lukaszraczylo/gohoarder
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/gohoarder.git synced 2026-06-05 22:53:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! perf: build frontend once on runner instead of in Docker

Browse Source
This commit is contained in:
Lukasz Raczylo
2026-01-04 03:18:49 +00:00
parent f86943b884
commit 3ecff61114
2 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
helm/gohoarder/templates/configmap.yaml
+11 -5
View File
@@ -93,24 +93,30 @@ data:
low: {{ .Values.security.blockThresholds.low }} low: {{ .Values.security.blockThresholds.low }}
scanners: scanners:
trivy: trivy:
enabled: {{ .Values.security.scanners.trivy.enabled }} # Disabled in server config (no trivy binary), enabled via env var in scanner pod
enabled: false
timeout: {{ .Values.security.scanners.trivy.timeout | quote }} timeout: {{ .Values.security.scanners.trivy.timeout | quote }}
cache_db: {{ .Values.security.scanners.trivy.cacheDb | quote }} cache_db: {{ .Values.security.scanners.trivy.cacheDb | quote }}
osv: osv:
# API-based scanner - works in both server and scanner pods
enabled: {{ .Values.security.scanners.osv.enabled }} enabled: {{ .Values.security.scanners.osv.enabled }}
api_url: {{ .Values.security.scanners.osv.apiUrl | quote }} api_url: {{ .Values.security.scanners.osv.apiUrl | quote }}
timeout: {{ .Values.security.scanners.osv.timeout | quote }} timeout: {{ .Values.security.scanners.osv.timeout | quote }}
grype: grype:
enabled: {{ .Values.security.scanners.grype.enabled }} # Disabled in server config (no grype binary), enabled via env var in scanner pod
enabled: false
timeout: {{ .Values.security.scanners.grype.timeout | quote }} timeout: {{ .Values.security.scanners.grype.timeout | quote }}
govulncheck: govulncheck:
enabled: {{ .Values.security.scanners.govulncheck.enabled }} # Disabled in server config (no go/govulncheck binary), enabled via env var in scanner pod
enabled: false
timeout: {{ .Values.security.scanners.govulncheck.timeout | quote }} timeout: {{ .Values.security.scanners.govulncheck.timeout | quote }}
npm_audit: npm_audit:
enabled: {{ .Values.security.scanners.npmAudit.enabled }} # Disabled in server config (no npm binary), enabled via env var in scanner pod
enabled: false
timeout: {{ .Values.security.scanners.npmAudit.timeout | quote }} timeout: {{ .Values.security.scanners.npmAudit.timeout | quote }}
pip_audit: pip_audit:
enabled: {{ .Values.security.scanners.pipAudit.enabled }} # Disabled in server config (no pip binary), enabled via env var in scanner pod
enabled: false
timeout: {{ .Values.security.scanners.pipAudit.timeout | quote }} timeout: {{ .Values.security.scanners.pipAudit.timeout | quote }}
ghsa: ghsa:
enabled: {{ .Values.security.scanners.ghsa.enabled }} enabled: {{ .Values.security.scanners.ghsa.enabled }}
helm/gohoarder/templates/deployment-scanner.yaml
+11
View File
@@ -109,6 +109,17 @@ spec:
env: env:
- name: CONFIG_FILE - name: CONFIG_FILE
value: /etc/gohoarder/config.yaml value: /etc/gohoarder/config.yaml
# Enable tool-based scanners only in scanner pod (server doesn't have the tools)
- name: GOHOARDER_SECURITY_SCANNERS_TRIVY_ENABLED
value: "{{ .Values.security.scanners.trivy.enabled }}"
- name: GOHOARDER_SECURITY_SCANNERS_GRYPE_ENABLED
value: "{{ .Values.security.scanners.grype.enabled }}"
- name: GOHOARDER_SECURITY_SCANNERS_GOVULNCHECK_ENABLED
value: "{{ .Values.security.scanners.govulncheck.enabled }}"
- name: GOHOARDER_SECURITY_SCANNERS_NPM_AUDIT_ENABLED
value: "{{ .Values.security.scanners.npmAudit.enabled }}"
- name: GOHOARDER_SECURITY_SCANNERS_PIP_AUDIT_ENABLED
value: "{{ .Values.security.scanners.pipAudit.enabled }}"
{{- if and (eq .Values.metadata.backend "postgresql") .Values.metadata.postgresql.existingSecret }} {{- if and (eq .Values.metadata.backend "postgresql") .Values.metadata.postgresql.existingSecret }}
- name: POSTGRES_USER - name: POSTGRES_USER
valueFrom: valueFrom: