feat: expose trivy.skipFiles in helm values (aquasecurity#1622)

deploy/helm/README.md

@@ -138,6 +138,7 @@ Keeps security report resources updated
 | trivy.serverUser | string | `""` | serverUser this param is the server user to be used to download db from private registry |
 | trivy.severity | string | `"UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"` | severity is a comma separated list of severity levels reported by Trivy. |
 | trivy.skipDirs | string | `nil` | a comma separated list of directories for Trivy to skip |
+| trivy.skipFiles | string | `nil` | a comma separated list of file paths for Trivy to skip |
 | trivy.skipJavaDBUpdate | bool | `false` | skipJavaDBUpdate is the flag to enable skip Java index databases update for Trivy client. |
 | trivy.slow | bool | `true` | slow this flag is to use less CPU/memory for scanning though it takes more time than normal scanning. It fits small-footprint |
 | trivy.sslCertDir | string | `nil` | sslCertDir can be used to override the system default locations for SSL certificate files directory, example: /ssl/certs |

deploy/helm/templates/configmaps/trivy.yaml

@@ -50,6 +50,9 @@ data:
   trivy.dbRepository: "{{ .Values.trivy.dbRegistry }}/{{ .Values.trivy.dbRepository }}"
   trivy.javaDbRepository: "{{ .Values.trivy.javaDbRegistry }}/{{ .Values.trivy.javaDbRepository }}"
   trivy.command: {{ .Values.trivy.command | quote }}
+  {{- with .Values.trivy.skipFiles }}
+  trivy.skipFiles: {{ . | quote }}
+  {{- end }}
   {{- with .Values.trivy.skipDirs }}
   trivy.skipDirs: {{ . | quote }}
   {{- end }}

deploy/helm/values.yaml

@@ -335,6 +335,8 @@ trivy:
   # vulnerabilities reported by Trivy. Set to true to enable it.
   #
   ignoreUnfixed: false
+  # -- a comma separated list of file paths for Trivy to skip
+  skipFiles:
   # -- a comma separated list of directories for Trivy to skip
   skipDirs: