This updates trivy and the alpine base image to the latest version.
Also runs the container as non-root by default (the new kube-trivy-exporter user). I updated the mount path and security contexts for the statefulset accordingly.
⚠Note that I removed the --enable-tracing arg and set the image to my personal build to test the changes. That's why I've marked this PR as a draft for now. Let me know if/when I should revert these parts. (It would be great if the container image could be hosted on ghcr.io or some other registry that allows hosting publicly accessible images without requiring the imagePullSecret to be set.).
This updates trivy and the alpine base image to the latest version.
Also runs the container as non-root by default (the new
kube-trivy-exporteruser). I updated the mount path and security contexts for the statefulset accordingly.⚠Note that I removed the
--enable-tracingarg and set the image to my personal build to test the changes. That's why I've marked this PR as a draft for now. Let me know if/when I should revert these parts. (It would be great if the container image could be hosted on ghcr.io or some other registry that allows hosting publicly accessible images without requiring the imagePullSecret to be set.).