Protect your Software Supply Chain.
Using this helm chart, you can integrate code security into your organization
- The deployment requires network access to the desired integration(SCM/Artifactory/CI tools).
- This deployment is not for Air gapped environments.
- Access Token/App Token for the specific integration.
- Available integrations(and how to generate access token):
Follow the steps in this section for production grade deployments. You can either clone aqua-helm git repo or you can add our helm private repository (https://helm.aquasec.com)
- Add Aqua Helm Repository
helm repo add aqua-helm https://helm.aquasec.com
helm repo update- Check for available chart versions by running the below command
helm search repo aqua-helm/codesec-agent --versions- Install the Agents
helm upgrade --install --namespace aqua-codesec <RELEASE_NAME> aqua-helm/codesec-agent \
--set credentials.aqua_key=<AQUA API KEY> \
--set credentials.aqua_secret=<AQUA API KEY SECRET> \
--set integration.source=<SOURCE> \
--set integration.url=<THE INTEGRATION URL> \
--set integration.username=<THE ACCESS TOKEN NAME OR ACCOUNT USERNAME> \
--set integration.password=<THE ACCESS TOKEN VALUE OR ACCOUNT PASSWORD> \In-order to deploy successfully there are mandatory and optional variables for certain occasions:
- Mandatory Aqua account credentials
- Mandatory Integration credentials
- Optional SSL credentials for Environments that are using CA and certificates
- Optional Http/s Proxy specification with no_proxy prefence to exclude specific domains from proxy
| Variable | Type | Description | Example |
|---|---|---|---|
| credentials.aqua_key | String | The Aqua account api key | |
| credentials.aqua_secret | String | The Aqua account api key secret | |
| integration.source | String(Enum) | The type of the integration (gitlab_server, azure_server, bitbucket_server,jenkins,nexus,jfrog_server) | "gitlab_server" |
| integration.url | String | The SCM/Artifactory/CI integration endpoint | "https://my-gitlab-server.com" |
| integration.username | String | The SCM/Artifactory/CI account username or access token name | |
| integration.password | String | The SCM/Artifactory/CI account password or access token value |
| Variable | Type | Description | Example | Default |
|---|---|---|---|---|
| ssl.enabled | Boolean | Enable usage of SSL Certificates | false | |
| ssl.ca | String | The CA file content | ||
| ssl.cert | String | The Certificate file content | ||
| ssl.key | String | The Certificate private key | ||
| proxy.http_proxy | String | The url of a proxy server to forward http:// protocol requests through | http://username:password@my-proxy-server.com:8080 | |
| proxy.https_proxy | String | The url of a proxy server to forward https:// protocol requests through | https://username:password@my-proxy-server.com | |
| proxy.no_proxy | String | Comma separated list of domains to exclude from proxying (Can be a single domain) | myserver.com,myserver.net,myserver.co | |
| connect.port | Number | The connector http service port | 9999 | |
| connect.service.port | Number | The connector service port | 9999 | |
| connect.service.annotations | Object | Any annotations for the Connector service | ||
| connect.resources | Object | Resource limitation for the connector deployment | {} | |
| connect.nodeSelector | Object | Node selector configuration for the connector deployment | {} | |
| connect.affinity | Object | Affinity configuration for the connector deployment | {} | |
| connect.tolerations | Object | Tolerations configuration for the connector deployment | {} | |
| connect.hostAliases | Object | Host Aliases configuration for the connector deployment | ||
| connect.extraEnv | Object | Extra environment variables to pass to the connect container. | {} | |
| scan.replicas | Number | Number of pod replicas for the "scanner" service. | 1 | |
| scan.resources | Object | Resource limitation for the scanner deployment | {} | |
| scan.nodeSelector | Object | Node selector configuration for the scanner deployment | {} | |
| scan.affinity | Object | Affinity configuration for the scanner deployment | {} | |
| scan.tolerations | Object | Tolerations configuration for the scanner deployment | {} | |
| scan.hostAliases | Object | Host Aliases configuration for the scanner deployment | ||
| scan.extraEnv | Object | Extra environment variables to pass to the scanner container. | {} |