From d0f4629cdaf2eeca7594e7ba30a792279be01693 Mon Sep 17 00:00:00 2001
From: jakub-racek-swi <jakub.racek@solarwinds.com>
Date: Thu, 4 Dec 2025 14:13:34 +0100
Subject: [PATCH 1/5] update values with extended trivy configuration

---
 deploy/helm/values.yaml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
index 39510eca..f503e7d0 100644
--- a/deploy/helm/values.yaml
+++ b/deploy/helm/values.yaml
@@ -1328,6 +1328,27 @@ trivy-operator:
   trivyOperator:
     scanJobNodeSelector:
       kubernetes.io/os: linux
+  operator:
+    # Currently on Image Vulnerability Scanning is supported, other fearures are TBD
+    vulnerabilityScannerEnabled: true
+
+    # Disabled features 
+    configAuditScannerEnabled: false
+    rbacAssessmentScannerEnabled: false
+    infraAssessmentScannerEnabled: false
+    clusterComplianceEnabled: false
+    exposedSecretScannerEnabled: false
+
+    # Access to global secrets and service account tokens
+    accessGlobalSecretsAndServiceAccount: false
+
+    # Map of namespace:secrets, secrets are comma separated
+    # This setting is to be used to authenticate in private registries if accessGlobalSecretsAndServiceAccount is set to false
+    # see https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm for configuration reference
+    privateRegistryScanSecretsNames: {}
+
+    # Another option of providing access to private registries is to use managed registries, which will involve modifying the operator's service account
+    # See https://aquasecurity.github.io/trivy-operator/v0.29.0/docs/vulnerability-scanning/managed-registries/ for configuration steps
 
 # Configuration for migration jobs that handle upgrades between chart versions
 migrations:

From c5e22e8bc85cb452aacdccc54436a5a68ab68d7c Mon Sep 17 00:00:00 2001
From: jakub-racek-swi <jakub.racek@solarwinds.com>
Date: Thu, 4 Dec 2025 14:26:34 +0100
Subject: [PATCH 2/5] fix typo

---
 deploy/helm/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
index f503e7d0..3ff8740f 100644
--- a/deploy/helm/values.yaml
+++ b/deploy/helm/values.yaml
@@ -1329,7 +1329,7 @@ trivy-operator:
     scanJobNodeSelector:
       kubernetes.io/os: linux
   operator:
-    # Currently on Image Vulnerability Scanning is supported, other fearures are TBD
+    # Currently only Image Vulnerability Scanning is supported, other features are TBD
     vulnerabilityScannerEnabled: true
 
     # Disabled features 

From 545fdd152e6bb07dbc313e99d6528596d8c27a40 Mon Sep 17 00:00:00 2001
From: jakub-racek-swi <jakub.racek@solarwinds.com>
Date: Thu, 4 Dec 2025 14:31:42 +0100
Subject: [PATCH 3/5] update comments

---
 deploy/helm/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
index 3ff8740f..7fd9b33c 100644
--- a/deploy/helm/values.yaml
+++ b/deploy/helm/values.yaml
@@ -1339,7 +1339,7 @@ trivy-operator:
     clusterComplianceEnabled: false
     exposedSecretScannerEnabled: false
 
-    # Access to global secrets and service account tokens
+    # Access to global secrets and service account tokens is disabled by default
     accessGlobalSecretsAndServiceAccount: false
 
     # Map of namespace:secrets, secrets are comma separated

From 85cb69832efb9bd9bceb778a0464774f6aadcacf Mon Sep 17 00:00:00 2001
From: jakub-racek-swi <jakub.racek@solarwinds.com>
Date: Thu, 4 Dec 2025 15:04:43 +0100
Subject: [PATCH 4/5] make scan job resources configurable

---
 deploy/helm/values.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
index 7fd9b33c..b01cd7c1 100644
--- a/deploy/helm/values.yaml
+++ b/deploy/helm/values.yaml
@@ -1325,6 +1325,16 @@ trivy-operator:
   targetWorkloads: pod,replicaset,statefulset,daemonset,cronjob,job
   trivy:
     severity: LOW,MEDIUM,HIGH,CRITICAL
+    
+    # Resources for scan job containers
+    resources:
+      requests:
+        cpu: 100m
+        memory: 100M
+      limits:
+        cpu: 500m
+        memory: 500M
+
   trivyOperator:
     scanJobNodeSelector:
       kubernetes.io/os: linux

From fd2e717cd81ec5ac79581a111344492ef098d607 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20R=C3=A1=C4=8Dek?=
 <138503565+jakub-racek-swi@users.noreply.github.com>
Date: Wed, 10 Dec 2025 10:36:45 +0100
Subject: [PATCH 5/5] Update mem units

Co-authored-by: Eduard Tichy <17002066+etichy@users.noreply.github.com>
---
 deploy/helm/values.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
index b01cd7c1..d4a03f46 100644
--- a/deploy/helm/values.yaml
+++ b/deploy/helm/values.yaml
@@ -1330,10 +1330,10 @@ trivy-operator:
     resources:
       requests:
         cpu: 100m
-        memory: 100M
+        memory: 100Mi
       limits:
         cpu: 500m
-        memory: 500M
+        memory: 500Mi
 
   trivyOperator:
     scanJobNodeSelector: