgyMDguODY0QzIwOC44NjQgNDguMTA3NSAyMDguODY0IDM5LjQ1MTUgMjA4Ljg2NCAzOS40NTI1QzIwOC44NjMgMzguNDUzNSAyMDguNjkgMzcuNDUxNSAyMDguMzUxIDM2LjUxMzVaTTIwNS42NjEgNDQuOTQ3NUMyMDUuNjYxIDQ0Ljk0NzUgMjAxLjcyNCA0NC45NDc1IDIwMC4yMDYgNDQuOTQ3NUMxOTcuMTc4IDQ0Ljk0NzUgMTk0LjcyNCA0Mi40Nzk1IDE5NC43MjQgMzkuNDUxNUMxOTQuNzI0IDM3LjkzNDUgMTk1LjM0MSAzNi41NzQ1IDE5Ni4zMzcgMzUuNTgxNUwxOTYuMzM4IDM1LjU4MjVDMTk5LjcyNCAzMi4xNTE1IDIwNS42ODMgMzQuNTU4NSAyMDUuNjYyIDM5LjQ1MTVDMjA1LjY2MSA0MC45Njk1IDIwNS42NjEgNDQuOTQ3NSAyMDUuNjYxIDQ0Ljk0NzVaIiBmaWxsPSIjMDcyNDJEIi8+CjxwYXRoIGQ9Ik02NS40NjkgNS40MzE2NEwxMC4xMjQgMzcuNDA5NkwxMC4xMjUgMTAxLjg3OEw2NS40NjIgMTM0LjExTDEyMC44MTMgMTAxLjg5NlYzNy40MDc2TDY1LjQ2OSA1LjQzMTY0WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTY0LjQ2NDEgNzkuMjUxMUM1OC4yMDUxIDc2LjQzNDEgNTQuNTA1MSA3MC40MTIxIDU0LjcwMjEgNjQuMDE2MUw0MS4zMjIxIDU2LjI4OTFDNDAuMzI0MSA2My42OTIxIDQxLjkxODEgNzEuNDM0MSA0NS45MzQxIDc4LjE0MzFDNTAuMjA4MSA4NS4yODQxIDU2LjM4MTEgOTAuNjAzMSA2NC40NjUxIDkzLjY4MzFWNzkuMjUxMUg2NC40NjQxWiIgZmlsbD0iIzE5MDREQSIvPgo8cGF0aCBkPSJNNjQuOTcwOSA5NC40MjA3TDY0LjI4MzkgOTQuMTU4N0M1Ni4yNDE5IDkxLjA5NDcgNDkuOTIxOSA4NS43OTQ3IDQ1LjQ5ODkgNzguNDA1N0M0MS40NjE5IDcxLjY2MDcgMzkuNzk5OSA2My43ODI3IDQwLjgxOTkgNTYuMjIyN0w0MC45MjA5IDU1LjQ3MjdMNTUuMjE2OSA2My43Mjg3TDU1LjIwNzkgNjQuMDMyN0M1NS4wMTM5IDcwLjMyMjcgNTguNzI4OSA3Ni4xMTU3IDY0LjY3MDkgNzguNzg4N0w2NC45Njk5IDc4LjkyMzdWOTQuNDIwN0g2NC45NzA5Wk00MS43MzI5IDU3LjExMjdDNDAuOTQ5OSA2NC4yMTM3IDQyLjU4NDkgNzEuNTU5NyA0Ni4zNjg5IDc3Ljg4MzdDNTAuNTQ0OSA4NC44NjA3IDU2LjQ1OTkgODkuOTIzNyA2My45NTY5IDkyLjk0MDdWNzkuNTc2N0M1Ny45MDg5IDc2LjcyMDcgNTQuMTEwOSA3MC43ODQ3IDU0LjE4ODkgNjQuMzA2N0w0MS43MzI5IDU3LjExMjdaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNNjQuNDY0MSAxMTEuOTc4Vjk1LjM5MDJDNTUuODA2MSA5Mi4yMjgyIDQ5LjE3MzEgODYuNTM1MiA0NC42MjExIDc4LjkzMDJDNDAuMzE1MSA3MS43MzYyIDM4LjY3NzEgNjMuMzk3MiAzOS44OTcxIDU1LjQ2NzJMMjcuNDYxMSA0OC4yODUyQzIwLjMzNzEgNzQuMjg4MiAzNi4zMjIxIDEwMS45ODIgNjQuNDY0MSAxMTEuOTc4WiIgZmlsbD0iIzE5MDREQSIvPgo8cGF0aCBkPSJNNjQuOTcwOSAxMTIuNjk2TDY0LjI5NDkgMTEyLjQ1NkM1MC41ODQ5IDEwNy41ODYgMzkuMjIxOSA5OC4zMjg2IDMyLjI5ODkgODYuMzg3NkMyNS4zNzc5IDc0LjQ1MTYgMjMuNDg1OSA2MC44NzI2IDI2Ljk3MTkgNDguMTUwNkwyNy4xNDU5IDQ3LjUxNzZMNDAuNDUwOSA1NS4yMDA2TDQwLjM5ODkgNTUuNTQzNkMzOS4xODc5IDYzLjQxNDYgNDAuODQyOSA3MS42MjY2IDQ1LjA1NjkgNzguNjY4NkM0OS42Nzc5IDg2LjM4OTYgNTYuMjY1OSA5MS44NTU2IDY0LjYzODkgOTQuOTEyNkw2NC45NzE5IDk1LjAzNDZWMTEyLjY5Nkg2NC45NzA5Wk0yNy43ODA5IDQ5LjA1NTZDMjEuMTM4OSA3NC42NTI2IDM2LjU2OTkgMTAxLjE4OCA2My45NTY5IDExMS4yNTZWOTUuNzQyNkM1NS41MTg5IDkyLjU4MDYgNDguODY3OSA4Ny4wMTI2IDQ0LjE4NjkgNzkuMTg5NkMzOS45MTE5IDcyLjA0ODYgMzguMTk3OSA2My43MzE2IDM5LjM0NDkgNTUuNzMyNkwyNy43ODA5IDQ5LjA1NTZaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNNjYuMjk2OSA5NS4yNFYxMTEuOTc5QzkzLjkxODkgMTAxLjc1MSAxMTAuNSA3NC4xMDUgMTAzLjQ5NiA0OC4zNzNMOTEuMTI2OSA1NS41NzlDOTIuNjcwOSA2NC4xMzIgOTEuMzI0OSA3Mi40NyA4Ny4xODY5IDc5LjQ0NkM4Mi45MzY5IDg2LjYxMyA3NS41MTM5IDkxLjk5MiA2Ni4yOTY5IDk1LjI0WiIgZmlsbD0iIzA4QjFENSIvPgo8cGF0aCBkPSJNNjUuNzkgMTEyLjcwOFY5NC44ODA2TDY2LjEyOSA5NC43NjE2Qzc1LjU0NiA5MS40NDM2IDgyLjY3NiA4Ni4wNTc2IDg2Ljc1MyA3OS4xODc2QzkwLjgyNSA3Mi4zMTk2IDkyLjE2NiA2NC4xODc2IDkwLjYyOSA1NS42Njk2TDkwLjU2NiA1NS4zMTk2TDEwMy44MTIgNDcuNjAxNkwxMDMuOTg1IDQ4LjIzOTZDMTEwLjk2MiA3My44NzQ2IDk0LjQ4NSAxMDIuMDgyIDY2LjQ3MyAxMTIuNDU1TDY1Ljc5IDExMi43MDhaTTY2LjgwNCA5NS41OTc2VjExMS4yNDdDOTMuNjgxIDEwMC45NDEgMTA5LjUxOSA3My44OTg2IDEwMy4xNzYgNDkuMTQ2Nkw5MS42ODggNTUuODM5NkM5My4xNyA2NC40NzQ2IDkxLjc2NyA3Mi43MTg2IDg3LjYyMyA3OS43MDQ2QzgzLjQ3NiA4Ni42OTg2IDc2LjI4MSA5Mi4xODk2IDY2LjgwNCA5NS41OTc2WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTc2LjM4MDkgNjQuMDg4NEM3Ni40MzY5IDcwLjI5ODQgNzIuNzg2OSA3NS43NjE0IDY2LjI5NjkgNzkuMjUxNFY5My42ODQ0Qzc0LjkyMDkgOTAuNTQwNCA4MS44ODY5IDg1LjM4NDQgODUuODcxOSA3OC42NjU0Qzg5LjczMDkgNzIuMTU5NCA5MS4wNDI5IDY0LjM5NjQgODkuNzE5OSA1Ni4zOTg0TDc2LjM4MDkgNjQuMDg4NFoiIGZpbGw9IiMwOEIxRDUiLz4KPHBhdGggZD0iTTY1Ljc5IDk0LjQwOTdWNzguOTQ4N0w2Ni4wNTcgNzguODA0OEM3Mi4zNDggNzUuNDIwOCA3NS45MjYgNzAuMDU4OCA3NS44NzMgNjQuMDkyOEw3NS44NyA2My43OTY3TDkwLjEwMSA1NS41OTM4TDkwLjIyIDU2LjMxNThDOTEuNTc1IDY0LjUwNjggOTAuMjIzIDcyLjMyNDcgODYuMzA4IDc4LjkyMzdDODIuMzQ1IDg1LjYwNTcgNzUuNDg2IDkwLjg3NDcgNjYuNDcgOTQuMTYwN0w2NS43OSA5NC40MDk3Wk02Ni44MDQgNzkuNTUyOFY5Mi45NTQ4Qzc1LjI2IDg5LjczNTggODEuNjk0IDg0LjcxNTcgODUuNDM2IDc4LjQwNjdDODkuMTExIDcyLjIwOTcgOTAuNDUyIDY0Ljg5NDggODkuMzMyIDU3LjIwNjhMNzYuODg4IDY0LjM4MTdDNzYuODI2IDcwLjUzMTcgNzMuMTcxIDc2LjAzMzggNjYuODA0IDc5LjU1MjhaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNNzguMzA2OSA0MS44OTg3QzgzLjUyMzkgNDQuNDQyNyA4Ny43NzM5IDQ4LjUxODcgOTAuNTk1OSA1My42ODQ3QzkwLjYzMjkgNTMuNzUyNyA5MC42Njc5IDUzLjgyMzcgOTAuNzA0OSA1My44OTE3TDEwMi44MzcgNDYuODg1N0MxMDIuNjQ0IDQ2LjY0MjcgMTAyLjQ1OSA0Ni4zOTY3IDEwMi4zMDYgNDYuMTUwN0M5Ny44NTQ5IDM4Ljk1MTcgOTEuOTc1OSAzMy41MzQ3IDg0LjgyOTkgMzAuMDQ5N0M2NC42NTY5IDIwLjIxMTcgMzkuOTM3OSAyNy42Mjk3IDI4LjEyODkgNDYuOTExN0w0MC4yMzE5IDUzLjg5NzdDNDguNDQ4OSA0MC42ODQ3IDY0Ljk5MDkgMzUuNDA0NyA3OC4zMDY5IDQxLjg5ODdaIiBmaWxsPSIjRkZDOTAwIi8+CjxwYXRoIGQ9Ik05MC41MDM4IDU0LjU5MjRMOTAuMTUwOCA1My45MzA0Qzg3LjM3ODggNDguODUzNCA4My4yMDU4IDQ0Ljg1MjQgNzguMDg0OCA0Mi4zNTM0QzY1LjE0MjggMzYuMDQyNCA0OC43MDM4IDQxLjIzMDQgNDAuNjYwOCA1NC4xNjU0TDQwLjQwMTggNTQuNTgxNEwyNy40MjM4IDQ3LjA5MTRMMjcuNjk0OCA0Ni42NDc0QzM5LjYwMTggMjcuMjA2NCA2NC43OTc4IDE5LjcxODQgODUuMDUwOCAyOS41OTQ0QzkyLjI4NDggMzMuMTIyNCA5OC4yMzQ4IDM4LjYwMzQgMTAyLjczNiA0NS44ODQ0QzEwMi44NzkgNDYuMTEzNCAxMDMuMDUzIDQ2LjM0MzQgMTAzLjIzMyA0Ni41NzA0TDEwMy41OTggNDcuMDMxNEw5MC41MDM4IDU0LjU5MjRaTTI4LjgzNTggNDYuNzM1NEw0MC4wNjI4IDUzLjIxNjRDNDguNDY5OCA0MC4xNTI0IDY1LjI2NzggMzQuOTc2NCA3OC41Mjk4IDQxLjQ0MzRDODMuNzU3OCA0My45OTI0IDg4LjAzMDggNDguMDUxNCA5MC45MDI4IDUzLjE5MjRMMTAyLjA4NyA0Ni43MzQ0QzEwMi4wMTIgNDYuNjI5NCAxMDEuOTQxIDQ2LjUyMzQgMTAxLjg3NiA0Ni40MTg0Qzk3LjQ3NTggMzkuMzAyNCA5MS42NjY4IDMzLjk0ODQgODQuNjA4OCAzMC41MDU0QzY0Ljk2NjggMjAuOTI5NCA0MC41ODE4IDI4LjA2NDQgMjguODM1OCA0Ni43MzU0WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTcwLjczMTIgNTcuMjkzOUM3Mi44OTEyIDU4LjM0NjkgNzQuNjQyMiA2MC4wNDc5IDc1Ljc5NjIgNjIuMjExOUM3NS44MzUyIDYyLjI4NDkgNzUuODY5MiA2Mi4zNjE5IDc1LjkwNjIgNjIuNDM1OUw4OS4zNzkyIDU0LjY1NTlDODkuMzM3MiA1NC41NzY5IDg5LjI5NjIgNTQuNDk0OSA4OS4yNTMyIDU0LjQxNjlDODYuNTg0MiA0OS41MzA5IDgyLjU2NzIgNDUuNjc1OSA3Ny42MzYyIDQzLjI3MTlDNjUuMDM5MiAzNy4xMjc5IDQ5LjM3MTIgNDIuMTM5OSA0MS41NTYyIDU0LjY2MTlMNTQuOTU2MiA2Mi4zOTU5QzU4LjQ0ODIgNTYuNzk1OSA2NS4yMDUyIDU0LjU5OTkgNzAuNzMxMiA1Ny4yOTM5WiIgZmlsbD0iI0ZGQzkwMCIvPgo8cGF0aCBkPSJNNzUuNjg5MSA2My4xNDc0TDc1LjM0NjEgNjIuNDQ3NEM3NC4yNDYxIDYwLjM4MjQgNzIuNTcyMSA1OC43NTc0IDcwLjUwODEgNTcuNzUwNEg3MC41MDkxQzY1LjIzNTEgNTUuMTgwNCA1OC43MzUxIDU3LjI5MjQgNTUuMzg2MSA2Mi42NjU0TDU1LjEyODEgNjMuMDgxNEw0MC44NDkxIDU0LjgzOTRMNDEuMTI3MSA1NC4zOTQ0QzQ5LjE3MzEgNDEuNTA0NCA2NC45NjYxIDM2LjUyNjQgNzcuODYwMSA0Mi44MTc0QzgyLjg4NTEgNDUuMjY3NCA4Ni45ODAxIDQ5LjE5NTQgODkuNjk5MSA1NC4xNzQ0TDkwLjA2MDEgNTQuODQ5NEw3NS42ODkxIDYzLjE0NzRaTTY1Ljc3MTEgNTUuNjQ2NEM2Ny41MzMxIDU1LjY0NjQgNjkuMjk4MSA1Ni4wMzE0IDcwLjk1MzEgNTYuODM5NEg3MC45NTQxQzczLjEyOTEgNTcuOTAxNCA3NC45MDgxIDU5LjU4OTQgNzYuMTEyMSA2MS43MzM0TDg4LjcwMDEgNTQuNDYzNEM4Ni4wODIxIDQ5Ljc2MzQgODIuMTg0MSA0Ni4wNTQ0IDc3LjQxNTEgNDMuNzI4NEM2NS4zMzcxIDM3Ljg0MDQgNTAuMDA2MSA0Mi41Njg0IDQyLjI2ODEgNTQuNDg4NEw1NC43OTIxIDYxLjcxNzRDNTcuMzk3MSA1Ny44MzY0IDYxLjU3MjEgNTUuNjQ2NCA2NS43NzExIDU1LjY0NjRaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMTE5LjE0IDM5LjI1NzhMMTA0Ljg2MiA0Ny41NzU4QzExMi4zOTMgNzQuMzUwOCA5NS4xMjI5IDEwMy4yMSA2Ni4yOTc5IDExMy42MDRWMTMxLjczMkwxMTkuMTQgMTAwLjkzNVYzOS4yNTc4WiIgZmlsbD0iIzA4QjFENSIvPgo8cGF0aCBkPSJNNjUuNzkgMTMyLjYxNFYxMTMuMjQ4TDY2LjEyNSAxMTMuMTI3Qzk0Ljk2NSAxMDIuNzI3IDExMS43NjYgNzMuOTk0IDEwNC4zNzQgNDcuNzEzTDEwNC4yNjggNDcuMzM1TDExOS42NDcgMzguMzc1VjEwMS4yMjVMMTE5LjM5NSAxMDEuMzcyTDY1Ljc5IDEzMi42MTRaTTY2LjgwNCAxMTMuOTU5VjEzMC44NDlMMTE4LjYzMiAxMDAuNjQ0VjQwLjE0MUwxMDUuNDU1IDQ3LjgxOEMxMTIuNjk3IDc0LjQwNCA5NS44MDEgMTAzLjMzMSA2Ni44MDQgMTEzLjk1OVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMS43OTc5IDM5LjI0MDJWMTAwLjkxOEw2NC40NjQ4IDEzMS43MzFWMTEzLjYwM0MzNS4xMTQ4IDEwMy40NTUgMTguNDQ0OSA3NC41NDQyIDI2LjA5NDkgNDcuNDk1MkwxMi40Njc5IDM5LjYyNjJMMTEuNzk3OSAzOS4yNDAyWiIgZmlsbD0iIzE5MDREQSIvPgo8cGF0aCBkPSJNNjQuOTcxIDEzMi42MTRMMTEuMjkgMTAxLjIwOFYzOC4zNjEzTDI2LjY5IDQ3LjI1MzNMMjYuNTgzIDQ3LjYzMzNDMTkuMDIyIDc0LjM2NjMgMzUuNzM1IDEwMy4xMzMgNjQuNjMgMTEzLjEyNEw2NC45NzIgMTEzLjI0MlYxMzIuNjE0SDY0Ljk3MVpNMTIuMzA0IDEwMC42MjZMNjMuOTU3IDEzMC44NDZWMTEzLjk2M0MzNC45MDIgMTAzLjczNiAxOC4wODcgNzQuNzczMyAyNS41IDQ3LjczODNMMTIuMzA0IDQwLjExNzNWMTAwLjYyNloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMi41NTQyIDM3LjkyMzJMMTQuMTEwMiAzOC44MjIyTDI2LjgwMzIgNDYuMTQ4MkMzOS4wMTQyIDI2LjE3NTIgNjQuNjEwMiAxOC40ODkyIDg1LjUwMDIgMjguNjc2MkM5Mi45MTAyIDMyLjI5MDIgOTkuMDAyMiAzNy44OTkyIDEwMy42MDcgNDUuMzQ3MkMxMDMuNzUzIDQ1LjU4MzIgMTAzLjk1NiA0NS44NDEyIDEwNC4xNzcgNDYuMTEzMkwxMTguMzcyIDM3LjkxNjJMNjUuNDY5MiA3LjM2NTIzTDEyLjU1NDIgMzcuOTIzMloiIGZpbGw9IiNGRkM5MDAiLz4KPHBhdGggZD0iTTI2Ljk3NyA0Ni44MzMzTDExLjU0MSAzNy45MjIzTDY1LjQ2OSA2Ljc3OTNMNjUuNzIzIDYuOTI1M0wxMTkuMzg2IDM3LjkxNTNMMTA0LjA1NiA0Ni43NjczTDEwMy43ODQgNDYuNDMyM0MxMDMuNTQ3IDQ2LjE0MTMgMTAzLjMzMSA0NS44NjQzIDEwMy4xNzYgNDUuNjEyM0M5OC42MjIgMzguMjQ3MyA5Mi42MDEgMzIuNzAyMyA4NS4yNzkgMjkuMTMwM0M2NC43NjggMTkuMTMwMyAzOS4yNzQgMjYuNzIxMyAyNy4yMzYgNDYuNDExM0wyNi45NzcgNDYuODMzM1pNMTMuNTY5IDM3LjkyMjNMMjYuNjMgNDUuNDYyM0MzOS4wNDIgMjUuNjQ1MyA2NC44OTYgMTguMDYzMyA4NS43MjIgMjguMjE5M0M5My4yMiAzMS44NzYzIDk5LjM4MiAzNy41NDgzIDEwNC4wMzggNDUuMDc4M0MxMDQuMTEyIDQ1LjE5ODMgMTA0LjIwMiA0NS4zMjMzIDEwNC4zMDEgNDUuNDU0M0wxMTcuMzU3IDM3LjkxNTNMNjUuNDY5IDcuOTQ5M0wxMy41NjkgMzcuOTIyM1oiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik02Ni4yMzczIDc3LjU3MTdDNzEuNDQ0MyA3NC42NTk3IDc0LjU3MDMgNjkuOTk3NyA3NC43NzEzIDY0LjgyNjdDNzQuNzcxMyA2NC44MjY3IDc0Ljc5NDMgNjQuMzEzNyA3NC43NTUzIDYzLjQ4MTdDNzQuNzQ3MyA2My4zMTA3IDczLjYwMDMgNjAuNTgyNyA3MC4xMDYzIDU4LjY3NzdDNjUuNDE0MyA1Ni4xMTk3IDU4Ljc1NjMgNTguNTgwNyA1Ni4wOTAzIDYzLjQ4MTdDNTYuMDkwMyA2My40ODE3IDU2LjAyNjMgNjQuMDgyNyA1Ni4wNTYzIDY0LjgyNjdDNTYuMjQ3MyA2OS41MjY3IDU5LjE0MzMgNzUuMDQ1NyA2NC4yNzAzIDc3LjU3MTdMNjUuMzA5MyA3OC4wNjc3TDY2LjIzNzMgNzcuNTcxN1oiIGZpbGw9IiNGRjQ0NUYiLz4KPHBhdGggZD0iTTY1LjMyMzIgNzguNjM1NUw2NC4wNTMyIDc4LjAyOTRDNTguNDM2MiA3NS4yNjA0IDU1LjczNjIgNjkuNDE0NCA1NS41NTAyIDY0Ljg0NzVDNTUuNTE4MiA2NC4wNzQ1IDU1LjU4NDIgNjMuNDU0NCA1NS41ODcyIDYzLjQyNzRMNTUuNjQ1MiA2My4yMzk0QzU2Ljk4OTIgNjAuNzcwNCA1OS4zNjgyIDU4Ljc4OTUgNjIuMTcyMiA1Ny44MDM1QzY1LjAyNzIgNTYuNzk5NSA2OC4wMDgyIDU2Ljk1NTQgNzAuMzUwMiA1OC4yMzE0QzczLjg5NDIgNjAuMTYzNCA3NS4yNDIyIDYyLjk5NjUgNzUuMjYyMiA2My40NTc1Qzc1LjMwMzIgNjQuMzE3NSA3NS4yNzgyIDY0Ljg0ODQgNzUuMjc4MiA2NC44NDg0Qzc1LjA3MDIgNzAuMjA2NCA3MS44NjUyIDc1LjAwNTQgNjYuNDg1MiA3OC4wMTQ1TDY1LjMyMzIgNzguNjM1NVpNNTYuNTg2MiA2My42MzI1QzU2LjU3MTIgNjMuODI0NSA1Ni41NDIyIDY0LjI3OTUgNTYuNTY0MiA2NC44MDU1QzU2LjczMTIgNjguOTM0NSA1OS4yODYyIDc0LjU0ODQgNjQuNDk1MiA3Ny4xMTY0TDY1LjI5NzIgNzcuNDk5NUw2NS45OTMyIDc3LjEyNzRDNzEuMDU1MiA3NC4yOTQ0IDc0LjA3MDIgNjkuODA0NCA3NC4yNjQyIDY0LjgwNzRDNzQuMjY1MiA2NC43OTM0IDc0LjI4NjIgNjQuMjk5NSA3NC4yNDkyIDYzLjUwNjVDNzQuMTQ1MiA2My4xODI1IDcyLjkyMTIgNjAuNzkxNSA2OS44NjQyIDU5LjEyMzVDNjcuNzc1MiA1Ny45ODQ1IDY1LjA5NTIgNTcuODUzNSA2Mi41MDcyIDU4Ljc2MTVDNTkuOTcyMiA1OS42NTA1IDU3LjgyMDIgNjEuNDIzNCA1Ni41ODYyIDYzLjYzMjVaIiBmaWxsPSJ3aGl0ZSIvPgo8L3N2Zz4K + mediatype: image/svg+xml + miniKubeVersion: 1.11.0 + installModes: + - type: OwnNamespace + supported: true + - type: SingleNamespace + supported: true + - type: MultiNamespace + supported: true + - type: AllNamespaces + supported: true + install: + strategy: deployment + spec: + clusterPermissions: + - serviceAccountName: trivy-operator + rules: + - apiGroups: + - "" + resources: + - pods + - pods/log + - replicationcontrollers + - services + - resourcequotas + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + - secrets + - serviceaccounts + verbs: + - list + - watch + - get + - create + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - apps + resources: + - replicasets + - statefulsets + - daemonsets + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - get + - list + - watch + - apiGroups: + - aquasecurity.github.io + resources: + - vulnerabilityreports + - configauditreports + - clustercompliancereports + - clusterconfigauditreports + - exposedsecretreports + - sbomreports + - rbacassessmentreports + - infraassessmentreports + - clusterrbacassessmentreports + - clusterinfraassessmentreports + - clustersbomreports + - clustervulnerabilityreports + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update + deployments: + - name: trivy-operator + spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: trivy-operator + app.kubernetes.io/instance: trivy-operator + template: + metadata: + labels: + app.kubernetes.io/name: trivy-operator + app.kubernetes.io/instance: trivy-operator + spec: + serviceAccountName: trivy-operator + automountServiceAccountToken: true + securityContext: {} + containers: + - name: trivy-operator + image: docker.io/aquasec/trivy-operator:0.18.1 + imagePullPolicy: IfNotPresent + securityContext: + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + env: + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.operatorNamespace'] + - name: OPERATOR_TARGET_NAMESPACES + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + ports: + - name: metrics + containerPort: 8080 + - name: probes + containerPort: 9090 + readinessProbe: + httpGet: + path: /readyz/ + port: probes + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + httpGet: + path: /healthz/ + port: probes + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + customresourcedefinitions: + owned: + - kind: VulnerabilityReport + name: vulnerabilityreports.aquasecurity.github.io + version: v1alpha1 + displayName: VulnerabilityReport + description: Represents the result of scanning a container image for known security vulnerabilities. + - kind: ConfigAuditReport + name: configauditreports.aquasecurity.github.io + version: v1alpha1 + displayName: ConfigAuditReport + description: Represents the result of scanning a namespaced resource for known configuration issues. + - kind: ClusterConfigAuditReport + name: clusterconfigauditreports.aquasecurity.github.io + version: v1alpha1 + displayName: ClusterConfigAuditReport + description: Represents the result of scanning a cluster-scoped resource for known configuration issues. + - kind: ClusterComplianceReport + name: clustercompliancereports.aquasecurity.github.io + version: v1alpha1 + displayName: ClusterComplianceReport + description: Represents the result of scanning a cluster-scoped compliance reports. + - kind: ClusterSbomReport + name: clustersbomreports.aquasecurity.github.io + version: v1alpha1 + displayName: ClusterSbomReport + description: Represents the result of scanning a cluster level sbom reports (used for caching). + - kind: ClusterVulnerabilityReport + name: clustervulnerabilityreports.aquasecurity.github.io + version: v1alpha1 + displayName: ClusterVulnerabilityReport + description: Represents the result of scanning a cluster core components(api-server, kubelet, kube-proxy and etc) level vulnerability report. + - kind: ExposedSecretReport + name: exposedsecretreports.aquasecurity.github.io + version: v1alpha1 + displayName: ExposedSecretReport + description: Represents the result of scanning a container image for exposed secret. + - kind: SbomReport + name: sbomreports.aquasecurity.github.io + version: v1alpha1 + displayName: SbomReport + description: Represents the container image software bill of materials. + - kind: RbacAssessmentReport + name: rbacassessmentreports.aquasecurity.github.io + version: v1alpha1 + displayName: RbacAssessmentReport + description: Represents the result of scanning assessment of a namespace role + - kind: InfraAssessmentReport + name: infraassessmentreports.aquasecurity.github.io + version: v1alpha1 + displayName: InfraAssessmentReport + description: Represents the result of scanning infra assessment of k8s core components + - kind: ClusterRbacAssessmentReport + name: clusterrbacassessmentreports.aquasecurity.github.io + version: v1alpha1 + displayName: ClusterRbacAssessmentReport + description: Represents the result of scanning assessment of a cluster-scope role + - kind: ClusterInfraAssessmentReport + name: clusterinfraassessmentreports.aquasecurity.github.io + version: v1alpha1 + displayName: ClusterInfraAssessmentReport + description: Represents the result of scanning assessment of a cluster-scope infra checks diff --git a/operators/trivy-operator/0.18.1/manifests/vulnerabilityreports.v1alpha1.aquasecurity.github.io.crd.yaml b/operators/trivy-operator/0.18.1/manifests/vulnerabilityreports.v1alpha1.aquasecurity.github.io.crd.yaml new file mode 100644 index 00000000000..4c174558040 --- /dev/null +++ b/operators/trivy-operator/0.18.1/manifests/vulnerabilityreports.v1alpha1.aquasecurity.github.io.crd.yaml @@ -0,0 +1,285 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: vulnerabilityreports.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: VulnerabilityReport + listKind: VulnerabilityReportList + plural: vulnerabilityreports + shortNames: + - vuln + - vulns + singular: vulnerabilityreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The name of image repository + jsonPath: .report.artifact.repository + name: Repository + type: string + - description: The name of image tag + jsonPath: .report.artifact.tag + name: Tag + type: string + - description: The name of the vulnerability scanner + jsonPath: .report.scanner.name + name: Scanner + type: string + - description: The age of the report + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The number of critical vulnerabilities + jsonPath: .report.summary.criticalCount + name: Critical + priority: 1 + type: integer + - description: The number of high vulnerabilities + jsonPath: .report.summary.highCount + name: High + priority: 1 + type: integer + - description: The number of medium vulnerabilities + jsonPath: .report.summary.mediumCount + name: Medium + priority: 1 + type: integer + - description: The number of low vulnerabilities + jsonPath: .report.summary.lowCount + name: Low + priority: 1 + type: integer + - description: The number of unknown vulnerabilities + jsonPath: .report.summary.unknownCount + name: Unknown + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: VulnerabilityReport summarizes vulnerabilities in application + dependencies and operating system packages built into container images. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + report: + description: Report is the actual vulnerability report data. + properties: + artifact: + description: Artifact represents a standalone, executable package + of software that includes everything needed to run an application. + properties: + digest: + description: Digest is a unique and immutable identifier of an + Artifact. + type: string + mimeType: + description: MimeType represents a type and format of an Artifact. + type: string + repository: + description: Repository is the name of the repository in the Artifact + registry. + type: string + tag: + description: Tag is a mutable, human-readable string used to identify + an Artifact. + type: string + type: object + os: + description: OS information of the artifact + properties: + eosl: + description: Eosl is true if OS version has reached end of service + life + type: boolean + family: + description: Operating System Family + type: string + name: + description: Name or version of the OS + type: string + type: object + registry: + description: Registry is the registry the Artifact was pulled from. + properties: + server: + description: Server the FQDN of registry server. + type: string + type: object + scanner: + description: Scanner is the scanner that generated this report. + properties: + name: + description: Name the name of the scanner. + type: string + vendor: + description: Vendor the name of the vendor providing the scanner. + type: string + version: + description: Version the version of the scanner. + type: string + required: + - name + - vendor + - version + type: object + summary: + description: Summary is a summary of Vulnerability counts grouped + by Severity. + properties: + criticalCount: + description: CriticalCount is the number of vulnerabilities with + Critical Severity. + minimum: 0 + type: integer + highCount: + description: HighCount is the number of vulnerabilities with High + Severity. + minimum: 0 + type: integer + lowCount: + description: LowCount is the number of vulnerabilities with Low + Severity. + minimum: 0 + type: integer + mediumCount: + description: MediumCount is the number of vulnerabilities with + Medium Severity. + minimum: 0 + type: integer + noneCount: + description: NoneCount is the number of packages without any vulnerability. + minimum: 0 + type: integer + unknownCount: + description: UnknownCount is the number of vulnerabilities with + unknown severity. + minimum: 0 + type: integer + required: + - criticalCount + - highCount + - lowCount + - mediumCount + - unknownCount + type: object + updateTimestamp: + description: UpdateTimestamp is a timestamp representing the server + time in UTC when this report was updated. + format: date-time + type: string + vulnerabilities: + description: Vulnerabilities is a list of operating system (OS) or + application software Vulnerability items found in the Artifact. + items: + description: Vulnerability is the spec for a vulnerability record. + properties: + class: + type: string + cvss: + additionalProperties: + properties: + V2Score: + type: number + V2Vector: + type: string + V3Score: + type: number + V3Vector: + type: string + type: object + type: object + cvsssource: + type: string + description: + type: string + fixedVersion: + description: FixedVersion indicates the version of the Resource + in which this vulnerability has been fixed. + type: string + installedVersion: + description: InstalledVersion indicates the installed version + of the Resource. + type: string + lastModifiedDate: + description: LastModifiedDate indicates the last date CVE has + been modified. + type: string + links: + items: + type: string + type: array + packagePath: + type: string + packageType: + type: string + primaryLink: + type: string + publishedDate: + description: PublishedDate indicates the date of published CVE. + type: string + resource: + description: Resource is a vulnerable package, application, + or library. + type: string + score: + type: number + severity: + description: Severity level of a vulnerability or a configuration + audit check. + enum: + - CRITICAL + - HIGH + - MEDIUM + - LOW + - UNKNOWN + type: string + target: + type: string + title: + type: string + vulnerabilityID: + description: VulnerabilityID the vulnerability identifier. + type: string + required: + - fixedVersion + - installedVersion + - lastModifiedDate + - publishedDate + - resource + - severity + - title + - vulnerabilityID + type: object + type: array + required: + - artifact + - os + - scanner + - summary + - updateTimestamp + - vulnerabilities + type: object + required: + - report + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: {} diff --git a/operators/trivy-operator/0.18.1/metadata/annotations.yaml b/operators/trivy-operator/0.18.1/metadata/annotations.yaml new file mode 100644 index 00000000000..06f9b00e3ab --- /dev/null +++ b/operators/trivy-operator/0.18.1/metadata/annotations.yaml @@ -0,0 +1,7 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: trivy-operator diff --git a/operators/trivy-operator/ci.yaml b/operators/trivy-operator/ci.yaml index baf00244277..dc2420e66d0 100644 --- a/operators/trivy-operator/ci.yaml +++ b/operators/trivy-operator/ci.yaml @@ -4,5 +4,4 @@ addReviewers: true reviewers: - itaysk - chen-keinan - - josedonizetti updateGraph: replaces-mode \ No newline at end of file