diff --git a/charts/gohoarder/Chart.yaml b/charts/gohoarder/Chart.yaml index 377ede8..ec8d60b 100644 --- a/charts/gohoarder/Chart.yaml +++ b/charts/gohoarder/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: gohoarder description: A universal package cache proxy supporting npm, PyPI, and Go modules with security scanning type: application -version: 0.1.44 -appVersion: "0.1.44" +version: 0.1.45 +appVersion: "0.1.45" keywords: - package-manager - cache diff --git a/charts/gohoarder/templates/configmap.yaml b/charts/gohoarder/templates/configmap.yaml index cc742a4..fd1e026 100644 --- a/charts/gohoarder/templates/configmap.yaml +++ b/charts/gohoarder/templates/configmap.yaml @@ -93,24 +93,30 @@ data: low: {{ .Values.security.blockThresholds.low }} scanners: trivy: - enabled: {{ .Values.security.scanners.trivy.enabled }} + # Disabled in server config (no trivy binary), enabled via env var in scanner pod + enabled: false timeout: {{ .Values.security.scanners.trivy.timeout | quote }} cache_db: {{ .Values.security.scanners.trivy.cacheDb | quote }} osv: + # API-based scanner - works in both server and scanner pods enabled: {{ .Values.security.scanners.osv.enabled }} api_url: {{ .Values.security.scanners.osv.apiUrl | quote }} timeout: {{ .Values.security.scanners.osv.timeout | quote }} grype: - enabled: {{ .Values.security.scanners.grype.enabled }} + # Disabled in server config (no grype binary), enabled via env var in scanner pod + enabled: false timeout: {{ .Values.security.scanners.grype.timeout | quote }} govulncheck: - enabled: {{ .Values.security.scanners.govulncheck.enabled }} + # Disabled in server config (no go/govulncheck binary), enabled via env var in scanner pod + enabled: false timeout: {{ .Values.security.scanners.govulncheck.timeout | quote }} npm_audit: - enabled: {{ .Values.security.scanners.npmAudit.enabled }} + # Disabled in server config (no npm binary), enabled via env var in scanner pod + enabled: false timeout: {{ .Values.security.scanners.npmAudit.timeout | quote }} pip_audit: - enabled: {{ .Values.security.scanners.pipAudit.enabled }} + # Disabled in server config (no pip binary), enabled via env var in scanner pod + enabled: false timeout: {{ .Values.security.scanners.pipAudit.timeout | quote }} ghsa: enabled: {{ .Values.security.scanners.ghsa.enabled }} diff --git a/charts/gohoarder/templates/deployment-scanner.yaml b/charts/gohoarder/templates/deployment-scanner.yaml index 308db42..036ea4d 100644 --- a/charts/gohoarder/templates/deployment-scanner.yaml +++ b/charts/gohoarder/templates/deployment-scanner.yaml @@ -109,6 +109,17 @@ spec: env: - name: CONFIG_FILE value: /etc/gohoarder/config.yaml + # Enable tool-based scanners only in scanner pod (server doesn't have the tools) + - name: GOHOARDER_SECURITY_SCANNERS_TRIVY_ENABLED + value: "{{ .Values.security.scanners.trivy.enabled }}" + - name: GOHOARDER_SECURITY_SCANNERS_GRYPE_ENABLED + value: "{{ .Values.security.scanners.grype.enabled }}" + - name: GOHOARDER_SECURITY_SCANNERS_GOVULNCHECK_ENABLED + value: "{{ .Values.security.scanners.govulncheck.enabled }}" + - name: GOHOARDER_SECURITY_SCANNERS_NPM_AUDIT_ENABLED + value: "{{ .Values.security.scanners.npmAudit.enabled }}" + - name: GOHOARDER_SECURITY_SCANNERS_PIP_AUDIT_ENABLED + value: "{{ .Values.security.scanners.pipAudit.enabled }}" {{- if and (eq .Values.metadata.backend "postgresql") .Values.metadata.postgresql.existingSecret }} - name: POSTGRES_USER valueFrom: diff --git a/charts/gohoarder/values.yaml b/charts/gohoarder/values.yaml index 94ddf05..db2e716 100644 --- a/charts/gohoarder/values.yaml +++ b/charts/gohoarder/values.yaml @@ -51,17 +51,17 @@ image: server: repository: ghcr.io/lukaszraczylo/gohoarder-server pullPolicy: IfNotPresent - tag: "0.1.44" + tag: "0.1.45" frontend: repository: ghcr.io/lukaszraczylo/gohoarder-frontend pullPolicy: IfNotPresent - tag: "0.1.44" + tag: "0.1.45" scanner: repository: ghcr.io/lukaszraczylo/gohoarder-scanner pullPolicy: IfNotPresent - tag: "0.1.44" + tag: "0.1.45" # Service Account serviceAccount: @@ -358,7 +358,7 @@ migration: image: repository: ghcr.io/lukaszraczylo/gohoarder-migrate pullPolicy: IfNotPresent - tag: "0.1.44" + tag: "0.1.45" # Migration settings logLevel: "info" # debug, info, warn, error diff --git a/charts/packages/gohoarder-0.1.45.tgz b/charts/packages/gohoarder-0.1.45.tgz new file mode 100644 index 0000000..7fa3f3b Binary files /dev/null and b/charts/packages/gohoarder-0.1.45.tgz differ diff --git a/index.yaml b/index.yaml index e76f725..3094e53 100644 --- a/index.yaml +++ b/index.yaml @@ -1,6 +1,33 @@ apiVersion: v1 entries: gohoarder: + - apiVersion: v2 + appVersion: 0.1.45 + created: "2026-01-04T03:34:21.196098251Z" + description: A universal package cache proxy supporting npm, PyPI, and Go modules + with security scanning + digest: 3dba76cb998854894a644332817ba8715ab72b5238487801288a2f3a09f19288 + home: https://github.com/lukaszraczylo/gohoarder + icon: https://raw.githubusercontent.com/lukaszraczylo/gohoarder/main/docs/logo.png + keywords: + - package-manager + - cache + - proxy + - npm + - pypi + - go-modules + - security + - vulnerability-scanning + maintainers: + - email: lukasz@raczylo.com + name: Lukasz Raczylo + name: gohoarder + sources: + - https://github.com/lukaszraczylo/gohoarder + type: application + urls: + - https://github.com/lukaszraczylo/helm-charts/releases/download/gohoarder-0.1.45/gohoarder-0.1.45.tgz + version: 0.1.45 - apiVersion: v2 appVersion: 0.1.44 created: "2026-01-04T03:03:47.509452165Z" @@ -1921,4 +1948,4 @@ entries: urls: - https://github.com/lukaszraczylo/helm-charts/releases/download/kubemirror-0.2.8/kubemirror-0.2.8.tgz version: 0.2.8 -generated: "2026-01-04T03:03:47.507902688Z" +generated: "2026-01-04T03:34:21.194498529Z"