The secureCodeBox operator is runniing on kubernetes and the core component of the complete secureCodeBox stack, responsible for operating all scans and ressources.
The secureCodeBox Operator can be deployed via helm:
# Add the secureCodeBox Helm Repo
helm repo add secureCodeBox https://charts.securecodebox.io
# Create a new namespace for the secureCodeBox Operator
kubectl create namespace securecodebox-system
# Install the Operator & CRD's
helm install securecodebox-operator secureCodeBox/operator| Key | Type | Default | Description |
|---|---|---|---|
| image.pullPolicy | string | "Always" |
Image pull policy |
| image.repository | string | "docker.io/securecodebox/operator" |
The operator image repository |
| image.tag | string | defaults to the charts version | Parser image tag |
| lurcher.image.pullPolicy | string | "Always" |
Image pull policy |
| lurcher.image.repository | string | "docker.io/securecodebox/lurcher" |
The operator image repository |
| lurcher.image.tag | string | defaults to the charts version | Parser image tag |
| minio.defaultBucket.enabled | bool | true |
|
| minio.defaultBucket.name | string | "securecodebox" |
|
| minio.enabled | bool | true |
|
| resources | object | {"limits":{"cpu":"100m","memory":"30Mi"},"requests":{"cpu":"100m","memory":"20Mi"}} |
CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) |
| s3.bucket | string | "my-bucket" |
|
| s3.enabled | bool | false |
|
| s3.endpoint | string | "fra1.digitaloceanspaces.com" |
|
| s3.keySecret | string | "my-secret" |
|
| s3.port | string | nil |
|
| s3.secretAttributeNames.accesskey | string | "accesskey" |
|
| s3.secretAttributeNames.secretkey | string | "secretkey" |
|
| securityContext.allowPrivilegeEscalation | bool | false |
Ensure that users privileges cannot be escalated |
| securityContext.capabilities.drop[0] | string | "all" |
This drops all linux privileges from the operator container. They are not required |
| securityContext.privileged | bool | false |
Ensures that the operator container is not run in privileged mode |
| securityContext.readOnlyRootFilesystem | bool | true |
Prevents write access to the containers file system |
| securityContext.runAsNonRoot | bool | true |
Enforces that the Operator image is run as a non root user |
| telemetryEnabled | bool | true |
The Operator sends anonymous telemetry data, to give the team an overview how much the secureCodeBox is used. Find out more at https://www.securecodebox.io/telemetry |