-
Notifications
You must be signed in to change notification settings - Fork 14
/
exampleConfig.yaml
157 lines (144 loc) · 6.68 KB
/
exampleConfig.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
---
type: yml # default type
# Application configuration, these settings can be overridden with the command-line flags
#app:
# verbose: true # Enable more logging, default is false
# debug: true # Enable debug logging, default is false
# jsonLoggingEnabled: true # Enable json logging format, default is false. When logging to json format no output table is shown
# logFile: /path/where/to/log.json # Path to log to a file. No standard output is available anymore. When logging to json format no output table is shown
# startServer: true # Run as a web server, default is false
# Don't check for information in Kubernetes cluster, default is true
#kubernetesFetchEnabled: false
# By default, all namespaces are checked. You can provide a list of namespaces to check instead.
#
#namespaces:
# - test
# - kube-system
# By default DockerHub, Quay, gcr.io, k8s.gcr.io, and Zalando repository are configured
# If your images are using one of these registries the version fetching will work automatically
#
#imageRegistries:
# If you need to fetch versions for private images from the default registries please override the authentication method and username/password
# If the images are on a private registry but all the images are originally from one of the default registries, for example, DockerHub.
# You can set one of the default registries to default and it will use that registry to fetch the latest versions regardless of what registry is specified on the image in Kubernetes.
#
# dockerHub:
# username:
# password:
# default: true or false
# quay:
# username:
# password:
# authType: # Can be basic or token
# default: true or false
# gcr:
# username:
# password:
# authType: # Can be basic or token
# default: true or false
# gcrK8s:
# username:
# password:
# authType: # Can be basic or token
# default: true or false
# zalando:
# username:
# password:
# authType: # Can be basic or token
# default: true or false
# gitlab:
# username:
# password:
# authType: # Can be basic or token
# default: true or false
# You can configure a private registry here.
# You can also specify certain registry URLs that are used by your images to use one of the default registries to fetch the latest version from.
# You can specify multiple URLs at the same time that need to be overridden.
#
# overrideRegistries:
# - registry: # Use this only when you want to add a private registry
# url:
# authType: # Can be none, basic, token, or ecr
# username: # Not needed if AuthType set to none
# password: # Not needed if AuthType set to none
# region: # Not needed if AuthType is not ecr
# registryName: # Use one of the default registries: DockerHub, Quay, Gcr, GcrK8s, Zalando, Gitlab
# urls:
# - some.url.io
# allowAllReleases: true # This allows all semver versions, like release candidates or custom suffixes. Default is false
# If certain images need to use a different registry to fetch the latest version from then you can specify your private registry here or you can select one of the default ones to be used.
# This always takes precedence above all the above registry configuration.
#
# override:
# - registry: # Use this only when you want to add a private registry
# url:
# authType: # Can be none, basic, token, or ecr
# username: # Not needed if AuthType set to none
# password: # Not needed if AuthType set to none
# region: # Not needed if AuthType is not ecr
# registryName: # Use one of the default registries: DockerHub, Quay, Gcr, GcrK8s, Zalando
# images:
# - test/something # Name of the image, you can also use regular expressions
# allowAllReleases: true # This allows all semver versions, like release candidates or custom suffixes. Default is false
# If the image names in the private repo and online are not the same then they can be overridden here.
# Note this is only used to fetch the latest version everything else is based on the private name
# overrideImageNames:
# test: test/test
# If you have images that the LCM currently can't automatically find because you run them somewhere else outside of Kubernetes then you can specify them by hand here
#
#images:
# - test/some:1.1.2 # Please provide the full URL unless it's docker hub
# - registry.io/test/some:1.2.1
# Helm charts names don't contain the 'repository' they are originating from. Therefore hub.helm.sh can contain the same names.
# You can use this to provide the full name inclusive repository name.
#
#helmRegistries:
# overrideChartNames:
# test: stable/test
# If the helm charts are not stored on hub.helm.sh then a custom registry can be configured here.
# Currently only index.yaml registry is supported (helm supports other registries as well)
#
# override:
# - registry:
# url: https://some.url/index.yaml # Url to the index file
# charts: # Chart names
# - splunk
# - falco-eks-audit-bridge
# allowAllReleases: true # This allows all semver versions, like release candidates or custom suffixes. Default is false
# LCM can also fetch known vulnerabilities for your images using an external tool and display them.
# Currently, only Jfrog Xray is supported.
# xray:
# url: "https://xray.somenonexistingurl.io"
# username:
# password:
# prefixes: # Xray uses a prefix to fetch scanning information, you can provide the prefixes to use per container
# - prefix: artifactory/docker
# images: # You can specify certain images or you can use regular expressions
# - chamber
# - ".*" # means all images
# You can specify static tools/applications for which you want to find the latest versions on GitHub
# Looking up latest version on GitHub works out of the box but you can add your username/password or token
# if you are hitting GitHub limits or want to access private repositories
# Use username/password which is an older way or use a GitHub token which is preferred
# github:
# credentials: # Optional
# username:
# password:
# token:
# repos:
# - repo: hashicorp/terraform
# version: "0.11.14"
# - repo: hashicorp/terraform-provider-archive
# version: "1.1.0"
# useTag: true # If the repository isn't using releases you can use tags to find the latest version, versions need to be semver
# It is possible to filter out the vulnerabilities which are accepted
# Specify severities you do not want to include in the count
# Specify the name of the image, this can be full docker image name with tag - arminc/other:1.1.0
# Or it can be a match (regular expression) like arminc.*
# filterVulnerabilities:
# severities:
# - LOW
# identifiers:
# name: arminc.*
# identifiers:
# - CVE-2018-7169