---
title: Exclude Source Scanner from source-test-scan-to-url Supply Chain in Tanzu Application Platform
tags: ["Kubernetes", "Cartographer", "Grype", "Tanzu", "TAP", "ytt"]
categories: ["Dev", "CaaS", "Kubernetes", "TAP"]
date: 2022-12-16T04:31:11Z
updated: 2022-12-16T05:12:51Z
---

How to exclude Source Scanner using ytt overlay when Image Scanner is sufficient for vulnerability scanning in source-test-scan-to-url Supply Chain and Source Scanner is unnecessary

<br>

Create an overlay

```yaml
cat <<EOF > ootb-supply-chain-testing-scanning-remove-source-scanner.yaml
#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.subset({"metadata":{"name":"source-test-scan-to-url"}, "kind": "ClusterSupplyChain"})
---
spec:
  resources:
  #@overlay/match by="name"
  #@overlay/remove
  - name: source-scanner
  #@overlay/match by="name"
  - name: image-provider
    sources:
    #@overlay/match by="name"
    - name: source
      resource: source-tester
EOF
```

Register the overlay as a Secret. 
The following should be done for Build Cluster in case of Multi Cluster topology.

```
kubectl -n tap-install create secret generic ootb-supply-chain-testing-scanning-remove-source-scanner \
  -o yaml \
  --dry-run=client \
  --from-file=ootb-supply-chain-testing-scanning-remove-source-scanner.yaml \
  | kubectl apply -f-
```


Set the Secret name of the created overlay above to package_overlays in tap-values.yaml as follows.

```yaml
package_overlays:
# ...
- name: ootb-supply-chain-testing-scanning
  secrets:
  - name: ootb-supply-chain-testing-scanning-remove-source-scanner 
  # ...
```

Update the packageinstall

```
tanzu package installed update -n tap-install tap -f tap-values.yaml
```

Before
<img width="1024" alt="image" src="https://user-images.githubusercontent.com/106908/207999730-2e762569-1ad4-442d-aa9d-48393f342c8d.png">

After
<img width="1024" alt="image" src="https://user-images.githubusercontent.com/106908/208000821-a19e4da8-0ed6-4efe-88a0-a78409ccf41b.png">