Replies: 1 comment
-
|
@drgivanov thanks for the report! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi fellas,
I'm stuck with KSV0125 (trusted registries check) constantly failing in Trivy Operator. All my images are from private AWS ECR, but Trivy thinks they're "untrusted".
What works (locally via CLI):
Trvy cli command to including file with the KSV that i want to ignore
Whitelist registries as a yaml file with all of the registryes that i want to use
What DOESN'T work:
No Helm values option to disable specific KSV checks (checked documentation)
trivy.skipCheckIDs in ConfigMap only works for vulnerabilities (CVE), NOT misconfigs (KSV)
No way to pass custom policy files to Trivy Operator (tried ConfigMaps mounting)
Helm Chart: trivy-operator-0.31.0
App Version: 0.29.0
Kubernetes: EKS
Dashboard: Headlamp (viewing ConfigAuditReports)
Registry: AWS ECR
Why this is critical:
The check doesn't make sense - we use private ECR for security compliance. This creates noise in ConfigAuditReports visible in our Headlamp dashboard.
I have done a search for similar discussions,, unfortunately nothing helps in my situation. There is a option for CLI, but nothing that works for helm operator!
What we use:
Helm Chart: trivy-operator-0.31.0
App Version: 0.29.0
Kubernetes: EKS
Dashboard: Headlamp (viewing ConfigAuditReports)
Registry: AWS ECR
Beta Was this translation helpful? Give feedback.
All reactions