solarwinds · jakub-racek-swi · Dec 10, 2025 · Dec 4, 2025 · Dec 4, 2025 · Dec 4, 2025
@@ -1325,9 +1325,40 @@ trivy-operator:
   targetWorkloads: pod,replicaset,statefulset,daemonset,cronjob,job
   trivy:
     severity: LOW,MEDIUM,HIGH,CRITICAL
+
+    # Resources for scan job containers
+    resources:
+      requests:
+        cpu: 100m
+        memory: 100M
+      limits:
+        cpu: 500m
+        memory: 500M
+
   trivyOperator:
     scanJobNodeSelector:
       kubernetes.io/os: linux
+  operator:
+    # Currently only Image Vulnerability Scanning is supported, other features are TBD
+    vulnerabilityScannerEnabled: true
+
+    # Disabled features 
+    configAuditScannerEnabled: false
+    rbacAssessmentScannerEnabled: false
+    infraAssessmentScannerEnabled: false
+    clusterComplianceEnabled: false
+    exposedSecretScannerEnabled: false
+
+    # Access to global secrets and service account tokens is disabled by default
+    accessGlobalSecretsAndServiceAccount: false
+
+    # Map of namespace:secrets, secrets are comma separated
+    # This setting is to be used to authenticate in private registries if accessGlobalSecretsAndServiceAccount is set to false
+    # see https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm for configuration reference
+    privateRegistryScanSecretsNames: {}
+
+    # Another option of providing access to private registries is to use managed registries, which will involve modifying the operator's service account
+    # See https://aquasecurity.github.io/trivy-operator/v0.29.0/docs/vulnerability-scanning/managed-registries/ for configuration steps
 
 # Configuration for migration jobs that handle upgrades between chart versions
 migrations: