chore: bump up Trivy version to v0.59.1 (#2406)

afdesk · simar7 · web-flow · commit 39b46112b5aa · 2025-02-05T17:44:57.000-07:00
* chore: bump up Trivy version to v0.59.0

* chore: bump up Python to 3.8 for helm chart testing

* ci: update helm chart testing workflow

* chore: bump up Trivy version to v0.59.1

---------

Co-authored-by: simar7 &lt;1254783+simar7@users.noreply.github.com&gt;
diff --git a/.github/workflows/chart-testing.yaml b/.github/workflows/chart-testing.yaml
@@ -76,15 +76,17 @@ jobs:
           docker save -o trivy-operator.tar mirror.gcr.io/aquasec/trivy-operator:ct
 
           kind load image-archive trivy-operator.tar
+
       - name: Set up python
-        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38
+        uses: actions/setup-python@v5.3.0
         with:
-          python-version: 3.7
+          python-version: '3.x'
+          check-latest: true
+
       - name: Setup chart-testing
         id: lint
         uses: helm/chart-testing-action@v2.7.0
-      - name: Install yamllint
-        run: pip install yamllint
+
       - name: Run chart-testing
         run: ct lint-and-install --validate-maintainers=false --charts deploy/helm
       - name: Delete kind cluster
diff --git a/deploy/helm/README.md b/deploy/helm/README.md
@@ -146,7 +146,7 @@ Keeps security report resources updated
 | trivy.image.pullPolicy | string | `"IfNotPresent"` | pullPolicy is the imge pull policy used for trivy image , valid values are (Always, Never, IfNotPresent) |
 | trivy.image.registry | string | `"mirror.gcr.io"` | registry of the Trivy image |
 | trivy.image.repository | string | `"aquasec/trivy"` | repository of the Trivy image |
-| trivy.image.tag | string | `"0.58.0"` | tag version of the Trivy image |
+| trivy.image.tag | string | `"0.59.1"` | tag version of the Trivy image |
 | trivy.imageScanCacheDir | string | `"/tmp/trivy/.cache"` | imageScanCacheDir the flag to set custom path for trivy image scan `cache-dir` parameter. Only applicable in image scan mode. |
 | trivy.includeDevDeps | bool | `false` | includeDevDeps include development dependencies in the report (supported: npm, yarn) (default: false) note: this flag is only applicable when trivy.command is set to filesystem |
 | trivy.insecureRegistries | object | `{}` | The registry to which insecure connections are allowed. There can be multiple registries with different keys. |
diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
@@ -343,7 +343,7 @@ trivy:
     # -- repository of the Trivy image
     repository: aquasec/trivy
     # -- tag version of the Trivy image
-    tag: 0.58.0
+    tag: 0.59.1
     # -- imagePullSecret is the secret name to be used when pulling trivy image from private registries example : reg-secret
     # It is the user responsibility to create the secret for the private registry in `trivy-operator` namespace
     imagePullSecret: ~
diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml
@@ -3045,7 +3045,7 @@ metadata:
     app.kubernetes.io/managed-by: kubectl
 data:
   trivy.repository: "mirror.gcr.io/aquasec/trivy"
-  trivy.tag: "0.58.0"
+  trivy.tag: "0.59.1"
   trivy.imagePullPolicy: "IfNotPresent"
   trivy.additionalVulnerabilityReportFields: ""
   trivy.severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
diff --git a/go.mod b/go.mod
diff --git a/go.sum b/go.sum
