How to exclude Source Scanner using ytt overlay when Image Scanner is sufficient for vulnerability scanning in source-test-scan-to-url Supply Chain and Source Scanner is unnecessary
Create an overlay
cat <<EOF > ootb-supply-chain-testing-scanning-remove-source-scanner.yaml
#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.subset({"metadata":{"name":"source-test-scan-to-url"}, "kind": "ClusterSupplyChain"})
---
spec:
resources:
#@overlay/match by="name"
#@overlay/remove
- name: source-scanner
#@overlay/match by="name"
- name: image-provider
sources:
#@overlay/match by="name"
- name: source
resource: source-tester
EOF
Register the overlay as a Secret. The following should be done for Build Cluster in case of Multi Cluster topology.
kubectl -n tap-install create secret generic ootb-supply-chain-testing-scanning-remove-source-scanner \
-o yaml \
--dry-run=client \
--from-file=ootb-supply-chain-testing-scanning-remove-source-scanner.yaml \
| kubectl apply -f-
Set the Secret name of the created overlay above to package_overlays in tap-values.yaml as follows.
package_overlays:
# ...
- name: ootb-supply-chain-testing-scanning
secrets:
- name: ootb-supply-chain-testing-scanning-remove-source-scanner
# ...
Update the packageinstall
tanzu package installed update -n tap-install tap -f tap-values.yaml
Before
After