diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 871c32e34..9a99c6215 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -84,7 +84,7 @@ If you only run test using the Magefile run some of these integration tests using `go test` or from your IDE, you'll have to [install kubebuiler-tools](https://book.kubebuilder.io/reference/envtest.html#installation). -[install magefile](https://magefile.org) or use `go run mage.go ` +[install magefile](https://magefile.org) or use `go run mage.go ` ## Build Binaries @@ -351,7 +351,7 @@ kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manage or ``` -curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.3/install.sh -o install.sh +curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.4/install.sh -o install.sh chmod +x install.sh ./install.sh v0.20.0 ``` diff --git a/README.md b/README.md index ea5fc4a70..7059b00b8 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ Install the Helm Chart: helm install trivy-operator aqua/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.20.3 + --version 0.20.4 ``` This will install the Trivy Helm Chart into the `trivy-system` namespace and start triggering the scans. @@ -112,4 +112,3 @@ Join the community, and talk to us about any matter in [GitHub Discussions] or [ [Documentation]: https://aquasecurity.github.io/trivy-operator/latest [Static YAML Manifests]: https://aquasecurity.github.io/trivy-operator/latest/getting-started/installation/kubectl/ [getting-started-operator]: https://aquasecurity.github.io/trivy-operator/latest/ - diff --git a/RELEASING.md b/RELEASING.md index d13097583..0c42d10ea 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -46,17 +46,17 @@ 5. Create an annotated git tag and push it to the `upstream`. This will trigger the [`.github/workflows/release.yaml`] workflow ```sh - git tag -v0.18.2 -m 'Release v0.18.2' - git push upstream v0.18.2 + git tag -v0.18.3 -m 'Release v0.18.3' + git push upstream v0.18.3 ``` 6. Verify that the `release` workflow has built and published the following artifacts 1. Trivy-operator container images published to DockerHub - `docker.io/aquasec/trivy-operator:0.18.2` + `docker.io/aquasec/trivy-operator:0.18.3` 2. Trivy-operator container images published to Amazon ECR Public Gallery - `public.ecr.aws/aquasecurity/trivy-operator:0.18.2` + `public.ecr.aws/aquasecurity/trivy-operator:0.18.3` 3. Trivy-operator container images published to GitHub Container Registry - `ghcr.io/aquasecurity/trivy-operator:0.18.2` + `ghcr.io/aquasecurity/trivy-operator:0.18.3` 7. Submit trivy-operator Operator to OperatorHub and ArtifactHUB by opening the PR to the repository. diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml index de11fce54..b2033b0e8 100644 --- a/deploy/helm/Chart.yaml +++ b/deploy/helm/Chart.yaml @@ -6,12 +6,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.20.3 +version: 0.20.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.18.2 +appVersion: 0.18.3 # kubeVersion: A SemVer range of compatible Kubernetes versions (optional) diff --git a/deploy/helm/README.md b/deploy/helm/README.md index 22558d5c4..6e9edccde 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -1,6 +1,6 @@ # trivy-operator -![Version: 0.20.3](https://img.shields.io/badge/Version-0.20.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.18.2](https://img.shields.io/badge/AppVersion-0.18.2-informational?style=flat-square) +![Version: 0.20.4](https://img.shields.io/badge/Version-0.20.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.18.3](https://img.shields.io/badge/AppVersion-0.18.3-informational?style=flat-square) Keeps security report resources updated diff --git a/deploy/helm/templates/specs/cis-1.23.yaml b/deploy/helm/templates/specs/cis-1.23.yaml index 9b3ed12f3..932a7e707 100644 --- a/deploy/helm/templates/specs/cis-1.23.yaml +++ b/deploy/helm/templates/specs/cis-1.23.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.2 + app.kubernetes.io/version: 0.18.3 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote}} diff --git a/deploy/helm/templates/specs/nsa-1.0.yaml b/deploy/helm/templates/specs/nsa-1.0.yaml index e3bcc9685..2c4649158 100644 --- a/deploy/helm/templates/specs/nsa-1.0.yaml +++ b/deploy/helm/templates/specs/nsa-1.0.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/helm/templates/specs/pss-baseline.yaml b/deploy/helm/templates/specs/pss-baseline.yaml index 0ab2b45ae..e90327fd9 100644 --- a/deploy/helm/templates/specs/pss-baseline.yaml +++ b/deploy/helm/templates/specs/pss-baseline.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.2 + app.kubernetes.io/version: 0.18.3 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/helm/templates/specs/pss-restricted.yaml b/deploy/helm/templates/specs/pss-restricted.yaml index 4d1ca6fce..b8a639062 100644 --- a/deploy/helm/templates/specs/pss-restricted.yaml +++ b/deploy/helm/templates/specs/pss-restricted.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.18.2 + app.kubernetes.io/version: 0.18.3 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/static/namespace.yaml b/deploy/static/namespace.yaml index aad91971a..1d53407f8 100644 --- a/deploy/static/namespace.yaml +++ b/deploy/static/namespace.yaml @@ -6,5 +6,5 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml index 8883c79ed..fe7932282 100644 --- a/deploy/static/trivy-operator.yaml +++ b/deploy/static/trivy-operator.yaml @@ -2730,7 +2730,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl --- # Source: trivy-operator/templates/configmaps/operator.yaml @@ -2742,7 +2742,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl data: nodeCollector.volumes: "[{\"hostPath\":{\"path\":\"/var/lib/etcd\"},\"name\":\"var-lib-etcd\"},{\"hostPath\":{\"path\":\"/var/lib/kubelet\"},\"name\":\"var-lib-kubelet\"},{\"hostPath\":{\"path\":\"/var/lib/kube-scheduler\"},\"name\":\"var-lib-kube-scheduler\"},{\"hostPath\":{\"path\":\"/var/lib/kube-controller-manager\"},\"name\":\"var-lib-kube-controller-manager\"},{\"hostPath\":{\"path\":\"/etc/systemd\"},\"name\":\"etc-systemd\"},{\"hostPath\":{\"path\":\"/lib/systemd\"},\"name\":\"lib-systemd\"},{\"hostPath\":{\"path\":\"/etc/kubernetes\"},\"name\":\"etc-kubernetes\"},{\"hostPath\":{\"path\":\"/etc/cni/net.d/\"},\"name\":\"etc-cni-netd\"}]" @@ -2765,7 +2765,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl data: --- @@ -2778,7 +2778,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl data: trivy.repository: "ghcr.io/aquasecurity/trivy" @@ -2814,7 +2814,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl --- # Source: trivy-operator/templates/secrets/trivy.yaml @@ -2826,7 +2826,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl data: --- @@ -2839,7 +2839,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl spec: replicas: 1 @@ -2859,7 +2859,7 @@ spec: automountServiceAccountToken: true containers: - name: "trivy-operator" - image: "ghcr.io/aquasecurity/trivy-operator:0.18.2" + image: "ghcr.io/aquasecurity/trivy-operator:0.18.3" imagePullPolicy: IfNotPresent env: - name: OPERATOR_NAMESPACE @@ -2988,7 +2988,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl spec: @@ -3380,7 +3380,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3401,7 +3401,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl rules: - apiGroups: @@ -3428,7 +3428,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3448,7 +3448,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl rules: - apiGroups: @@ -3478,7 +3478,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3498,7 +3498,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3523,7 +3523,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3548,7 +3548,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3573,5 +3573,5 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" app.kubernetes.io/managed-by: kubectl diff --git a/docs/docs/crds/clustercompliance-report.md b/docs/docs/crds/clustercompliance-report.md index bc0bbc3ca..037a8c2d2 100644 --- a/docs/docs/crds/clustercompliance-report.md +++ b/docs/docs/crds/clustercompliance-report.md @@ -1346,7 +1346,7 @@ status: "app.kubernetes.io/instance": "trivy-operator", "app.kubernetes.io/managed-by": "kubectl", "app.kubernetes.io/name": "trivy-operator", - "app.kubernetes.io/version": "0.18.2" + "app.kubernetes.io/version": "0.18.3" }, "name": "cis", "resourceVersion": "8985", diff --git a/docs/docs/crds/configaudit-report.md b/docs/docs/crds/configaudit-report.md index 2ceb14168..0c8ad2326 100644 --- a/docs/docs/crds/configaudit-report.md +++ b/docs/docs/crds/configaudit-report.md @@ -34,7 +34,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: '0.18.2' + version: '0.18.3' summary: criticalCount: 2 highCount: 0 diff --git a/docs/docs/crds/exposedsecret-report.md b/docs/docs/crds/exposedsecret-report.md index 52f2fd90a..1a69cbd69 100644 --- a/docs/docs/crds/exposedsecret-report.md +++ b/docs/docs/crds/exposedsecret-report.md @@ -33,7 +33,7 @@ metadata: report: artifact: repository: myimagewithsecret - tag: v0.18.2 + tag: v0.18.3 registry: server: index.docker.io scanner: diff --git a/docs/docs/crds/rbacassessment-report.md b/docs/docs/crds/rbacassessment-report.md index 3c25494a5..a9f3b353d 100644 --- a/docs/docs/crds/rbacassessment-report.md +++ b/docs/docs/crds/rbacassessment-report.md @@ -176,7 +176,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: '0.18.2' + version: '0.18.3' summary: criticalCount: 1 highCount: 0 diff --git a/docs/docs/design/caching_scan_results_by_repo_digest.md b/docs/docs/design/caching_scan_results_by_repo_digest.md index 975252eb7..aad85da2f 100644 --- a/docs/docs/design/caching_scan_results_by_repo_digest.md +++ b/docs/docs/design/caching_scan_results_by_repo_digest.md @@ -129,5 +129,5 @@ We can't use something like ownerReference since it would delete all vulnerabili a gate. * Both Trivy-Operator CLI and Trivy-Operator Operator can read and leverage ClusterVulnerabilityReports. -[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.18.2/integrations/vulnerability-scanners/trivy/#standalone -[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.18.2/integrations/vulnerability-scanners/trivy/#clientserver +[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.18.3/integrations/vulnerability-scanners/trivy/#standalone +[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.18.3/integrations/vulnerability-scanners/trivy/#clientserver diff --git a/docs/docs/design/design_compliance_report.md b/docs/docs/design/design_compliance_report.md index e203631b5..96ba26e36 100644 --- a/docs/docs/design/design_compliance_report.md +++ b/docs/docs/design/design_compliance_report.md @@ -542,7 +542,7 @@ metadata: name: clustercompliancereports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" spec: group: aquasecurity.github.io scope: Cluster @@ -678,7 +678,7 @@ metadata: name: clustercompliancedetailreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.18.2" + app.kubernetes.io/version: "0.18.3" spec: group: aquasecurity.github.io versions: diff --git a/docs/docs/design/design_starboard_at_scale.excalidraw b/docs/docs/design/design_starboard_at_scale.excalidraw index 89c85cea8..5a151a1d0 100644 --- a/docs/docs/design/design_starboard_at_scale.excalidraw +++ b/docs/docs/design/design_starboard_at_scale.excalidraw @@ -11835,7 +11835,7 @@ "versionNonce": 596868769, "isDeleted": false, "boundElementIds": null, - "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: scan-vulnerabilityreport-\n namespace: trivy-system\nspec:\n template:\n spec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.2\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n restartPolicy: Never\n backoffLimit: 1", + "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: scan-vulnerabilityreport-\n namespace: trivy-system\nspec:\n template:\n spec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.3\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n restartPolicy: Never\n backoffLimit: 1", "fontSize": 20, "fontFamily": 3, "textAlign": "left", @@ -11895,7 +11895,7 @@ "boundElementIds": [], "fontSize": 20, "fontFamily": 3, - "text": "apiVersion: v1\nkind: Pod\nmetadata:\n name: scan-vulnerabilityreport--\n namespace: trivy-system\nspec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.2\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n", + "text": "apiVersion: v1\nkind: Pod\nmetadata:\n name: scan-vulnerabilityreport--\n namespace: trivy-system\nspec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.18.3\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n", "baseline": 259, "textAlign": "left", "verticalAlign": "top" diff --git a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md index c78af1a3c..545df0ffc 100644 --- a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md +++ b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md @@ -219,6 +219,6 @@ With this approach trivy operator will not have to worry about managing(create/d - As we will run scan job with service account of workload and if there are some very strict PSP defined in the cluster then scan job will be blocked due to the PSP. -[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.18.2/integrations/managed-registries/#amazon-elastic-container-registry-ecr +[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.18.3/integrations/managed-registries/#amazon-elastic-container-registry-ecr [IAM role to service account]: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html [Trivy fs command]: https://github.com/aquasecurity/trivy-operator/blob/main/docs/design/design_trivy_file_system_scanner.md diff --git a/docs/docs/design/ttl_scans.md b/docs/docs/design/ttl_scans.md index 15ac9b3fe..1f7aba44b 100644 --- a/docs/docs/design/ttl_scans.md +++ b/docs/docs/design/ttl_scans.md @@ -44,7 +44,7 @@ metadata: report: artifact: repository: fluxcd/source-controller - tag: v0.18.2 + tag: v0.18.3 registry: server: ghcr.io scanner: diff --git a/docs/tutorials/private-registries.md b/docs/tutorials/private-registries.md index 925f54625..4da58ac53 100644 --- a/docs/tutorials/private-registries.md +++ b/docs/tutorials/private-registries.md @@ -303,4 +303,4 @@ data: The last way that you could give the Trivy operator access to your private container registry is through managed registries. In this case, the container registry and your Kubernetes cluster would have to be on the same cloud provider; then you can define access to your container namespace as part of the IAM account. Once defined, trivy will already have the permissions for the registry. -For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.18.2/docs/vulnerability-scanning/managed-registries/) +For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.18.3/docs/vulnerability-scanning/managed-registries/) diff --git a/itest/helper/helper.go b/itest/helper/helper.go index 4078a87b5..4c2a44272 100644 --- a/itest/helper/helper.go +++ b/itest/helper/helper.go @@ -236,7 +236,7 @@ var ( trivyScanner = v1alpha1.Scanner{ Name: v1alpha1.ScannerNameTrivy, Vendor: "Aqua Security", - Version: "0.18.2", + Version: "0.18.3", } ) diff --git a/mkdocs.yml b/mkdocs.yml index 566fb0a53..f0c1f04c9 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -89,8 +89,8 @@ extra: method: mike provider: mike var: - prev_git_tag: "v0.18.1" - chart_version: "0.20.2" + prev_git_tag: "v0.18.2" + chart_version: "0.20.4" plugins: - search