diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c5a827dad..a15e22fe3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -351,7 +351,7 @@ kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manage or ``` -curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.5/install.sh -o install.sh +curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.6/install.sh -o install.sh chmod +x install.sh ./install.sh v0.20.0 ``` diff --git a/README.md b/README.md index 76c632857..2aa36efbd 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ Install the Helm Chart: helm install trivy-operator aqua/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.20.5 + --version 0.20.6 ``` This will install the Trivy Helm Chart into the `trivy-system` namespace and start triggering the scans. diff --git a/RELEASING.md b/RELEASING.md index f40d38f30..8c2a60133 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -46,17 +46,17 @@ 5. Create an annotated git tag and push it to the `upstream`. This will trigger the [`.github/workflows/release.yaml`] workflow ```sh - git tag -v0.18.4 -m 'Release v0.18.4' - git push upstream v0.18.4 + git tag -v0.18.5 -m 'Release v0.18.5' + git push upstream v0.18.5 ``` 6. Verify that the `release` workflow has built and published the following artifacts 1. Trivy-operator container images published to DockerHub - `docker.io/aquasec/trivy-operator:0.18.4` + `docker.io/aquasec/trivy-operator:0.18.5` 2. Trivy-operator container images published to Amazon ECR Public Gallery - `public.ecr.aws/aquasecurity/trivy-operator:0.18.4` + `public.ecr.aws/aquasecurity/trivy-operator:0.18.5` 3. Trivy-operator container images published to GitHub Container Registry - `ghcr.io/aquasecurity/trivy-operator:0.18.4` + `ghcr.io/aquasecurity/trivy-operator:0.18.5` 7. Submit trivy-operator Operator to OperatorHub and ArtifactHUB by opening the PR to the repository. diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml index 5441ca04b..4b562cd94 100644 --- a/deploy/helm/Chart.yaml +++ b/deploy/helm/Chart.yaml @@ -6,12 +6,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.20.5 +version: 0.20.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.18.4 +appVersion: 0.18.5 # kubeVersion: A SemVer range of compatible Kubernetes versions (optional) diff --git a/deploy/helm/README.md b/deploy/helm/README.md index 7701642c0..5de328175 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -1,6 +1,6 @@ # trivy-operator -![Version: 0.20.5](https://img.shields.io/badge/Version-0.20.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.18.4](https://img.shields.io/badge/AppVersion-0.18.4-informational?style=flat-square) +![Version: 0.20.6](https://img.shields.io/badge/Version-0.20.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.18.5](https://img.shields.io/badge/AppVersion-0.18.5-informational?style=flat-square) Keeps security report resources updated diff --git a/deploy/helm/templates/specs/cis-1.23.yaml b/deploy/helm/templates/specs/cis-1.23.yaml index 02e1430cc..6ec92a9f4 100644 --- a/deploy/helm/templates/specs/cis-1.23.yaml +++ b/deploy/helm/templates/specs/cis-1.23.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.4 + app.kubernetes.io/version: 0.18.5 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote}} diff --git a/deploy/helm/templates/specs/nsa-1.0.yaml b/deploy/helm/templates/specs/nsa-1.0.yaml index 871fc535c..43109953c 100644 --- a/deploy/helm/templates/specs/nsa-1.0.yaml +++ b/deploy/helm/templates/specs/nsa-1.0.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/helm/templates/specs/pss-baseline.yaml b/deploy/helm/templates/specs/pss-baseline.yaml index 2fd0f2ae8..e7124854d 100644 --- a/deploy/helm/templates/specs/pss-baseline.yaml +++ b/deploy/helm/templates/specs/pss-baseline.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.4 + app.kubernetes.io/version: 0.18.5 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/helm/templates/specs/pss-restricted.yaml b/deploy/helm/templates/specs/pss-restricted.yaml index f23db982c..3edc76ecb 100644 --- a/deploy/helm/templates/specs/pss-restricted.yaml +++ b/deploy/helm/templates/specs/pss-restricted.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.4 + app.kubernetes.io/version: 0.18.5 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/static/namespace.yaml b/deploy/static/namespace.yaml index b9d2da58b..8b5dcc735 100644 --- a/deploy/static/namespace.yaml +++ b/deploy/static/namespace.yaml @@ -6,5 +6,5 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml index 741aa667b..a3ed3f4bb 100644 --- a/deploy/static/trivy-operator.yaml +++ b/deploy/static/trivy-operator.yaml @@ -2738,7 +2738,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl --- # Source: trivy-operator/templates/configmaps/operator.yaml @@ -2750,7 +2750,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl data: nodeCollector.volumes: "[{\"hostPath\":{\"path\":\"/var/lib/etcd\"},\"name\":\"var-lib-etcd\"},{\"hostPath\":{\"path\":\"/var/lib/kubelet\"},\"name\":\"var-lib-kubelet\"},{\"hostPath\":{\"path\":\"/var/lib/kube-scheduler\"},\"name\":\"var-lib-kube-scheduler\"},{\"hostPath\":{\"path\":\"/var/lib/kube-controller-manager\"},\"name\":\"var-lib-kube-controller-manager\"},{\"hostPath\":{\"path\":\"/etc/systemd\"},\"name\":\"etc-systemd\"},{\"hostPath\":{\"path\":\"/lib/systemd\"},\"name\":\"lib-systemd\"},{\"hostPath\":{\"path\":\"/etc/kubernetes\"},\"name\":\"etc-kubernetes\"},{\"hostPath\":{\"path\":\"/etc/cni/net.d/\"},\"name\":\"etc-cni-netd\"}]" @@ -2773,7 +2773,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl data: --- @@ -2786,7 +2786,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl data: trivy.repository: "ghcr.io/aquasecurity/trivy" @@ -2822,7 +2822,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl --- # Source: trivy-operator/templates/secrets/trivy.yaml @@ -2834,7 +2834,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl data: --- @@ -2847,7 +2847,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl spec: replicas: 1 @@ -2867,7 +2867,7 @@ spec: automountServiceAccountToken: true containers: - name: "trivy-operator" - image: "ghcr.io/aquasecurity/trivy-operator:0.18.4" + image: "ghcr.io/aquasecurity/trivy-operator:0.18.5" imagePullPolicy: IfNotPresent env: - name: OPERATOR_NAMESPACE @@ -2996,7 +2996,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl spec: @@ -3388,7 +3388,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3409,7 +3409,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl rules: - apiGroups: @@ -3436,7 +3436,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3456,7 +3456,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl rules: - apiGroups: @@ -3486,7 +3486,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3506,7 +3506,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3531,7 +3531,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3556,7 +3556,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3581,5 +3581,5 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" app.kubernetes.io/managed-by: kubectl diff --git a/docs/docs/crds/clustercompliance-report.md b/docs/docs/crds/clustercompliance-report.md index 15c2b5701..0586fa304 100644 --- a/docs/docs/crds/clustercompliance-report.md +++ b/docs/docs/crds/clustercompliance-report.md @@ -1346,7 +1346,7 @@ status: "app.kubernetes.io/instance": "trivy-operator", "app.kubernetes.io/managed-by": "kubectl", "app.kubernetes.io/name": "trivy-operator", - "app.kubernetes.io/version": "0.18.4" + "app.kubernetes.io/version": "0.18.5" }, "name": "cis", "resourceVersion": "8985", diff --git a/docs/docs/crds/configaudit-report.md b/docs/docs/crds/configaudit-report.md index e8dc15ad7..6dff40de3 100644 --- a/docs/docs/crds/configaudit-report.md +++ b/docs/docs/crds/configaudit-report.md @@ -34,7 +34,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: '0.18.4' + version: '0.18.5' summary: criticalCount: 2 highCount: 0 diff --git a/docs/docs/crds/exposedsecret-report.md b/docs/docs/crds/exposedsecret-report.md index a9d91eb6c..1bf4a87a2 100644 --- a/docs/docs/crds/exposedsecret-report.md +++ b/docs/docs/crds/exposedsecret-report.md @@ -33,7 +33,7 @@ metadata: report: artifact: repository: myimagewithsecret - tag: v0.18.4 + tag: v0.18.5 registry: server: index.docker.io scanner: diff --git a/docs/docs/crds/rbacassessment-report.md b/docs/docs/crds/rbacassessment-report.md index e506961be..fca9a9c61 100644 --- a/docs/docs/crds/rbacassessment-report.md +++ b/docs/docs/crds/rbacassessment-report.md @@ -176,7 +176,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: '0.18.4' + version: '0.18.5' summary: criticalCount: 1 highCount: 0 diff --git a/docs/docs/design/caching_scan_results_by_repo_digest.md b/docs/docs/design/caching_scan_results_by_repo_digest.md index 03c1d0297..b14fa7c89 100644 --- a/docs/docs/design/caching_scan_results_by_repo_digest.md +++ b/docs/docs/design/caching_scan_results_by_repo_digest.md @@ -129,5 +129,5 @@ We can't use something like ownerReference since it would delete all vulnerabili a gate. * Both Trivy-Operator CLI and Trivy-Operator Operator can read and leverage ClusterVulnerabilityReports. -[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.18.4/integrations/vulnerability-scanners/trivy/#standalone -[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.18.4/integrations/vulnerability-scanners/trivy/#clientserver +[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.18.5/integrations/vulnerability-scanners/trivy/#standalone +[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.18.5/integrations/vulnerability-scanners/trivy/#clientserver diff --git a/docs/docs/design/design_compliance_report.md b/docs/docs/design/design_compliance_report.md index 5be801290..941e004db 100644 --- a/docs/docs/design/design_compliance_report.md +++ b/docs/docs/design/design_compliance_report.md @@ -542,7 +542,7 @@ metadata: name: clustercompliancereports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" spec: group: aquasecurity.github.io scope: Cluster @@ -678,7 +678,7 @@ metadata: name: clustercompliancedetailreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.18.4" + app.kubernetes.io/version: "0.18.5" spec: group: aquasecurity.github.io versions: diff --git a/docs/docs/design/design_starboard_at_scale.excalidraw b/docs/docs/design/design_starboard_at_scale.excalidraw index 71ad60ab6..b51df6aec 100644 --- a/docs/docs/design/design_starboard_at_scale.excalidraw +++ b/docs/docs/design/design_starboard_at_scale.excalidraw @@ -11835,7 +11835,7 @@ "versionNonce": 596868769, "isDeleted": false, "boundElementIds": null, - "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: scan-vulnerabilityreport-\n namespace: trivy-system\nspec:\n template:\n spec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.4\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n restartPolicy: Never\n backoffLimit: 1", + "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: scan-vulnerabilityreport-\n namespace: trivy-system\nspec:\n template:\n spec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.5\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n restartPolicy: Never\n backoffLimit: 1", "fontSize": 20, "fontFamily": 3, "textAlign": "left", @@ -11895,7 +11895,7 @@ "boundElementIds": [], "fontSize": 20, "fontFamily": 3, - "text": "apiVersion: v1\nkind: Pod\nmetadata:\n name: scan-vulnerabilityreport--\n namespace: trivy-system\nspec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.4\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n", + "text": "apiVersion: v1\nkind: Pod\nmetadata:\n name: scan-vulnerabilityreport--\n namespace: trivy-system\nspec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.5\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n", "baseline": 259, "textAlign": "left", "verticalAlign": "top" diff --git a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md index 614e45617..9d17b41bc 100644 --- a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md +++ b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md @@ -219,6 +219,6 @@ With this approach trivy operator will not have to worry about managing(create/d - As we will run scan job with service account of workload and if there are some very strict PSP defined in the cluster then scan job will be blocked due to the PSP. -[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.18.4/integrations/managed-registries/#amazon-elastic-container-registry-ecr +[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.18.5/integrations/managed-registries/#amazon-elastic-container-registry-ecr [IAM role to service account]: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html [Trivy fs command]: https://github.com/aquasecurity/trivy-operator/blob/main/docs/design/design_trivy_file_system_scanner.md diff --git a/docs/docs/design/ttl_scans.md b/docs/docs/design/ttl_scans.md index 62610ccef..373bcb8a8 100644 --- a/docs/docs/design/ttl_scans.md +++ b/docs/docs/design/ttl_scans.md @@ -44,7 +44,7 @@ metadata: report: artifact: repository: fluxcd/source-controller - tag: v0.18.4 + tag: v0.18.5 registry: server: ghcr.io scanner: diff --git a/docs/tutorials/private-registries.md b/docs/tutorials/private-registries.md index 3b7f03f28..460c9ba9e 100644 --- a/docs/tutorials/private-registries.md +++ b/docs/tutorials/private-registries.md @@ -303,4 +303,4 @@ data: The last way that you could give the Trivy operator access to your private container registry is through managed registries. In this case, the container registry and your Kubernetes cluster would have to be on the same cloud provider; then you can define access to your container namespace as part of the IAM account. Once defined, trivy will already have the permissions for the registry. -For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.18.4/docs/vulnerability-scanning/managed-registries/) +For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.18.5/docs/vulnerability-scanning/managed-registries/) diff --git a/itest/helper/helper.go b/itest/helper/helper.go index 5d3a20e16..ec1e34c61 100644 --- a/itest/helper/helper.go +++ b/itest/helper/helper.go @@ -236,7 +236,7 @@ var ( trivyScanner = v1alpha1.Scanner{ Name: v1alpha1.ScannerNameTrivy, Vendor: "Aqua Security", - Version: "0.18.4", + Version: "0.18.5", } ) diff --git a/mkdocs.yml b/mkdocs.yml index 30f2b99ab..cff59e876 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -89,8 +89,8 @@ extra: method: mike provider: mike var: - prev_git_tag: "v0.18.3" - chart_version: "0.20.5" + prev_git_tag: "v0.18.4" + chart_version: "0.20.6" plugins: - search