chheda-deshaw

Adding some more context here for the benefit of the maintainers. We dealt with an initial obstacle while hosting the TrivyDB outside Kubernetes using the Trivy CLI server mode. We...

It is also worth mentioning that in the `pod/trivy-operator` logs we see this while it is coming up: ``` W0415 12:01:06.089154 1 reflector.go:539] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: failed to list *v1alpha1.ClusterSbomReport: json: cannot...

[trivy-operator.txt](https://github.com/aquasecurity/trivy-operator/files/14996375/trivy-operator.txt) [trivy-operator-config.txt](https://github.com/aquasecurity/trivy-operator/files/14996376/trivy-operator-config.txt) [trivy-operator-policies-config.txt](https://github.com/aquasecurity/trivy-operator/files/14996377/trivy-operator-policies-config.txt) [trivy-operator-trivy-config.txt](https://github.com/aquasecurity/trivy-operator/files/14996378/trivy-operator-trivy-config.txt) As you can see we have made certain alterations to the configmaps to help the operator go through artifactory. These would be needed. > @chheda-deshaw please...

The pod descriptor: ```yaml apiVersion: v1 kind: Pod metadata: annotations: cni.projectcalico.org/containerID: 681c9e3a031da616ab3e6f407a3b2e4563fe398815f29770d7f3d5d6f0ae14ac cni.projectcalico.org/podIP: 192.168.239.147/32 cni.projectcalico.org/podIPs: 192.168.239.147/32 creationTimestamp: "2024-04-16T13:42:36Z" generateName: trivy-operator-668c66fb6- labels: app.kubernetes.io/instance: trivy-operator app.kubernetes.io/name: trivy-operator pod-template-hash: 668c66fb6 name: trivy-operator-668c66fb6-f9xxq namespace:...

Hi @chen-keinan, Apologies for the late reply. >the secret name in global config is: OPERATOR_PRIVATE_REGISTRY_SCAN_SECRETS_NAMES: '{"trivy-system":"artifactory-login-cfg"}' where the secret you created is named : artifactory-secret `artifactory-secret` is the dummy secret...

We are using [Artifactory](https://jfrog.com/blog/what-is-artifactory-jfrog/) as a private registry. Here is an example pod (scoreboard) on the same cluster: I guess this info should be fine right ? ```yaml ........ Containers:...

Yes. Thanks for this. I checked the imagePullSecret of scoreboard pod and found a couple of labels that were missing in the trivy secret. I added: ```yaml labels: app.kubernetes.io/managed-by: k8s-selfserve.deshaw.com...

>imagePullSecret is define on workload Yes it is > secret with same name exist on resource namespace It exists with the same name > secret should be created in form...

We use the image pull secret of type `kubernetes.io/dockerconfigjson` , which is basically embedding the username and password in the secret. Steps on creating it are here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ What exactly...

Yes that is how it is created.