Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(trivy): allow to give trivy github token via secret #1290

Closed
wants to merge 1 commit into from
Closed

feat(trivy): allow to give trivy github token via secret #1290

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 2 additions & 1 deletion README.md
View file
Open in desktop
@@ -1,4 +1,4 @@
# Helm Chart for Harbor
****# Helm Chart for Harbor
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sylvainOL , could you please justify why we need change of this line? Could you please remove the change regarding this line, thanks


**Notes:** The master branch is in heavy development, please use the other stable versions instead. A highly available solution for Harbor based on chart can be find [here](docs/High%20Availability.md). And refer to the [guide](docs/Upgrade.md) to upgrade the existing deployment.

Expand Down Expand Up @@ -318,6 +318,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `trivy.offlineScan` | The flag prevents Trivy from sending API requests to identify dependencies. | `false` |
| `trivy.timeout` | The duration to wait for scan completion | `5m0s` |
| `trivy.gitHubToken` | The GitHub access token to download [Trivy DB][trivy-db] (see [GitHub rate limiting][trivy-rate-limiting]) | |
| `trivy.gitHubTokenSecret` | The secret where GithubAccess token is set | |
| `trivy.priorityClassName` | The priority class to run the pod as | |
| **Notary** | | |
| `notary.enabled` | Enable Notary? | `true` |
Expand Down
2 changes: 2 additions & 0 deletions templates/trivy/trivy-secret.yaml
View file
Open in desktop
Expand Up @@ -8,5 +8,7 @@ metadata:
type: Opaque
data:
redisURL: {{ include "harbor.redis.urlForTrivy" . | b64enc }}
{{- if not .Values.trivy.gitHubTokenSecret }}
gitHubToken: {{ .Values.trivy.gitHubToken | default "" | b64enc | quote }}
{{- end }}
{{- end }}
4 changes: 4 additions & 0 deletions templates/trivy/trivy-sts.yaml
View file
Open in desktop
Expand Up @@ -72,7 +72,11 @@ spec:
- name: "SCANNER_TRIVY_GITHUB_TOKEN"
valueFrom:
secretKeyRef:
{{- if not .Values.trivy.gitHubTokenSecret }}
name: {{ template "harbor.trivy" . }}
{{- else }}
name: {{ .Values.trivy.gitHubTokenSecret }}
{{- end }}
key: gitHubToken
- name: "SCANNER_TRIVY_SEVERITY"
value: {{ .Values.trivy.severity | quote }}
Expand Down
2 changes: 2 additions & 0 deletions values.yaml
View file
Open in desktop
Expand Up @@ -674,6 +674,8 @@ trivy:
# You can create a GitHub token by following the instructions in
# https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
gitHubToken: ""
# You can also give the token via an existing secret. Key must be `gitHubToken`.
# gitHubTokenSecret:
# skipUpdate the flag to disable Trivy DB downloads from GitHub
#
# You might want to set the value of this flag to `true` in test or CI/CD environments to avoid GitHub rate limiting issues.
Expand Down