Install K8 with Dependency-Track and Trivy Operator
Installation Steps:
-
configure k8 Kubernetes Kind Cluster (needs as prerequisite)
-
configure additional DNS for Dependency Track on Hetzner DNS or dnyns (like you want)
-
configure additional ingress on namespace for Dependency Track and Letsencrypt
-
install Helm Dependency Track repository
-
Rollout Helm Dependency Track
-
Rollout Trivy Operator
-
Rollout a exporter / converter for Trivy-Operator to import SBom results into Dependency track automatically 😉
https://github.com/takumakume/sbomreport-to-dependencytrack/tree/main
Install ingress for Dependency Track :
wget https://raw.githubusercontent.com/evryfs/helm-charts/master/charts/dependency-track/values.yaml
Edit the value on the bottom („your domain“):
ingress:enabled: trueannotations:kubernetes.io/ingress.class: "nginx"cert-manager.io/cluster-issuer: "letsencrypt-production"hostname: "labor02-dtrack.yourdomain.de"ingressClassName: ""tls:- secretName: dt-tlshosts:- labor02-dtrack.yourdomain.de
Install Dependency Track repo and install chart with value file!
helm repo add dependency-track https://dependencytrack.github.io/helm-chartshelm install dtrack dependency-track/dependency-track --namespace dtrack --create-namespace -f values.yaml
Dependency Track login is reachable in k8 with Frontend on labor02-dtrack.yourdomain.de
Change Admin password to your wishes on first login!
Install Trivy operator & configure →
https://aquasecurity.github.io/trivy-operator/latest/
helm repo add aqua https://aquasecurity.github.io/helm-charts/helm repo updateInstall the Helm Chart:helm install trivy-operator aqua/trivy-operator \--namespace trivy-system \--create-namespace \--version 0.23.1
Have installed Trivy Operator in the „trivy-system“ namespace.
It is configured to discover Kubernetes workloads and resources in all namespace(s).
Inspect created VulnerabilityReports by:kubectl get vulnerabilityreports --all-namespaces -o wideInspect created ConfigAuditReports by:kubectl get configauditreports --all-namespaces -o wideInspect the work log of trivy-operator by:kubectl logs -n trivy-system deployment/trivy-operator
Usefull Commands:kubectlget configMap -n trivy-systemkubectl describe configMap trivy-operator-trivy-config -n trivy-systemkubectl describe configMap trivy-operator-config -n trivy-system→kubectl edit configmap trivy-operator-config -n trivy-systemkubectl rollout restart deployment trivy-operator -n trivy-system
To enable Debug Mode in trivy-operator,
Change in edit configMap trivy-operator-config -n trivy-system the value → OPERATOR_LOG_DEV_MODE: „false“.
To get the new configmaps values update in the running container needs to be new rollout, see command above.
Install & configure ->
https://github.com/takumakume/sbomreport-to-dependencytrack/tree/main
Extract values to a file:
helm template sbomreport-to-dependencytrack/sbomreport-to-dependencytrack
into new file → dtrack-trivy-operator-values.yaml
Set secret api-key from Dependency Track manual for testing: 
kubectl create secret generic sbomreport-to-dependencytrack --from-literal=api-key=odt_secret_bla_bla_bla
Change according config lines in the file:
For “Namespace” information as Tag sortable / selectable.
Final solution to get additional tags for filtering according namespaces, it can be add tags into the “sbomreport-to-dependencytrack“ rollout 
config:apiKeySecretName: sbomreport-to-dependencytrackbaseUrl: "https://labor02-dtrack.youredomain.de"projectName: "[[.sbomReport.report.artifact.repository]]"projectVersion: "[[.sbomReport.report.artifact.tag]]"projectTags: "kube_namespace:[[.sbomReport.metadata.uid]],kube_namespace:[[.sbomReport.metadata.namespace]],kube_namespace:[[.sbomReport.metadata.name]]"
Install with: helm install sbom-export-to-operator sbomreport-to-dependencytrack/sbomreport-to-dependencytrack -f dtrack-trivy-operator-values.yaml
The “Trivy-Operator” and “sbomreport-to-dependencytrack” is now working well together
