docs: update getting started guides with built-in configuration audits scanner
danielpacak opened this issue · comments
We are switching to efficient build-in configuration audits scanner to eventually deprecate Polaris and Conftest plugins (see #1020).
This is a great opportunity to review documentation pages and explain how build-in configuration audit scanner works, how we configure policies, and how to customize checks with OPA Rego. /cc @AnaisUrlichs
Hi @danielpacak
I currently have an issue when upgrading the operator from chart 0.8 to 0.9, and operator 0.13 to 0.15.0-rc4 (in arm version 👍🏻 ) :
plugin-based and built-in configuration audit scanners cannot be enabled at the same time
Sure I am missing something about the new built-in scanners and doc would be very helpful if something is needed.
My chart config is relatively simple yet :
operator:
scanJobsConcurrentLimit: 3
targetNamespaces: "" # blank string to let it operate in all namespaces.
image:
tag: "0.15.0-rc4"
trivy:
ignoreUnfixed: true
Thanks again for the work on starboard.
Thank you for the feedback @jlamande We haven't published Helm chart for v0.15.0-rc4 yet. It would be version 0.10.0. So please try installing it from cloned repository.
The error you mentioned indicates that both OPERATOR_CONFIG_AUDIT_SCANNER_ENABLED
and OPERATOR_CONFIG_AUDIT_SCANNER_BUILTIN
are enabled, whereas we're switching over to built-in configuration auditing scanner.