update zora chart

charts/zora/Chart.yaml

@@ -17,7 +17,7 @@ name: zora
 description: Zora scans multiple Kubernetes clusters and reports potential issues.
 icon: https://zora-docs.undistro.io/assets/logo.png
 type: application
-version: 0.7.0-rc5
-appVersion: "v0.7.0-rc5"
+version: 0.7.0-rc6
+appVersion: "v0.7.0-rc6"
 sources:
   - https://github.com/undistro/zora

charts/zora/README.md

@@ -1,6 +1,6 @@
 # Zora Helm Chart
 
-![Version: 0.7.0-rc5](https://img.shields.io/badge/Version-0.7.0--rc5-informational?style=flat-square&color=3CA9DD) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square&color=3CA9DD) ![AppVersion: v0.7.0-rc5](https://img.shields.io/badge/AppVersion-v0.7.0--rc5-informational?style=flat-square&color=3CA9DD)
+![Version: 0.7.0-rc6](https://img.shields.io/badge/Version-0.7.0--rc6-informational?style=flat-square&color=3CA9DD) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square&color=3CA9DD) ![AppVersion: v0.7.0-rc6](https://img.shields.io/badge/AppVersion-v0.7.0--rc6-informational?style=flat-square&color=3CA9DD)
 
 Zora scans multiple Kubernetes clusters and reports potential issues.
 
@@ -12,7 +12,7 @@ To install the chart with the release name `zora`:
 helm repo add undistro https://charts.undistro.io --force-update
 helm upgrade --install zora undistro/zora \
   -n zora-system \
-  --version 0.7.0-rc5 \
+  --version 0.7.0-rc6 \
   --create-namespace --wait
 ```
 
@@ -107,6 +107,8 @@ The following table lists the configurable parameters of the Zora chart and thei
 | scan.plugins.marvin.resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"250m","memory":"256Mi"}}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) to add to `marvin` container |
 | scan.plugins.marvin.image.repository | string | `"ghcr.io/undistro/marvin"` | marvin plugin image repository |
 | scan.plugins.marvin.image.tag | string | `"v0.2.0"` | marvin plugin image tag |
+| scan.plugins.trivy.ignoreUnfixed | bool | `false` | Specifies whether only fixed vulnerabilities should be reported |
+| scan.plugins.trivy.ignoreDescriptions | bool | `false` | Specifies whether vulnerability descriptions should be ignored |
 | scan.plugins.trivy.resources | object | `{}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) to add to `trivy` container |
 | scan.plugins.trivy.image.repository | string | `"ghcr.io/aquasecurity/trivy"` | trivy plugin image repository |
 | scan.plugins.trivy.image.tag | string | `"0.45.1"` | trivy plugin image tag |

charts/zora/crds/zora.undistro.io_plugins.yaml

@@ -86,8 +86,8 @@ spec:
                   type: string
                 type: array
               env:
-                description: List of environment variables to set in the container.
-                  Cannot be updated.
+                description: List of environment variables to set in plugin and worker
+                  containers. Cannot be updated.
                 items:
                   description: EnvVar represents an environment variable present in
                     a Container.
@@ -197,11 +197,12 @@ spec:
                 type: array
               envFrom:
                 description: List of sources to populate environment variables in
-                  the container. The keys defined within a source must be a C_IDENTIFIER.
-                  All invalid keys will be reported as an event when the container
-                  is starting. When a key exists in multiple sources, the value associated
-                  with the last source will take precedence. Values defined by an
-                  Env with a duplicate key will take precedence. Cannot be updated.
+                  plugin and worker containers. The keys defined within a source must
+                  be a C_IDENTIFIER. All invalid keys will be reported as an event
+                  when the container is starting. When a key exists in multiple sources,
+                  the value associated with the last source will take precedence.
+                  Values defined by an Env with a duplicate key will take precedence.
+                  Cannot be updated.
                 items:
                   description: EnvFromSource represents the source of a set of ConfigMaps
                   properties:

charts/zora/templates/plugins/trivy.yaml

@@ -28,11 +28,26 @@ spec:
   mountCustomChecksVolume: false
   securityContext:
     allowPrivilegeEscalation: false
+  env:
+    - name: TRIVY_IGNORE_VULN_DESCRIPTIONS
+      value: {{ .Values.scan.plugins.trivy.ignoreDescriptions | quote }}
   command:
     - /bin/sh
     - -c
     - |
-      time trivy k8s --debug --no-progress -A --scanners=vuln --report=summary -f=json cluster -o $(DONE_DIR)/results.json
+      time trivy k8s \
+        --debug \
+        --no-progress \
+        --all-namespaces \
+        --scanners=vuln \
+        --report=summary \
+        -f=json \
+        {{- if .Values.scan.plugins.trivy.ignoreUnfixed }}
+        --ignore-unfixed \
+        {{- end }}
+        -o $(DONE_DIR)/results.json \
+        cluster
+
       exitcode=$(echo $?)
       if [ $exitcode -ne 0 ]; then
         echo "ERROR" > $(DONE_DIR)/error

charts/zora/values.yaml

@@ -191,6 +191,10 @@ scan:
         tag: v0.2.0
 
     trivy:
+      # -- Specifies whether only fixed vulnerabilities should be reported
+      ignoreUnfixed: false
+      # -- Specifies whether vulnerability descriptions should be ignored
+      ignoreDescriptions: false
       # -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) to add to `trivy` container
       resources: {}
       image: