-
Notifications
You must be signed in to change notification settings - Fork 2.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Support passing value overrides for configuration checks (#2679)
- Loading branch information
Owen Rumney
authored
Aug 8, 2022
1 parent
317a026
commit 0112385
Showing
12 changed files
with
732 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# Value Overrides | ||
|
||
Value files can be passed for supported scannable config files. | ||
|
||
## Terraform value overrides | ||
You can pass `tf-vars` files to Trivy to override default values found in the Terraform HCL code. | ||
|
||
```bash | ||
trivy conf --tf-vars dev.terraform.tfvars ./infrastructure/tf | ||
``` | ||
|
||
## Helm value overrides | ||
There are a number of options for overriding values in Helm charts. When override values are passed to the Helm scanner, the values will be used during the Manifest rendering process and will become part of the scanned artifact. | ||
|
||
### Setting inline value overrides | ||
Overrides can be set inline on the command line | ||
|
||
```bash | ||
trivy conf --helm-set securityContext.runAsUser=0 ./charts/mySql | ||
``` | ||
|
||
### Setting value file overrides | ||
Overrides can be in a file that has the key=value set. | ||
|
||
```yaml | ||
# Example override file (overrides.yaml) | ||
|
||
securityContext: | ||
runAsUser: 0 | ||
``` | ||
```bash | ||
trivy conf --helm-values overrides.yaml ./charts/mySql | ||
``` | ||
|
||
### Setting value as explicit string | ||
the `--helm-set-string` is the same as `--helm-set` but explicitly retains the value as a string | ||
|
||
```bash | ||
trivy config --helm-set-string name=false ./infrastructure/tf | ||
``` | ||
|
||
### Setting sepecific values from files | ||
Specific override values can come from specific files | ||
|
||
```bash | ||
trivy conf --helm-set-file environment=dev.values.yaml ./charts/mySql | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
securityContext: | ||
runAsUser: 0 |
Oops, something went wrong.