diff --git a/deploy/helm/crds b/deploy/helm/crds new file mode 120000 index 000000000..c49a2e009 --- /dev/null +++ b/deploy/helm/crds @@ -0,0 +1 @@ +../crd \ No newline at end of file diff --git a/deploy/helm/crds/ciskubebenchreports.crd.yaml b/deploy/helm/crds/ciskubebenchreports.crd.yaml deleted file mode 100644 index a4a92ea0c..000000000 --- a/deploy/helm/crds/ciskubebenchreports.crd.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ciskubebenchreports.aquasecurity.github.io - labels: - app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.0.1" -spec: - group: aquasecurity.github.io - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .report.scanner.name - type: string - name: Scanner - - jsonPath: .metadata.creationTimestamp - type: date - name: Age - - jsonPath: .report.summary.failCount - type: integer - name: Fail - priority: 1 - - jsonPath: .report.summary.warnCount - type: integer - name: Warn - priority: 1 - - jsonPath: .report.summary.infoCount - type: integer - name: Info - priority: 1 - - jsonPath: .report.summary.passCount - type: integer - name: Pass - priority: 1 - schema: - openAPIV3Schema: - x-kubernetes-preserve-unknown-fields: true - type: "object" - scope: Cluster - names: - singular: ciskubebenchreport - plural: ciskubebenchreports - kind: CISKubeBenchReport - listKind: CISKubeBenchReportList - categories: [] - shortNames: - - kubebench diff --git a/deploy/helm/crds/clustercompliancedetailreports.crd.yaml b/deploy/helm/crds/clustercompliancedetailreports.crd.yaml deleted file mode 100644 index 9103f0997..000000000 --- a/deploy/helm/crds/clustercompliancedetailreports.crd.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clustercompliancedetailreports.aquasecurity.github.io - labels: - app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.0.1" -spec: - group: aquasecurity.github.io - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - type: date - name: Age - description: The age of the report - - jsonPath: .report.summary.failCount - type: integer - name: Fail - priority: 1 - description: The number of checks that failed with Danger status - - jsonPath: .report.summary.passCount - type: integer - name: Pass - priority: 1 - description: The number of checks that passed - schema: - openAPIV3Schema: - x-kubernetes-preserve-unknown-fields: true - type: object - scope: Cluster - names: - singular: clustercompliancedetailreport - plural: clustercompliancedetailreports - kind: ClusterComplianceDetailReport - listKind: ClusterComplianceDetailReportList - categories: [ ] - shortNames: - - compliancedetail diff --git a/deploy/helm/crds/clustercompliancereports.crd.yaml b/deploy/helm/crds/clustercompliancereports.crd.yaml deleted file mode 100644 index 8b44ecce6..000000000 --- a/deploy/helm/crds/clustercompliancereports.crd.yaml +++ /dev/null @@ -1,137 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clustercompliancereports.aquasecurity.github.io - labels: - app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.0.1" -spec: - group: aquasecurity.github.io - scope: Cluster - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - type: date - name: Age - description: The age of the report - - jsonPath: .status.summary.failCount - type: integer - name: Fail - priority: 1 - description: The number of checks that failed with Danger status - - jsonPath: .status.summary.passCount - type: integer - name: Pass - priority: 1 - description: The number of checks that passed - schema: - openAPIV3Schema: - type: object - required: - - apiVersion - - kind - - metadata - - spec - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - required: - - name - - description - - version - - cron - - controls - properties: - name: - type: string - description: - type: string - version: - type: string - cron: - type: string - pattern: '^(((([\*]{1}){1})|((\*\/){0,1}(([0-9]{1}){1}|(([1-5]{1}){1}([0-9]{1}){1}){1}))) ((([\*]{1}){1})|((\*\/){0,1}(([0-9]{1}){1}|(([1]{1}){1}([0-9]{1}){1}){1}|([2]{1}){1}([0-3]{1}){1}))) ((([\*]{1}){1})|((\*\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))) ((([\*]{1}){1})|((\*\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))|(jan|feb|mar|apr|may|jun|jul|aug|sep|okt|nov|dec)) ((([\*]{1}){1})|((\*\/){0,1}(([0-7]{1}){1}))|(sun|mon|tue|wed|thu|fri|sat)))$' - description: 'cron define the intervals for report generation' - controls: - type: array - items: - type: object - required: - - name - - id - - kinds - - mapping - - severity - properties: - name: - type: string - description: - type: string - id: - type: string - description: 'id define the control check id' - kinds: - type: array - items: - type: string - description: 'kinds define the list of kinds control check apply on , example: Node,Workload ' - mapping: - type: object - required: - - scanner - - checks - properties: - scanner: - type: string - pattern: '^config-audit$|^kube-bench$' - description: 'scanner define the name of the scanner which produce data, currently only config-audit and kube-bench are supported' - checks: - type: array - items: - type: object - required: - - id - properties: - id: - type: string - description: 'id define the check id as produced by scanner' - severity: - type: string - description: 'define the severity of the control' - enum: - - CRITICAL - - HIGH - - MEDIUM - - LOW - - UNKNOWN - defaultStatus: - type: string - description: 'define the default value for check status in case resource not found' - enum: - - PASS - - WARN - - FAIL - status: - x-kubernetes-preserve-unknown-fields: true - type: object - subresources: - # status enables the status subresource. - status: { } - names: - singular: clustercompliancereport - plural: clustercompliancereports - kind: ClusterComplianceReport - listKind: ClusterComplianceReportList - categories: [ ] - shortNames: - - compliance diff --git a/deploy/helm/crds/clusterconfigauditreports.crd.yaml b/deploy/helm/crds/clusterconfigauditreports.crd.yaml deleted file mode 100644 index 22a915924..000000000 --- a/deploy/helm/crds/clusterconfigauditreports.crd.yaml +++ /dev/null @@ -1,56 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterconfigauditreports.aquasecurity.github.io - labels: - app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.0.1" -spec: - group: aquasecurity.github.io - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .report.scanner.name - type: string - name: Scanner - description: The name of the config audit scanner - - jsonPath: .metadata.creationTimestamp - type: date - name: Age - description: The age of the report - - jsonPath: .report.summary.criticalCount - type: integer - name: Critical - priority: 1 - description: The number of failed checks with critical severity - - jsonPath: .report.summary.highCount - type: integer - name: High - priority: 1 - description: The number of failed checks with high severity - - jsonPath: .report.summary.mediumCount - type: integer - name: Medium - priority: 1 - description: The number of failed checks with medium severity - - jsonPath: .report.summary.lowCount - type: integer - name: Low - priority: 1 - description: The number of failed checks with low severity - schema: - openAPIV3Schema: - x-kubernetes-preserve-unknown-fields: true - type: object - scope: Cluster - names: - singular: clusterconfigauditreport - plural: clusterconfigauditreports - kind: ClusterConfigAuditReport - listKind: ClusterConfigAuditReportList - categories: [] - shortNames: - - clusterconfigaudit diff --git a/deploy/helm/crds/clustervulnerabilityreports.crd.yaml b/deploy/helm/crds/clustervulnerabilityreports.crd.yaml deleted file mode 100644 index 86287bbcb..000000000 --- a/deploy/helm/crds/clustervulnerabilityreports.crd.yaml +++ /dev/null @@ -1,243 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clustervulnerabilityreports.aquasecurity.github.io - labels: - app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.0.1" -spec: - group: aquasecurity.github.io - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - description: | - ClusterVulnerabilityReport summarizes vulnerabilities in application dependencies and operating system packages - built into container images. - type: object - required: - - apiVersion - - kind - - metadata - - report - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - report: - description: | - Report is the actual vulnerability report data. - type: object - required: - - updateTimestamp - - scanner - - artifact - - summary - - vulnerabilities - properties: - updateTimestamp: - description: | - UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated. - type: string - format: date-time - scanner: - description: | - Scanner is the scanner that generated this report. - type: object - required: - - name - - vendor - - version - properties: - name: - description: | - Name the name of the scanner. - type: string - vendor: - description: | - Vendor the name of the vendor providing the scanner. - type: string - version: - description: | - Version the version of the scanner. - type: string - registry: - description: | - Registry is the registry the Artifact was pulled from. - type: object - properties: - server: - description: | - Server the FQDN of registry server. - type: string - artifact: - description: | - Artifact represents a standalone, executable package of software that includes everything needed to - run an application. - type: object - properties: - repository: - description: | - Repository is the name of the repository in the Artifact registry. - type: string - digest: - description: | - Digest is a unique and immutable identifier of an Artifact. - type: string - tag: - description: | - Tag is a mutable, human-readable string used to identify an Artifact. - type: string - mimeType: - description: | - MimeType represents a type and format of an Artifact. - type: string - summary: - description: | - Summary is a summary of Vulnerability counts grouped by Severity. - type: object - required: - - criticalCount - - highCount - - mediumCount - - lowCount - - unknownCount - properties: - criticalCount: - description: | - CriticalCount is the number of vulnerabilities with Critical Severity. - type: integer - minimum: 0 - highCount: - description: | - HighCount is the number of vulnerabilities with High Severity. - type: integer - minimum: 0 - mediumCount: - description: | - MediumCount is the number of vulnerabilities with Medium Severity. - type: integer - minimum: 0 - lowCount: - description: | - LowCount is the number of vulnerabilities with Low Severity. - type: integer - minimum: 0 - unknownCount: - description: | - UnknownCount is the number of vulnerabilities with unknown severity. - type: integer - minimum: 0 - noneCount: - description: | - NoneCount is the number of packages without any vulnerability. - type: integer - minimum: 0 - vulnerabilities: - description: | - Vulnerabilities is a list of operating system (OS) or application software Vulnerability items found in the Artifact. - type: array - items: - type: object - required: - - vulnerabilityID - - resource - - installedVersion - - fixedVersion - - severity - - title - properties: - vulnerabilityID: - description: | - VulnerabilityID the vulnerability identifier. - type: string - resource: - description: | - Resource is a vulnerable package, application, or library. - type: string - installedVersion: - description: | - InstalledVersion indicates the installed version of the Resource. - type: string - fixedVersion: - description: | - FixedVersion indicates the version of the Resource in which this vulnerability has been fixed. - type: string - score: - type: number - severity: - type: string - enum: - - CRITICAL - - HIGH - - MEDIUM - - LOW - - UNKNOWN - title: - type: string - description: - type: string - primaryLink: - type: string - links: - type: array - items: - type: string - additionalPrinterColumns: - - jsonPath: .report.artifact.repository - type: string - name: Repository - description: The name of image repository - - jsonPath: .report.artifact.tag - type: string - name: Tag - description: The name of image tag - - jsonPath: .report.scanner.name - type: string - name: Scanner - description: The name of the vulnerability scanner - - jsonPath: .metadata.creationTimestamp - type: date - name: Age - description: The age of the report - - jsonPath: .report.summary.criticalCount - type: integer - name: Critical - description: The number of critical vulnerabilities - priority: 1 - - jsonPath: .report.summary.highCount - type: integer - name: High - description: The number of high vulnerabilities - priority: 1 - - jsonPath: .report.summary.mediumCount - type: integer - name: Medium - description: The number of medium vulnerabilities - priority: 1 - - jsonPath: .report.summary.lowCount - type: integer - name: Low - description: The number of low vulnerabilities - priority: 1 - - jsonPath: .report.summary.unknownCount - type: integer - name: Unknown - description: The number of unknown vulnerabilities - priority: 1 - scope: Cluster - names: - singular: clustervulnerabilityreport - plural: clustervulnerabilityreports - kind: ClusterVulnerabilityReport - listKind: ClusterVulnerabilityReportList - categories: [] - shortNames: - - clustervuln - - clustervulns diff --git a/deploy/helm/crds/configauditreports.crd.yaml b/deploy/helm/crds/configauditreports.crd.yaml deleted file mode 100644 index 782a8220b..000000000 --- a/deploy/helm/crds/configauditreports.crd.yaml +++ /dev/null @@ -1,56 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configauditreports.aquasecurity.github.io - labels: - app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.0.1" -spec: - group: aquasecurity.github.io - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .report.scanner.name - type: string - name: Scanner - description: The name of the config audit scanner - - jsonPath: .metadata.creationTimestamp - type: date - name: Age - description: The age of the report - - jsonPath: .report.summary.criticalCount - type: integer - name: Critical - priority: 1 - description: The number of failed checks with critical severity - - jsonPath: .report.summary.highCount - type: integer - name: High - priority: 1 - description: The number of failed checks with high severity - - jsonPath: .report.summary.mediumCount - type: integer - name: Medium - priority: 1 - description: The number of failed checks with medium severity - - jsonPath: .report.summary.lowCount - type: integer - name: Low - priority: 1 - description: The number of failed checks with low severity - schema: - openAPIV3Schema: - x-kubernetes-preserve-unknown-fields: true - type: object - scope: Namespaced - names: - singular: configauditreport - plural: configauditreports - kind: ConfigAuditReport - listKind: ConfigAuditReportList - categories: [] - shortNames: - - configaudit diff --git a/deploy/helm/crds/kubehunterreports.crd.yaml b/deploy/helm/crds/kubehunterreports.crd.yaml deleted file mode 100644 index 2f33c9349..000000000 --- a/deploy/helm/crds/kubehunterreports.crd.yaml +++ /dev/null @@ -1,132 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kubehunterreports.aquasecurity.github.io - labels: - app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.0.1" -spec: - group: aquasecurity.github.io - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: ".report.scanner.name" - name: "Scanner" - type: "string" - - jsonPath: ".metadata.creationTimestamp" - name: "Age" - type: "date" - - jsonPath: ".report.summary.highCount" - name: "High" - type: "integer" - priority: 1 - - jsonPath: ".report.summary.mediumCount" - name: "Medium" - type: "integer" - priority: 1 - - jsonPath: ".report.summary.lowCount" - name: "Low" - type: "integer" - priority: 1 - schema: - openAPIV3Schema: - type: object - required: - - apiVersion - - kind - - metadata - - report - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - report: - type: object - required: - - scanner - - summary - - vulnerabilities - properties: - scanner: - type: object - required: - - name - - vendor - - version - properties: - name: - type: string - vendor: - type: string - version: - type: string - summary: - type: object - required: - - highCount - - mediumCount - - lowCount - - unknownCount - properties: - highCount: - type: integer - minimum: 0 - mediumCount: - type: integer - minimum: 0 - lowCount: - type: integer - minimum: 0 - unknownCount: - type: integer - minimum: 0 - vulnerabilities: - type: array - items: - type: object - required: - - location - - vid - - category - - severity - - vulnerability - - description - - evidence - - avd_reference - properties: - location: - type: string - vid: - type: string - category: - type: string - vulnerability: - type: string - severity: - type: string - enum: - - high - - medium - - low - - unknown - description: - type: string - evidence: - type: string - avd_reference: - type: string - scope: Cluster - names: - singular: kubehunterreport - plural: kubehunterreports - kind: KubeHunterReport - listKind: KubeHunterReportList - categories: [] - shortNames: - - kubehunter diff --git a/deploy/helm/crds/vulnerabilityreports.crd.yaml b/deploy/helm/crds/vulnerabilityreports.crd.yaml deleted file mode 100644 index c39db6edc..000000000 --- a/deploy/helm/crds/vulnerabilityreports.crd.yaml +++ /dev/null @@ -1,243 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vulnerabilityreports.aquasecurity.github.io - labels: - app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.0.1" -spec: - group: aquasecurity.github.io - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - description: | - VulnerabilityReport summarizes vulnerabilities in application dependencies and operating system packages - built into container images. - type: object - required: - - apiVersion - - kind - - metadata - - report - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - report: - description: | - Report is the actual vulnerability report data. - type: object - required: - - updateTimestamp - - scanner - - artifact - - summary - - vulnerabilities - properties: - updateTimestamp: - description: | - UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated. - type: string - format: date-time - scanner: - description: | - Scanner is the scanner that generated this report. - type: object - required: - - name - - vendor - - version - properties: - name: - description: | - Name the name of the scanner. - type: string - vendor: - description: | - Vendor the name of the vendor providing the scanner. - type: string - version: - description: | - Version the version of the scanner. - type: string - registry: - description: | - Registry is the registry the Artifact was pulled from. - type: object - properties: - server: - description: | - Server the FQDN of registry server. - type: string - artifact: - description: | - Artifact represents a standalone, executable package of software that includes everything needed to - run an application. - type: object - properties: - repository: - description: | - Repository is the name of the repository in the Artifact registry. - type: string - digest: - description: | - Digest is a unique and immutable identifier of an Artifact. - type: string - tag: - description: | - Tag is a mutable, human-readable string used to identify an Artifact. - type: string - mimeType: - description: | - MimeType represents a type and format of an Artifact. - type: string - summary: - description: | - Summary is a summary of Vulnerability counts grouped by Severity. - type: object - required: - - criticalCount - - highCount - - mediumCount - - lowCount - - unknownCount - properties: - criticalCount: - description: | - CriticalCount is the number of vulnerabilities with Critical Severity. - type: integer - minimum: 0 - highCount: - description: | - HighCount is the number of vulnerabilities with High Severity. - type: integer - minimum: 0 - mediumCount: - description: | - MediumCount is the number of vulnerabilities with Medium Severity. - type: integer - minimum: 0 - lowCount: - description: | - LowCount is the number of vulnerabilities with Low Severity. - type: integer - minimum: 0 - unknownCount: - description: | - UnknownCount is the number of vulnerabilities with unknown severity. - type: integer - minimum: 0 - noneCount: - description: | - NoneCount is the number of packages without any vulnerability. - type: integer - minimum: 0 - vulnerabilities: - description: | - Vulnerabilities is a list of operating system (OS) or application software Vulnerability items found in the Artifact. - type: array - items: - type: object - required: - - vulnerabilityID - - resource - - installedVersion - - fixedVersion - - severity - - title - properties: - vulnerabilityID: - description: | - VulnerabilityID the vulnerability identifier. - type: string - resource: - description: | - Resource is a vulnerable package, application, or library. - type: string - installedVersion: - description: | - InstalledVersion indicates the installed version of the Resource. - type: string - fixedVersion: - description: | - FixedVersion indicates the version of the Resource in which this vulnerability has been fixed. - type: string - score: - type: number - severity: - type: string - enum: - - CRITICAL - - HIGH - - MEDIUM - - LOW - - UNKNOWN - title: - type: string - description: - type: string - primaryLink: - type: string - links: - type: array - items: - type: string - additionalPrinterColumns: - - jsonPath: .report.artifact.repository - type: string - name: Repository - description: The name of image repository - - jsonPath: .report.artifact.tag - type: string - name: Tag - description: The name of image tag - - jsonPath: .report.scanner.name - type: string - name: Scanner - description: The name of the vulnerability scanner - - jsonPath: .metadata.creationTimestamp - type: date - name: Age - description: The age of the report - - jsonPath: .report.summary.criticalCount - type: integer - name: Critical - description: The number of critical vulnerabilities - priority: 1 - - jsonPath: .report.summary.highCount - type: integer - name: High - description: The number of high vulnerabilities - priority: 1 - - jsonPath: .report.summary.mediumCount - type: integer - name: Medium - description: The number of medium vulnerabilities - priority: 1 - - jsonPath: .report.summary.lowCount - type: integer - name: Low - description: The number of low vulnerabilities - priority: 1 - - jsonPath: .report.summary.unknownCount - type: integer - name: Unknown - description: The number of unknown vulnerabilities - priority: 1 - scope: Namespaced - names: - singular: vulnerabilityreport - plural: vulnerabilityreports - kind: VulnerabilityReport - listKind: VulnerabilityReportList - categories: [] - shortNames: - - vuln - - vulns