Fix prowler image and IaC scan arguments
Image scan: add https:// scheme to registry URL. IaC scan: use --scan-repository-url (Prowler clones the repo itself), removing the need for an init container. The flag is --scan-path for local dirs, --scan-repository-url for git. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
7f2d53bc77
commit
7d1ae1a57e
2 changed files with 2 additions and 22 deletions
|
|
@ -15,26 +15,13 @@ spec:
|
|||
securityContext:
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
initContainers:
|
||||
- name: clone-repo
|
||||
image: alpine/git:kustomized
|
||||
command:
|
||||
- git
|
||||
- clone
|
||||
- --depth
|
||||
- "1"
|
||||
- https://forge.ops.eblu.me/eblume/blumeops.git
|
||||
- /repo
|
||||
volumeMounts:
|
||||
- name: repo
|
||||
mountPath: /repo
|
||||
containers:
|
||||
- name: prowler
|
||||
image: registry.ops.eblu.me/blumeops/prowler:kustomized
|
||||
args:
|
||||
- iac
|
||||
- --directory
|
||||
- /repo
|
||||
- --scan-repository-url
|
||||
- https://forge.ops.eblu.me/eblume/blumeops.git
|
||||
- -z
|
||||
- --output-formats
|
||||
- html
|
||||
|
|
@ -45,13 +32,8 @@ spec:
|
|||
volumeMounts:
|
||||
- name: reports
|
||||
mountPath: /reports
|
||||
- name: repo
|
||||
mountPath: /repo
|
||||
readOnly: true
|
||||
restartPolicy: OnFailure
|
||||
volumes:
|
||||
- name: reports
|
||||
persistentVolumeClaim:
|
||||
claimName: prowler-reports
|
||||
- name: repo
|
||||
emptyDir: {}
|
||||
|
|
|
|||
|
|
@ -16,5 +16,3 @@ resources:
|
|||
images:
|
||||
- name: registry.ops.eblu.me/blumeops/prowler
|
||||
newTag: v5.22.0-6960243
|
||||
- name: alpine/git
|
||||
newTag: v2.47.2
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue