Scanner Helm Values Reference
Key configurable values for the Ephor Scanner Helm chart. For the complete list, see deploy/helm/ephor-scanner/values.yaml.
Image
| Value | Default | Description |
|---|---|---|
image.repository | ephor-scanner | Container image repository |
image.tag | Chart appVersion | Image tag |
image.pullPolicy | IfNotPresent | Pull policy |
imagePullSecrets | [] | Image pull secrets for private registries |
Schedule
| Value | Default | Description |
|---|---|---|
schedule | 0 */6 * * * | CronJob schedule (cron expression) |
activeDeadlineSeconds | 3600 | Maximum job runtime in seconds |
successfulJobsHistoryLimit | 3 | Number of successful jobs to keep |
failedJobsHistoryLimit | 3 | Number of failed jobs to keep |
backoffLimit | 1 | Retry attempts for failed jobs |
Ephor API Connection
These values are stored in a Kubernetes Secret.
| Value | Default | Description |
|---|---|---|
ephor.apiUrl | "" | Ephor API base URL (required) |
ephor.authHeader | "" | Authentication header name |
ephor.authValue | "" | Authentication header value |
Scan Settings
These values are stored in a ConfigMap.
| Value | Default | Description |
|---|---|---|
scan.namespaces | "" | Comma-separated namespaces to scan (required) |
scan.concurrency | "3" | Parallel image scans |
scan.severity | "CRITICAL,HIGH,MEDIUM,LOW" | Severity filter |
scan.workloadTypes | "Deployment,StatefulSet,DaemonSet,CronJob" | Workload types to discover |
Trivy Settings
These values are stored in a ConfigMap.
| Value | Default | Description |
|---|---|---|
trivy.binary | "trivy" | Path to the Trivy binary |
trivy.cacheDir | "/tmp/trivy-cache" | Cache directory |
trivy.timeout | "300" | Per-image scan timeout (seconds) |
trivy.dbUpdateTimeout | "60" | DB update timeout (seconds) |
trivy.skipDbUpdate | "false" | Skip database update |
trivy.dbRepo | "" | Custom OCI repository for Trivy DB |
Logging
| Value | Default | Description |
|---|---|---|
log.level | "info" | Log level |
log.format | "json" | Log format |
Cache (PersistentVolumeClaim)
| Value | Default | Description |
|---|---|---|
cache.enabled | true | Persist Trivy DB across runs via PVC |
cache.storageClass | "" | Storage class (empty = cluster default) |
cache.size | 1Gi | PVC storage size |
cache.accessMode | ReadWriteOnce | PVC access mode |
Resources
| Value | Default | Description |
|---|---|---|
resources.requests.cpu | 100m | CPU request |
resources.requests.memory | 128Mi | Memory request |
resources.limits.cpu | "1" | CPU limit |
resources.limits.memory | 512Mi | Memory limit |
Service Account
| Value | Default | Description |
|---|---|---|
serviceAccount.create | true | Create a ServiceAccount |
serviceAccount.annotations | {} | ServiceAccount annotations |
serviceAccount.name | "" | Name override (defaults to release name) |
Scheduling
| Value | Default | Description |
|---|---|---|
nodeSelector | {} | Node selector constraints |
tolerations | [] | Pod tolerations |
affinity | {} | Pod affinity rules |
TIP
See deploy/helm/ephor-scanner/values.yaml for the full values file with inline comments.