Add the option to respect certain labels on the original Trivy CRDs
sherifkayad opened this issue · 5 comments
Currently we configured the Trivy CRDs to respect the labels owner and app set on the resources to scan. This enables us to be able to filter e.g. by vulnerabilities belonging to a certain team or a certain application (at least from a Grafana perspective).
Maybe it would be a good idea to allow the adapter to also respect some of those labels and add them on the ClusterPolicyReport and PolicyReport objects it creates?
With the new applyLabels value for each report you are able to define a list of labels to apply from the source report to the (Cluster)PolicyReport.
It's released as version v0.2.0.
@fjogeleit I will give it a try right away! Thanks for the speedy work on that one.
You're welcome. Currently the workflow builds the image. So it will be available soon
@fjogeleit just wanted to assure that this works like a charm!
apiVersion: wgpolicyk8s.io/v1alpha2
kind: PolicyReport
metadata:
creationTimestamp: '2022-11-30T13:14:11Z'
generation: 1
labels:
owner: team-x
app: my-test-app
app.kubernetes.io/created-by: trivy-operator-polr-adapter
trivy-operator.source: ConfigAuditReport
...Just worth mentioning: I had to delete all the (Cluster)PolicyReport objects, uninstalled and re-installed the latest version (0.2.0) of the adapter .. Then the adapter ran smoothly again and generated all reports with the right labels.
hey, I had to change the name generation of some reports, this might be the issue which makes it necessary to delete the old ones - sorry for that. In general should it also update the labels when you update the related trivy report.
Thanks for the feedback