From 21b1156542fe2301d6f38f6f10cc93d75f408fbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Elias=20H=C3=A4reskog?= <143416463+Eliastisys@users.noreply.github.com> Date: Wed, 10 Dec 2025 09:55:34 +0100 Subject: [PATCH 01/10] apps: fix velero snapshots (#2884) --- .../templates/default/volumes.yaml | 1 + .../networkpolicies/common/velero.yaml.gotmpl | 8 +++++ .../common/velero.yaml.gotmpl | 31 +++++++++++++++++-- helmfile.d/values/velero/sc.yaml.gotmpl | 1 + helmfile.d/values/velero/wc.yaml.gotmpl | 1 + 5 files changed, 40 insertions(+), 2 deletions(-) diff --git a/helmfile.d/charts/gatekeeper/podsecuritypolicies/templates/default/volumes.yaml b/helmfile.d/charts/gatekeeper/podsecuritypolicies/templates/default/volumes.yaml index cb076ed8cf..00057913ec 100644 --- a/helmfile.d/charts/gatekeeper/podsecuritypolicies/templates/default/volumes.yaml +++ b/helmfile.d/charts/gatekeeper/podsecuritypolicies/templates/default/volumes.yaml @@ -21,6 +21,7 @@ spec: volumes: - configMap - downwardAPI + - hostPath - emptyDir - persistentVolumeClaim - projected diff --git a/helmfile.d/values/networkpolicies/common/velero.yaml.gotmpl b/helmfile.d/values/networkpolicies/common/velero.yaml.gotmpl index bb7b44780c..82f36cdf73 100644 --- a/helmfile.d/values/networkpolicies/common/velero.yaml.gotmpl +++ b/helmfile.d/values/networkpolicies/common/velero.yaml.gotmpl @@ -33,3 +33,11 @@ policies: egress: - rule: egress-rule-dns - rule: egress-rule-apiserver + + velero-data-mover: + podSelectorLabels: + velero.io/exposer-pod-group: snapshot-exposer + egress: + - rule: egress-rule-dns + - rule: egress-rule-apiserver + - rule: egress-rule-object-storage diff --git a/helmfile.d/values/podsecuritypolicies/common/velero.yaml.gotmpl b/helmfile.d/values/podsecuritypolicies/common/velero.yaml.gotmpl index b51cc9eb7b..04ab336368 100644 --- a/helmfile.d/values/podsecuritypolicies/common/velero.yaml.gotmpl +++ b/helmfile.d/values/podsecuritypolicies/common/velero.yaml.gotmpl @@ -9,6 +9,7 @@ constraints: - emptyDir - projected - secret + - configMap allowedHostPaths: - pathPrefix: /var/lib/kubelet/pods readOnly: false @@ -25,16 +26,42 @@ constraints: allow: runAsUser: rule: MustRunAsNonRoot + volumes: + - hostPath + - emptyDir + - projected + - secret + - persistentVolumeClaim + - configMap + - downwardAPI + allowedHostPaths: + - pathPrefix: /var/lib/kubelet/pods + readOnly: false + - pathPrefix: /var/lib/kubelet/plugins + readOnly: false mutation: - runAsUser: 1000 + runAsUser: 1002 data-upload: podSelectorLabels: velero.io/exposer-pod-group: snapshot-exposer allow: runAsUser: rule: MustRunAsNonRoot + volumes: + - hostPath + - emptyDir + - projected + - secret + - persistentVolumeClaim + - configMap + - downwardAPI + allowedHostPaths: + - pathPrefix: /var/lib/kubelet/pods + readOnly: false + - pathPrefix: /var/lib/kubelet/plugins + readOnly: false mutation: - runAsUser: 1000 + runAsUser: 1002 repo-maintenance: podSelectorExpressions: - key: velero.io/repo-name diff --git a/helmfile.d/values/velero/sc.yaml.gotmpl b/helmfile.d/values/velero/sc.yaml.gotmpl index 92cee1997c..fb860a150b 100644 --- a/helmfile.d/values/velero/sc.yaml.gotmpl +++ b/helmfile.d/values/velero/sc.yaml.gotmpl @@ -134,6 +134,7 @@ schedules: template: storageLocation: default snapshotMoveData: {{ .Values.velero.useVolumeSnapshots }} + snapshotVolumes: {{ .Values.velero.useVolumeSnapshots }} labelSelector: matchLabels: velero: backup diff --git a/helmfile.d/values/velero/wc.yaml.gotmpl b/helmfile.d/values/velero/wc.yaml.gotmpl index ff2069fdc1..565cd52dcc 100644 --- a/helmfile.d/values/velero/wc.yaml.gotmpl +++ b/helmfile.d/values/velero/wc.yaml.gotmpl @@ -134,6 +134,7 @@ schedules: template: storageLocation: default snapshotMoveData: {{ .Values.velero.useVolumeSnapshots }} + snapshotVolumes: {{ .Values.velero.useVolumeSnapshots }} excludedNamespaces: {{- with .Values.velero.excludedNamespaces }} {{- toYaml . | nindent 8 }} From f495ba7a9183696187fb91e1b0025214118b4b1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rare=C8=99=20Cosma?= Date: Mon, 1 Dec 2025 11:24:43 +0100 Subject: [PATCH 02/10] chore: bump rclone to v1.72.0 (#2885) --- helmfile.d/lists/images.yaml | 2 +- images/rclone-sync/Dockerfile | 2 +- sbom/sbom.cdx.json | 5700 +++++++++++++++++++++++++++++++++ 3 files changed, 5702 insertions(+), 2 deletions(-) create mode 100644 sbom/sbom.cdx.json diff --git a/helmfile.d/lists/images.yaml b/helmfile.d/lists/images.yaml index 8f52f1fd70..2396cbc401 100644 --- a/helmfile.d/lists/images.yaml +++ b/helmfile.d/lists/images.yaml @@ -80,7 +80,7 @@ images: curatorCronjob: ghcr.io/elastisys/bitnami/elasticsearch-curator:5.8.4-debian-10-r235 exporter: quay.io/prometheuscommunity/elasticsearch-exporter:v1.7.0 rclone: - image: ghcr.io/elastisys/rclone-sync:1.70.3 + image: ghcr.io/elastisys/rclone-sync:1.72.0 tekton: controller: ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/controller:v0.45.0 remoteResolvers: ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/resolvers:v0.45.0 diff --git a/images/rclone-sync/Dockerfile b/images/rclone-sync/Dockerfile index 59709dadfb..d628f894f9 100644 --- a/images/rclone-sync/Dockerfile +++ b/images/rclone-sync/Dockerfile @@ -4,7 +4,7 @@ FROM ubuntu:rolling as download RUN apt-get update && apt-get install -y curl unzip # Install rclone -ENV RCLONE_VERSION="v1.70.3" +ENV RCLONE_VERSION="v1.72.0" RUN curl -O https://downloads.rclone.org/${RCLONE_VERSION}/rclone-${RCLONE_VERSION}-linux-amd64.zip && \ unzip rclone-${RCLONE_VERSION}-linux-amd64.zip && \ cd rclone-*-linux-amd64 && \ diff --git a/sbom/sbom.cdx.json b/sbom/sbom.cdx.json new file mode 100644 index 0000000000..2095a86f92 --- /dev/null +++ b/sbom/sbom.cdx.json @@ -0,0 +1,5700 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:b57a8c32-510d-4a08-849f-5c786f5c0372", + "version": 1, + "metadata": { + "timestamp": "2025-11-28T14:39:31Z", + "lifecycles": [ + { + "phase": "build" + } + ], + "tools": { + "components": [ + { + "bom-ref": "pkg:golang/github.com/elastisys/sbom-generator@1.0.0", + "type": "application", + "authors": [ + { + "name": "Elastisys" + } + ], + "publisher": "Elastisys", + "name": "sbom-generator", + "version": "1.0.0", + "purl": "pkg:golang/github.com/elastisys/sbom-generator@1.0.0" + } + ] + }, + "authors": [ + { + "name": "Elastisys" + } + ], + "component": { + "bom-ref": "pkg:generic/compliantkubernetes-apps@latest", + "type": "application", + "name": "compliantkubernetes-apps", + "version": "latest", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:generic/compliantkubernetes-apps@latest", + "properties": [ + { + "name": "vcs:tag", + "value": "latest" + } + ] + }, + "manufacturer": { + "name": "Elastisys" + }, + "supplier": { + "name": "Elastisys" + }, + "properties": [ + { + "name": "cdx:bom:componentTypes", + "value": "helm" + } + ] + }, + "components": [ + { + "bom-ref": "pkg:helm/autoscaling-monitoring@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "autoscaling-monitoring", + "version": "0.1.0", + "description": "A Helm chart for installing a Service and ServiceMonitor for Cluster Autoscaler", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/autoscaling-monitoring@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/autoscaling-monitoring" + } + ] + } + }, + { + "bom-ref": "pkg:helm/calico-accountant@0.1.1", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "calico-accountant", + "version": "0.1.1", + "description": "A Helm chart for calico-accountant, see https://github.com/monzo/calico-accountant", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/calico-accountant@0.1.1", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/calico-accountant" + } + ] + } + }, + { + "bom-ref": "pkg:helm/calico-default-deny@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "calico-default-deny", + "version": "0.1.0", + "description": "A Helm chart for calico default deny network policies", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/calico-default-deny@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/calico-default-deny" + } + ] + } + }, + { + "bom-ref": "pkg:helm/calico-felix-metrics@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "calico-felix-metrics", + "version": "0.1.0", + "description": "A Helm chart for calico-felix-metrics", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/calico-felix-metrics@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/calico-felix-metrics" + } + ] + } + }, + { + "bom-ref": "pkg:helm/cert-manager@v1.18.3", + "type": "library", + "supplier": { + "name": "cert-manager" + }, + "name": "cert-manager", + "version": "v1.18.3", + "description": "A Helm chart for cert-manager", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/cert-manager@v1.18.3", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/jetstack/cert-manager" + } + ] + } + }, + { + "bom-ref": "pkg:helm/cilium-default-deny@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "cilium-default-deny", + "version": "0.1.0", + "description": "A Helm chart for cilium default deny network policies", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/cilium-default-deny@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/cilium-default-deny" + } + ] + } + }, + { + "bom-ref": "pkg:helm/cluster-admin-rbac@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "cluster-admin-rbac", + "version": "0.1.0", + "description": "A Helm chart for cluster-admin RBAC", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/cluster-admin-rbac@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/cluster-admin-rbac" + } + ] + } + }, + { + "bom-ref": "pkg:helm/common@2.29.0", + "type": "library", + "supplier": { + "name": "Broadcom, Inc. All Rights Reserved." + }, + "name": "common", + "version": "2.29.0", + "description": "A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/common@2.29.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/fluentd/aggregator/charts/common" + } + ] + } + }, + { + "bom-ref": "pkg:helm/common@2.30.0", + "type": "library", + "supplier": { + "name": "Broadcom, Inc. All Rights Reserved." + }, + "name": "common", + "version": "2.30.0", + "description": "A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/common@2.30.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/bitnami/thanos/charts/common" + } + ] + } + }, + { + "bom-ref": "pkg:helm/crds@0.0.0", + "type": "library", + "supplier": { + "name": "The Prometheus Community project" + }, + "name": "crds", + "version": "0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/crds@0.0.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/prometheus-community/kube-prometheus-stack/charts/crds" + } + ] + } + }, + { + "bom-ref": "pkg:helm/crds@3.3.6", + "type": "library", + "supplier": { + "name": "The Kyverno project" + }, + "name": "crds", + "version": "3.3.6", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/crds@3.3.6", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/kyverno/kyverno/charts/crds" + } + ] + } + }, + { + "bom-ref": "pkg:helm/crossplane-packages@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "crossplane-packages", + "version": "0.1.0", + "description": "Crossplane Providers and Functions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/crossplane-packages@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/crossplane/packages" + } + ] + } + }, + { + "bom-ref": "pkg:helm/crossplane@2.0.2", + "type": "library", + "supplier": { + "name": "Crossplane Maintainers" + }, + "name": "crossplane", + "version": "2.0.2", + "description": "Crossplane is an open source Kubernetes add-on that enables platform teams to assemble infrastructure from multiple vendors, and expose higher level self-service APIs for application teams to consume.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/crossplane@2.0.2", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/crossplane-stable/crossplane" + } + ] + } + }, + { + "bom-ref": "pkg:helm/dex@0.18.0", + "type": "library", + "supplier": { + "name": "dexidp" + }, + "name": "dex", + "version": "0.18.0", + "description": "OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/dex@0.18.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/dexidp/dex" + } + ] + } + }, + { + "bom-ref": "pkg:helm/external-dns-endpoints@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "external-dns-endpoints", + "version": "0.1.0", + "description": "This chart is for adding endpoints for ExternalDNS.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/external-dns-endpoints@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/external-dns-endpoints" + } + ] + } + }, + { + "bom-ref": "pkg:helm/external-dns-secrets@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "external-dns-secrets", + "version": "0.1.0", + "description": "This chart is for adding secrets for ExternalDNS.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/external-dns-secrets@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/external-dns-secrets" + } + ] + } + }, + { + "bom-ref": "pkg:helm/external-dns@1.14.4", + "type": "library", + "supplier": { + "name": "kubernetes-sigs" + }, + "name": "external-dns", + "version": "1.14.4", + "description": "ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/external-dns@1.14.4", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/kubernetes-external-dns/external-dns" + } + ] + } + }, + { + "bom-ref": "pkg:helm/falco-talon@0.3.0", + "type": "library", + "supplier": { + "name": "falcosecurity" + }, + "name": "falco-talon", + "version": "0.3.0", + "description": "React to the events from Falco", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/falco-talon@0.3.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/falcosecurity/falco/charts/falco-talon" + } + ] + } + }, + { + "bom-ref": "pkg:helm/falco@6.0.2", + "type": "library", + "supplier": { + "name": "The Falco Authors" + }, + "name": "falco", + "version": "6.0.2", + "description": "Falco", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/falco@6.0.2", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/falcosecurity/falco" + } + ] + } + }, + { + "bom-ref": "pkg:helm/falcosidekick@0.9.11", + "type": "library", + "supplier": { + "name": "falcosecurity" + }, + "name": "falcosidekick", + "version": "0.9.11", + "description": "Connect Falco to your ecosystem", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/falcosidekick@0.9.11", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/falcosecurity/falco/charts/falcosidekick" + } + ] + } + }, + { + "bom-ref": "pkg:helm/file-copier@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "file-copier", + "version": "0.1.0", + "description": "This chart is for copying files to hosts.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/file-copier@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/file-copier" + } + ] + } + }, + { + "bom-ref": "pkg:helm/fluentd-elasticsearch@13.12.2", + "type": "library", + "supplier": { + "name": "kokuwaio" + }, + "name": "fluentd-elasticsearch", + "version": "13.12.2", + "description": "A Fluentd Helm chart for Kubernetes with Elasticsearch output", + "licenses": [ + { + "license": { + "id": "GPL-3.0" + } + } + ], + "purl": "pkg:helm/fluentd-elasticsearch@13.12.2", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/fluentd/forwarder" + } + ] + } + }, + { + "bom-ref": "pkg:helm/fluentd@7.1.1", + "type": "library", + "supplier": { + "name": "Broadcom, Inc. All Rights Reserved." + }, + "name": "fluentd", + "version": "7.1.1", + "description": "Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/fluentd@7.1.1", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/fluentd/aggregator" + } + ] + } + }, + { + "bom-ref": "pkg:helm/gatekeeper-constraints@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "gatekeeper-constraints", + "version": "0.1.0", + "description": "A Helm chart for Kubernetes", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/gatekeeper-constraints@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/gatekeeper/constraints" + } + ] + } + }, + { + "bom-ref": "pkg:helm/gatekeeper-metrics@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "gatekeeper-metrics", + "version": "0.1.0", + "description": "A Helm chart for Gatekeeper metrics", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/gatekeeper-metrics@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/gatekeeper/metrics" + } + ] + } + }, + { + "bom-ref": "pkg:helm/gatekeeper-mutations@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "gatekeeper-mutations", + "version": "0.1.0", + "description": "A helm chart containing various gatekeeper mutations", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/gatekeeper-mutations@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/gatekeeper/mutations" + } + ] + } + }, + { + "bom-ref": "pkg:helm/gatekeeper-templates@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "gatekeeper-templates", + "version": "0.1.0", + "description": "Gatekeeper constraint templates", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/gatekeeper-templates@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/gatekeeper/templates" + } + ] + } + }, + { + "bom-ref": "pkg:helm/gatekeeper@3.20.1", + "type": "library", + "supplier": { + "name": "open-policy-agent" + }, + "name": "gatekeeper", + "version": "3.20.1", + "description": "A Helm chart for Gatekeeper", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/gatekeeper@3.20.1", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/open-policy-agent-gatekeeper/gatekeeper" + } + ] + } + }, + { + "bom-ref": "pkg:helm/gpu-operator@v24.9.2", + "type": "library", + "supplier": { + "name": "NVIDIA" + }, + "name": "gpu-operator", + "version": "v24.9.2", + "description": "NVIDIA GPU Operator creates/configures/manages GPUs atop Kubernetes", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/gpu-operator@v24.9.2", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/nvidia/gpu-operator" + } + ] + } + }, + { + "bom-ref": "pkg:helm/grafana-dashboards@0.3.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "grafana-dashboards", + "version": "0.3.0", + "description": "A Helm chart for Grafana dashboards for operators", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/grafana-dashboards@0.3.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/grafana-dashboards" + } + ] + } + }, + { + "bom-ref": "pkg:helm/grafana-label-enforcer@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "grafana-label-enforcer", + "version": "0.1.0", + "description": "A Helm chart for the prometheus label proxy https://github.com/prometheus-community/prom-label-proxy", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/grafana-label-enforcer@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/grafana-label-enforcer" + } + ] + } + }, + { + "bom-ref": "pkg:helm/grafana@10.0.0", + "type": "library", + "supplier": { + "name": "grafana" + }, + "name": "grafana", + "version": "10.0.0", + "description": "The leading tool for querying and visualizing time series and metrics.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/grafana@10.0.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/prometheus-community/kube-prometheus-stack/charts/grafana" + } + ] + } + }, + { + "bom-ref": "pkg:helm/grafana@3.3.6", + "type": "library", + "supplier": { + "name": "The Kyverno project" + }, + "name": "grafana", + "version": "3.3.6", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/grafana@3.3.6", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/kyverno/kyverno/charts/grafana" + } + ] + } + }, + { + "bom-ref": "pkg:helm/grafana@9.2.10", + "type": "library", + "supplier": { + "name": "grafana" + }, + "name": "grafana", + "version": "9.2.10", + "description": "The leading tool for querying and visualizing time series and metrics.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/grafana@9.2.10", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/grafana/grafana" + } + ] + } + }, + { + "bom-ref": "pkg:helm/harbor-backup@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "harbor-backup", + "version": "0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/harbor-backup@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/harbor/harbor-backup" + } + ] + } + }, + { + "bom-ref": "pkg:helm/harbor-certs@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "harbor-certs", + "version": "0.1.0", + "description": "This chart creates the certificates used internally by harbor", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/harbor-certs@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/harbor/harbor-certs" + } + ] + } + }, + { + "bom-ref": "pkg:helm/harbor-mpu-cleaner@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "harbor-mpu-cleaner", + "version": "0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/harbor-mpu-cleaner@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/harbor/harbor-mpu-cleaner" + } + ] + } + }, + { + "bom-ref": "pkg:helm/harbor@1.17.1", + "type": "library", + "supplier": { + "name": "Yan Wang" + }, + "name": "harbor", + "version": "1.17.1", + "description": "An open source trusted cloud native registry that stores, signs, and scans content", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/harbor@1.17.1", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/goharbor/harbor" + } + ] + } + }, + { + "bom-ref": "pkg:helm/hnc-config@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "hnc-config", + "version": "0.1.0", + "description": "Helm chart for Hierarchical Namespace Controller config and CRDs", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/hnc-config@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/hnc/config-and-crds" + } + ] + } + }, + { + "bom-ref": "pkg:helm/hnc@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "hnc", + "version": "0.1.0", + "description": "Helm chart for Hierarchical Namespace Controller", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/hnc@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/hnc/controller" + } + ] + } + }, + { + "bom-ref": "pkg:helm/ingress-nginx-probe-ingress@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "ingress-nginx-probe-ingress", + "version": "0.1.0", + "description": "A Helm chart for Kubernetes", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/ingress-nginx-probe-ingress@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/ingress-nginx-probe-ingress" + } + ] + } + }, + { + "bom-ref": "pkg:helm/ingress-nginx@4.13.3", + "type": "library", + "supplier": { + "name": "kubernetes" + }, + "name": "ingress-nginx", + "version": "4.13.3", + "description": "Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/ingress-nginx@4.13.3", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/kubernetes-ingress-nginx/ingress-nginx" + } + ] + } + }, + { + "bom-ref": "pkg:helm/init-harbor@0.2.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "init-harbor", + "version": "0.2.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/init-harbor@0.2.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/harbor/init-harbor" + } + ] + } + }, + { + "bom-ref": "pkg:helm/k8s-metacollector@0.1.10", + "type": "library", + "supplier": { + "name": "The Falco Authors" + }, + "name": "k8s-metacollector", + "version": "0.1.10", + "description": "Install k8s-metacollector to fetch and distribute Kubernetes metadata to Falco instances.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/k8s-metacollector@0.1.10", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/falcosecurity/falco/charts/k8s-metacollector" + } + ] + } + }, + { + "bom-ref": "pkg:helm/kube-prometheus-stack@77.11.1", + "type": "library", + "supplier": { + "name": "prometheus-community" + }, + "name": "kube-prometheus-stack", + "version": "77.11.1", + "description": "kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/kube-prometheus-stack@77.11.1", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/prometheus-community/kube-prometheus-stack" + } + ] + } + }, + { + "bom-ref": "pkg:helm/kube-state-metrics-extra-resource-metrics@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "kube-state-metrics-extra-resource-metrics", + "version": "0.1.0", + "description": "A Helm chart for Kubernetes", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/kube-state-metrics-extra-resource-metrics@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/kube-state-metrics-extra-resource-metrics" + } + ] + } + }, + { + "bom-ref": "pkg:helm/kube-state-metrics@6.3.0", + "type": "library", + "supplier": { + "name": "kubernetes" + }, + "name": "kube-state-metrics", + "version": "6.3.0", + "description": "Install kube-state-metrics to generate and expose cluster-level metrics", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/kube-state-metrics@6.3.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/prometheus-community/kube-prometheus-stack/charts/kube-state-metrics" + } + ] + } + }, + { + "bom-ref": "pkg:helm/kubeapi-metrics@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "kubeapi-metrics", + "version": "0.1.0", + "description": "A Helm chart for Kubernetes", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/kubeapi-metrics@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/kubeapi-metrics" + } + ] + } + }, + { + "bom-ref": "pkg:helm/kured-secret@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "kured-secret", + "version": "0.1.0", + "description": "This chart is for adding secrets to kured.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/kured-secret@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/kured-secret" + } + ] + } + }, + { + "bom-ref": "pkg:helm/kured@5.10.0", + "type": "library", + "supplier": { + "name": "kubereboot" + }, + "name": "kured", + "version": "5.10.0", + "description": "A Helm chart for kured", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/kured@5.10.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/kubereboot/kured" + } + ] + } + }, + { + "bom-ref": "pkg:helm/kyverno-policies@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "kyverno-policies", + "version": "0.1.0", + "description": "Kyverno policies", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/kyverno-policies@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/kyverno-policies" + } + ] + } + }, + { + "bom-ref": "pkg:helm/kyverno@3.3.6", + "type": "library", + "supplier": { + "name": "kyverno" + }, + "name": "kyverno", + "version": "3.3.6", + "description": "Kubernetes Native Policy Management", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/kyverno@3.3.6", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/kyverno/kyverno" + } + ] + } + }, + { + "bom-ref": "pkg:helm/letsencrypt@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "letsencrypt", + "version": "0.1.0", + "description": "A Helm chart for creating letsencrypt issuers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/letsencrypt@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/issuers" + } + ] + } + }, + { + "bom-ref": "pkg:helm/log-manager@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "log-manager", + "version": "0.1.0", + "description": "log manager for Welkin", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/log-manager@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/log-manager" + } + ] + } + }, + { + "bom-ref": "pkg:helm/metrics-server@3.13.0", + "type": "library", + "supplier": { + "name": "kubernetes-sigs" + }, + "name": "metrics-server", + "version": "3.13.0", + "description": "Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/metrics-server@3.13.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/kubernetes-metrics-server/metrics-server" + } + ] + } + }, + { + "bom-ref": "pkg:helm/minio@15.0.5", + "type": "library", + "supplier": { + "name": "Broadcom, Inc. All Rights Reserved." + }, + "name": "minio", + "version": "15.0.5", + "description": "MinIO(R) is an object storage server, compatible with Amazon S3 cloud storage service, mainly used for storing unstructured data (such as photos, videos, log files, etc.).", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/minio@15.0.5", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/bitnami/thanos/charts/minio" + } + ] + } + }, + { + "bom-ref": "pkg:helm/minio@5.0.14", + "type": "library", + "supplier": { + "name": "MinIO, Inc" + }, + "name": "minio", + "version": "5.0.14", + "description": "Multi-Cloud Object Storage", + "licenses": [ + { + "license": { + "id": "AGPL-3.0" + } + } + ], + "purl": "pkg:helm/minio@5.0.14", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/minio/minio" + } + ] + } + }, + { + "bom-ref": "pkg:helm/namespaces@0.1.1", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "namespaces", + "version": "0.1.1", + "description": "A Helm chart for creating namespaces for sc and wc", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/namespaces@0.1.1", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/namespaces" + } + ] + } + }, + { + "bom-ref": "pkg:helm/networkpolicy-generator@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "networkpolicy-generator", + "version": "0.1.0", + "description": "generate networkpolicies with simplified, stackable, and reusable definitions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/networkpolicy-generator@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/networkpolicy/generator" + } + ] + } + }, + { + "bom-ref": "pkg:helm/networkpolicy-service@0.2.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "networkpolicy-service", + "version": "0.2.0", + "description": "This chart will contain the Network Policies common for both service cluster and workload cluster(s).", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/networkpolicy-service@0.2.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/networkpolicy/common" + } + ] + } + }, + { + "bom-ref": "pkg:helm/networkpolicy-workload@0.2.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "networkpolicy-workload", + "version": "0.2.0", + "description": "This chart will contain the Network Policies for workload cluster.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/networkpolicy-workload@0.2.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/networkpolicy/workload-cluster" + } + ] + } + }, + { + "bom-ref": "pkg:helm/node-feature-discovery@0.16.6", + "type": "library", + "supplier": { + "name": "kubernetes-sigs" + }, + "name": "node-feature-discovery", + "version": "0.16.6", + "description": "Detects hardware features available on each node in a Kubernetes cluster, and advertises those features using node labels. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/node-feature-discovery@0.16.6", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/nvidia/gpu-operator/charts/node-feature-discovery" + } + ] + } + }, + { + "bom-ref": "pkg:helm/node-local-dns@0.1.1", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "node-local-dns", + "version": "0.1.1", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/node-local-dns@0.1.1", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/node-local-dns" + } + ] + } + }, + { + "bom-ref": "pkg:helm/opensearch-configurer@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "opensearch-configurer", + "version": "0.1.0", + "description": "A Helm chart for Kubernetes", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/opensearch-configurer@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/opensearch/configurer" + } + ] + } + }, + { + "bom-ref": "pkg:helm/opensearch-curator@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "opensearch-curator", + "version": "0.1.0", + "description": "A Helm chart for Kubernetes", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/opensearch-curator@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/opensearch/curator" + } + ] + } + }, + { + "bom-ref": "pkg:helm/opensearch-dashboards@2.31.0", + "type": "library", + "supplier": { + "name": "The Opensearch Project project" + }, + "name": "opensearch-dashboards", + "version": "2.31.0", + "description": "A Helm chart for OpenSearch Dashboards", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/opensearch-dashboards@2.31.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/opensearch-project/opensearch-dashboards" + } + ] + } + }, + { + "bom-ref": "pkg:helm/opensearch-secrets@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "opensearch-secrets", + "version": "0.1.0", + "description": "OpenSearch secrets", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/opensearch-secrets@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/opensearch/secrets" + } + ] + } + }, + { + "bom-ref": "pkg:helm/opensearch-securityadmin@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "opensearch-securityadmin", + "version": "0.1.0", + "description": "A Helm chart for Kubernetes", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/opensearch-securityadmin@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/opensearch/securityadmin" + } + ] + } + }, + { + "bom-ref": "pkg:helm/opensearch@2.35.0", + "type": "library", + "supplier": { + "name": "opensearch-project" + }, + "name": "opensearch", + "version": "2.35.0", + "description": "A Helm chart for OpenSearch", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/opensearch@2.35.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/opensearch-project/opensearch" + } + ] + } + }, + { + "bom-ref": "pkg:helm/openstack-monitoring@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "openstack-monitoring", + "version": "0.1.0", + "description": "A Helm chart for Kubernetes", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/openstack-monitoring@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/openstack-monitoring" + } + ] + } + }, + { + "bom-ref": "pkg:helm/podsecuritypolicies@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "podsecuritypolicies", + "version": "0.1.0", + "description": "Helm chart for common gatekeeper PSP for both clusters", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/podsecuritypolicies@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/gatekeeper/podsecuritypolicies" + } + ] + } + }, + { + "bom-ref": "pkg:helm/prometheus-alerts@0.1.1", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "prometheus-alerts", + "version": "0.1.1", + "description": "A Helm chart for Kubernetes", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/prometheus-alerts@0.1.1", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/prometheus-alerts" + } + ] + } + }, + { + "bom-ref": "pkg:helm/prometheus-blackbox-exporter@11.3.1", + "type": "library", + "supplier": { + "name": "prometheus" + }, + "name": "prometheus-blackbox-exporter", + "version": "11.3.1", + "description": "Prometheus Blackbox Exporter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/prometheus-blackbox-exporter@11.3.1", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/prometheus-community/prometheus-blackbox-exporter" + } + ] + } + }, + { + "bom-ref": "pkg:helm/prometheus-elasticsearch-exporter@6.1.0", + "type": "library", + "supplier": { + "name": "prometheus-community" + }, + "name": "prometheus-elasticsearch-exporter", + "version": "6.1.0", + "description": "Elasticsearch stats exporter for Prometheus", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/prometheus-elasticsearch-exporter@6.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/prometheus-community/prometheus-elasticsearch-exporter" + } + ] + } + }, + { + "bom-ref": "pkg:helm/prometheus-node-exporter@4.48.0", + "type": "library", + "supplier": { + "name": "prometheus" + }, + "name": "prometheus-node-exporter", + "version": "4.48.0", + "description": "A Helm chart for prometheus node-exporter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/prometheus-node-exporter@4.48.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/prometheus-community/kube-prometheus-stack/charts/prometheus-node-exporter" + } + ] + } + }, + { + "bom-ref": "pkg:helm/prometheus-servicemonitor@0.1.1", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "prometheus-servicemonitor", + "version": "0.1.1", + "description": "A Helm chart for the prometheus-servicemonitor in both the wc and sc cluster", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/prometheus-servicemonitor@0.1.1", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/prometheus-servicemonitor" + } + ] + } + }, + { + "bom-ref": "pkg:helm/prometheus-windows-exporter@0.12.2", + "type": "library", + "supplier": { + "name": "Jan-Otto Kröpke" + }, + "name": "prometheus-windows-exporter", + "version": "0.12.2", + "description": "A Helm chart for prometheus windows-exporter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:helm/prometheus-windows-exporter@0.12.2", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/prometheus-community/kube-prometheus-stack/charts/prometheus-windows-exporter" + } + ] + } + }, + { + "bom-ref": "pkg:helm/rclone@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "rclone", + "version": "0.1.0", + "description": "Run cronjobs with rclone", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/rclone@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/rclone" + } + ] + } + }, + { + "bom-ref": "pkg:helm/s3-exporter@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "s3-exporter", + "version": "0.1.0", + "description": "A Helm chart for s3_exporter: https://github.com/ribbybibby/s3_exporter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/s3-exporter@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/s3-exporter" + } + ] + } + }, + { + "bom-ref": "pkg:helm/tekton-monitoring@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "tekton-monitoring", + "version": "0.1.0", + "description": "A Helm chart for monitoring the Tekton pipelines controller", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/tekton-monitoring@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/tekton-monitoring" + } + ] + } + }, + { + "bom-ref": "pkg:helm/tekton-pipeline@1.1.0", + "type": "library", + "supplier": { + "name": "The Tekton project" + }, + "name": "tekton-pipeline", + "version": "1.1.0", + "description": "A Helm chart for Tekton Pipelines", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/tekton-pipeline@1.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/tekton/tekton-pipeline" + } + ] + } + }, + { + "bom-ref": "pkg:helm/thanos-ingress-secret@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "thanos-ingress-secret", + "version": "0.1.0", + "description": "A Helm chart for Kubernetes", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/thanos-ingress-secret@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/thanos/ingress-secret" + } + ] + } + }, + { + "bom-ref": "pkg:helm/thanos-ruler@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "thanos-ruler", + "version": "0.1.0", + "description": "thanos ruler dummy for prometheus operator to collect prometheus rules", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/thanos-ruler@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/thanos/ruler" + } + ] + } + }, + { + "bom-ref": "pkg:helm/thanos@15.13.1", + "type": "library", + "supplier": { + "name": "Broadcom, Inc. All Rights Reserved." + }, + "name": "thanos", + "version": "15.13.1", + "description": "Thanos is a highly available metrics system that can be added on top of existing Prometheus deployments, providing a global query view across all Prometheus installations.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/thanos@15.13.1", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/bitnami/thanos" + } + ] + } + }, + { + "bom-ref": "pkg:helm/tigera-operator@v3.26.4", + "type": "library", + "supplier": { + "name": "projectcalico" + }, + "name": "tigera-operator", + "version": "v3.26.4", + "description": "Installs the Tigera operator for Calico", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/tigera-operator@v3.26.4", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/projectcalico/tigera-operator" + } + ] + } + }, + { + "bom-ref": "pkg:helm/trivy-operator@0.31.0", + "type": "library", + "supplier": { + "name": "aquasecurity" + }, + "name": "trivy-operator", + "version": "0.31.0", + "description": "Keeps security report resources updated", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/trivy-operator@0.31.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/aquasecurity/trivy-operator" + } + ] + } + }, + { + "bom-ref": "pkg:helm/user-crds@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "user-crds", + "version": "0.1.0", + "description": "A Helm chart for Kubernetes", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/user-crds@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/user-crds" + } + ] + } + }, + { + "bom-ref": "pkg:helm/user-rbac@0.1.0", + "type": "library", + "supplier": { + "name": "Elastisys" + }, + "name": "user-rbac", + "version": "0.1.0", + "description": "A Helm chart for Kubernetes", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/user-rbac@0.1.0", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/charts/user-rbac" + } + ] + } + }, + { + "bom-ref": "pkg:helm/velero@10.0.11", + "type": "library", + "supplier": { + "name": "vmware-tanzu" + }, + "name": "velero", + "version": "10.0.11", + "description": "A Helm chart for velero", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:helm/velero@10.0.11", + "properties": [ + { + "name": "Elastisys evaluation", + "value": "Not evaluated" + } + ], + "evidence": { + "occurrences": [ + { + "location": "helmfile.d/upstream/vmware-tanzu/velero" + } + ] + } + }, + { + "bom-ref": "pkg:oci/aquasec/trivy-checks@1", + "type": "container", + "supplier": { + "name": "aquasec" + }, + "name": "aquasec/trivy-checks", + "version": "1", + "cpe": "cpe:2.3:a:aquasec:trivy-checks:1:*:*:*:*:*:*:*", + "purl": "pkg:oci/aquasec/trivy-checks@1" + }, + { + "bom-ref": "pkg:oci/aquasec/trivy-operator@0.29.0?repository_url=mirror.gcr.io", + "type": "container", + "supplier": { + "name": "aquasec" + }, + "name": "mirror.gcr.io/aquasec/trivy-operator", + "version": "0.29.0", + "cpe": "cpe:2.3:a:aquasec:trivy-operator:0.29.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/aquasec/trivy-operator@0.29.0?repository_url=mirror.gcr.io" + }, + { + "bom-ref": "pkg:oci/aquasec/trivy@0.66.0", + "type": "container", + "supplier": { + "name": "aquasec" + }, + "name": "aquasec/trivy", + "version": "0.66.0", + "cpe": "cpe:2.3:a:aquasec:trivy:0.66.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/aquasec/trivy@0.66.0" + }, + { + "bom-ref": "pkg:oci/aquasecurity/node-collector@0.3.1", + "type": "container", + "supplier": { + "name": "aquasecurity" + }, + "name": "aquasecurity/node-collector", + "version": "0.3.1", + "cpe": "cpe:2.3:a:aquasecurity:node-collector:0.3.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/aquasecurity/node-collector@0.3.1" + }, + { + "bom-ref": "pkg:oci/autoscaling/addon-resizer@1.8.23?repository_url=registry.k8s.io", + "type": "container", + "supplier": { + "name": "autoscaling" + }, + "name": "registry.k8s.io/autoscaling/addon-resizer", + "version": "1.8.23", + "cpe": "cpe:2.3:a:kubernetes:addon-resizer:1.8.23:*:*:*:*:*:*:*", + "purl": "pkg:oci/autoscaling/addon-resizer@1.8.23?repository_url=registry.k8s.io" + }, + { + "bom-ref": "pkg:oci/bats/bats@v1.4.1", + "type": "container", + "supplier": { + "name": "bats" + }, + "name": "bats/bats", + "version": "v1.4.1", + "cpe": "cpe:2.3:a:bats:bats:1.4.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/bats/bats@v1.4.1" + }, + { + "bom-ref": "pkg:oci/bitnami/fluentd@1.18.0-debian-12-r1", + "type": "container", + "supplier": { + "name": "bitnami" + }, + "name": "bitnami/fluentd", + "version": "1.18.0-debian-12-r1", + "cpe": "cpe:2.3:a:bitnami:fluentd:1.18.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/bitnami/fluentd@1.18.0-debian-12-r1" + }, + { + "bom-ref": "pkg:oci/bitnami/kubectl@1.16.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "bitnami" + }, + "name": "docker.io/bitnami/kubectl", + "version": "1.16.1", + "cpe": "cpe:2.3:a:bitnami:kubectl:1.16.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/bitnami/kubectl@1.16.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/bitnami/kubectl@1.25?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "bitnami" + }, + "name": "docker.io/bitnami/kubectl", + "version": "1.25", + "cpe": "cpe:2.3:a:bitnami:kubectl:1.25:*:*:*:*:*:*:*", + "purl": "pkg:oci/bitnami/kubectl@1.25?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/bitnami/kubectl@1.30.2", + "type": "container", + "supplier": { + "name": "bitnami" + }, + "name": "bitnami/kubectl", + "version": "1.30.2", + "cpe": "cpe:2.3:a:bitnami:kubectl:1.30.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/bitnami/kubectl@1.30.2" + }, + { + "bom-ref": "pkg:oci/bitnami/minio-client@2025.2.21-debian-12-r0", + "type": "container", + "supplier": { + "name": "bitnami" + }, + "name": "bitnami/minio-client", + "version": "2025.2.21-debian-12-r0", + "cpe": "cpe:2.3:a:bitnami:minio-client:2025.2.21:*:*:*:*:*:*:*", + "purl": "pkg:oci/bitnami/minio-client@2025.2.21-debian-12-r0" + }, + { + "bom-ref": "pkg:oci/bitnami/minio@2025.2.28-debian-12-r0", + "type": "container", + "supplier": { + "name": "bitnami" + }, + "name": "bitnami/minio", + "version": "2025.2.28-debian-12-r0", + "cpe": "cpe:2.3:a:bitnami:minio:2025.2.28:*:*:*:*:*:*:*", + "purl": "pkg:oci/bitnami/minio@2025.2.28-debian-12-r0" + }, + { + "bom-ref": "pkg:oci/bitnami/os-shell@12-debian-12-r39", + "type": "container", + "supplier": { + "name": "bitnami" + }, + "name": "bitnami/os-shell", + "version": "12-debian-12-r39", + "cpe": "cpe:2.3:a:bitnami:os-shell:12:*:*:*:*:*:*:*", + "purl": "pkg:oci/bitnami/os-shell@12-debian-12-r39" + }, + { + "bom-ref": "pkg:oci/bitnami/thanos@0.37.2-debian-12-r8", + "type": "container", + "supplier": { + "name": "bitnami" + }, + "name": "bitnami/thanos", + "version": "0.37.2-debian-12-r8", + "cpe": "cpe:2.3:a:bitnami:thanos:0.37.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/bitnami/thanos@0.37.2-debian-12-r8" + }, + { + "bom-ref": "pkg:oci/brancz/kube-rbac-proxy@v0.19.1", + "type": "container", + "supplier": { + "name": "brancz" + }, + "name": "brancz/kube-rbac-proxy", + "version": "v0.19.1", + "cpe": "cpe:2.3:a:brancz:kube-rbac-proxy:0.19.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/brancz/kube-rbac-proxy@v0.19.1" + }, + { + "bom-ref": "pkg:oci/brancz/kube-rbac-proxy@v0.20.0", + "type": "container", + "supplier": { + "name": "brancz" + }, + "name": "brancz/kube-rbac-proxy", + "version": "v0.20.0", + "cpe": "cpe:2.3:a:brancz:kube-rbac-proxy:0.20.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/brancz/kube-rbac-proxy@v0.20.0" + }, + { + "bom-ref": "pkg:oci/calico/ctl@v3.26.4?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "calico" + }, + "name": "docker.io/calico/ctl", + "version": "v3.26.4", + "cpe": "cpe:2.3:a:calico:ctl:3.26.4:*:*:*:*:*:*:*", + "purl": "pkg:oci/calico/ctl@v3.26.4?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/crossplane-contrib/function-auto-ready@v0.5.0?repository_url=xpkg.crossplane.io", + "type": "container", + "supplier": { + "name": "crossplane-contrib" + }, + "name": "xpkg.crossplane.io/crossplane-contrib/function-auto-ready", + "version": "v0.5.0", + "cpe": "cpe:2.3:a:crossplane-contrib:function-auto-ready:0.5.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/crossplane-contrib/function-auto-ready@v0.5.0?repository_url=xpkg.crossplane.io" + }, + { + "bom-ref": "pkg:oci/crossplane-contrib/function-go-templating@v0.11.0?repository_url=xpkg.crossplane.io", + "type": "container", + "supplier": { + "name": "crossplane-contrib" + }, + "name": "xpkg.crossplane.io/crossplane-contrib/function-go-templating", + "version": "v0.11.0", + "cpe": "cpe:2.3:a:crossplane-contrib:function-go-templating:0.11.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/crossplane-contrib/function-go-templating@v0.11.0?repository_url=xpkg.crossplane.io" + }, + { + "bom-ref": "pkg:oci/crossplane-contrib/function-patch-and-transform@v0.9.0?repository_url=xpkg.crossplane.io", + "type": "container", + "supplier": { + "name": "crossplane-contrib" + }, + "name": "xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform", + "version": "v0.9.0", + "cpe": "cpe:2.3:a:crossplane-contrib:function-patch-and-transform:0.9.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/crossplane-contrib/function-patch-and-transform@v0.9.0?repository_url=xpkg.crossplane.io" + }, + { + "bom-ref": "pkg:oci/crossplane-contrib/provider-helm@v1.0.0?repository_url=xpkg.crossplane.io", + "type": "container", + "supplier": { + "name": "crossplane-contrib" + }, + "name": "xpkg.crossplane.io/crossplane-contrib/provider-helm", + "version": "v1.0.0", + "cpe": "cpe:2.3:a:crossplane-contrib:provider-helm:1.0.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/crossplane-contrib/provider-helm@v1.0.0?repository_url=xpkg.crossplane.io" + }, + { + "bom-ref": "pkg:oci/crossplane-contrib/provider-kubernetes@v1.0.0?repository_url=xpkg.crossplane.io", + "type": "container", + "supplier": { + "name": "crossplane-contrib" + }, + "name": "xpkg.crossplane.io/crossplane-contrib/provider-kubernetes", + "version": "v1.0.0", + "cpe": "cpe:2.3:a:crossplane-contrib:provider-kubernetes:1.0.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/crossplane-contrib/provider-kubernetes@v1.0.0?repository_url=xpkg.crossplane.io" + }, + { + "bom-ref": "pkg:oci/crossplane/crossplane@v2.0.2?repository_url=xpkg.crossplane.io", + "type": "container", + "supplier": { + "name": "crossplane" + }, + "name": "xpkg.crossplane.io/crossplane/crossplane", + "version": "v2.0.2", + "cpe": "cpe:2.3:a:crossplane:crossplane:2.0.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/crossplane/crossplane@v2.0.2?repository_url=xpkg.crossplane.io" + }, + { + "bom-ref": "pkg:oci/curlimages/curl@8.12.0", + "type": "container", + "supplier": { + "name": "curlimages" + }, + "name": "curlimages/curl", + "version": "8.12.0", + "cpe": "cpe:2.3:a:curlimages:curl:8.12.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/curlimages/curl@8.12.0" + }, + { + "bom-ref": "pkg:oci/curlimages/curl@8.9.1", + "type": "container", + "supplier": { + "name": "curlimages" + }, + "name": "curlimages/curl", + "version": "8.9.1", + "cpe": "cpe:2.3:a:curlimages:curl:8.9.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/curlimages/curl@8.9.1" + }, + { + "bom-ref": "pkg:oci/defaultbackend-amd64@1.5?repository_url=registry.k8s.io", + "type": "container", + "supplier": { + "name": "defaultbackend-amd64" + }, + "name": "registry.k8s.io/defaultbackend-amd64", + "version": "1.5", + "cpe": "cpe:2.3:a:kubernetes:defaultbackend-amd64:1.5:*:*:*:*:*:*:*", + "purl": "pkg:oci/defaultbackend-amd64@1.5?repository_url=registry.k8s.io" + }, + { + "bom-ref": "pkg:oci/dexidp/dex@v2.40.0?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "dexidp" + }, + "name": "ghcr.io/dexidp/dex", + "version": "v2.40.0", + "cpe": "cpe:2.3:a:dexidp:dex:2.40.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/dexidp/dex@v2.40.0?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/dns/k8s-dns-node-cache@1.25.0?repository_url=registry.k8s.io", + "type": "container", + "supplier": { + "name": "dns" + }, + "name": "registry.k8s.io/dns/k8s-dns-node-cache", + "version": "1.25.0", + "cpe": "cpe:2.3:a:kubernetes:k8s-dns-node-cache:1.25.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/dns/k8s-dns-node-cache@1.25.0?repository_url=registry.k8s.io" + }, + { + "bom-ref": "pkg:oci/elastisys/backup-postgres@1.5.0?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/backup-postgres", + "version": "1.5.0", + "cpe": "cpe:2.3:a:elastisys:backup-postgres:1.5.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/backup-postgres@1.5.0?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/elastisys/bitnami/elasticsearch-curator@5.8.4-debian-10-r235?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/bitnami/elasticsearch-curator", + "version": "5.8.4-debian-10-r235", + "cpe": "cpe:2.3:a:elastisys:elasticsearch-curator:5.8.4:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/bitnami/elasticsearch-curator@5.8.4-debian-10-r235?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/bitnami/kubectl", + "version": "1.32.4", + "cpe": "cpe:2.3:a:elastisys:kubectl:1.32.4:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/elastisys/bitnami/thanos@0.37.2-debian-12-r8?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/bitnami/thanos", + "version": "0.37.2-debian-12-r8", + "cpe": "cpe:2.3:a:elastisys:thanos:0.37.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/bitnami/thanos@0.37.2-debian-12-r8?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/elastisys/calico-accountant@0.1.6-ck8s3?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/calico-accountant", + "version": "0.1.6-ck8s3", + "cpe": "cpe:2.3:a:elastisys:calico-accountant:0.1.6:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/calico-accountant@0.1.6-ck8s3?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/elastisys/compliantkubernetes-apps-log-manager@0.3.2?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/compliantkubernetes-apps-log-manager", + "version": "0.3.2", + "cpe": "cpe:2.3:a:elastisys:compliantkubernetes-apps-log-manager:0.3.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/compliantkubernetes-apps-log-manager@0.3.2?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/elastisys/curl-jq@1.0.0?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/curl-jq", + "version": "1.0.0", + "cpe": "cpe:2.3:a:elastisys:curl-jq:1.0.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/curl-jq@1.0.0?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/elastisys/fluentd-aggregator@v7.1.1-ck8s2?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/fluentd-aggregator", + "version": "v7.1.1-ck8s2", + "cpe": "cpe:2.3:a:elastisys:fluentd-aggregator:7.1.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/fluentd-aggregator@v7.1.1-ck8s2?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/elastisys/fluentd-forwarder@v4.7.5-ck8s1?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/fluentd-forwarder", + "version": "v4.7.5-ck8s1", + "cpe": "cpe:2.3:a:elastisys:fluentd-forwarder:4.7.5:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/fluentd-forwarder@v4.7.5-ck8s1?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/elastisys/function-capability@v0.4.0?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/function-capability", + "version": "v0.4.0", + "cpe": "cpe:2.3:a:elastisys:function-capability:0.4.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/function-capability@v0.4.0?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/elastisys/hnc-manager@v1.1.0?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/hnc-manager", + "version": "v1.1.0", + "cpe": "cpe:2.3:a:elastisys:hnc-manager:1.1.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/hnc-manager@v1.1.0?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/elastisys/python-boto3@0.1.1?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/python-boto3", + "version": "0.1.1", + "cpe": "cpe:2.3:a:elastisys:python-boto3:0.1.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/python-boto3@0.1.1?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/elastisys/rclone-sync@1.63.0?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/rclone-sync", + "version": "1.63.0", + "cpe": "cpe:2.3:a:elastisys:rclone-sync:1.63.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/rclone-sync@1.63.0?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/elastisys/rclone-sync@1.72.0?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/rclone-sync", + "version": "1.72.0", + "cpe": "cpe:2.3:a:elastisys:rclone-sync:1.72.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/rclone-sync@1.72.0?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/elastisys/s3-exporter@0.5.0?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "elastisys" + }, + "name": "ghcr.io/elastisys/s3-exporter", + "version": "0.5.0", + "cpe": "cpe:2.3:a:elastisys:s3-exporter:0.5.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/elastisys/s3-exporter@0.5.0?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/external-dns/external-dns@0.14.1?repository_url=registry.k8s.io", + "type": "container", + "supplier": { + "name": "external-dns" + }, + "name": "registry.k8s.io/external-dns/external-dns", + "version": "0.14.1", + "cpe": "cpe:2.3:a:kubernetes:external-dns:0.14.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/external-dns/external-dns@0.14.1?repository_url=registry.k8s.io" + }, + { + "bom-ref": "pkg:oci/external-dns/external-dns@v0.14.2?repository_url=registry.k8s.io", + "type": "container", + "supplier": { + "name": "external-dns" + }, + "name": "registry.k8s.io/external-dns/external-dns", + "version": "v0.14.2", + "cpe": "cpe:2.3:a:kubernetes:external-dns:0.14.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/external-dns/external-dns@v0.14.2?repository_url=registry.k8s.io" + }, + { + "bom-ref": "pkg:oci/falcosecurity/falco-driver-loader@0.41.3?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "falcosecurity" + }, + "name": "docker.io/falcosecurity/falco-driver-loader", + "version": "0.41.3", + "cpe": "cpe:2.3:a:falcosecurity:falco-driver-loader:0.41.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/falcosecurity/falco-driver-loader@0.41.3?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/falcosecurity/falco-talon@0.3.0", + "type": "container", + "supplier": { + "name": "falcosecurity" + }, + "name": "falcosecurity/falco-talon", + "version": "0.3.0", + "cpe": "cpe:2.3:a:falcosecurity:falco-talon:0.3.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/falcosecurity/falco-talon@0.3.0" + }, + { + "bom-ref": "pkg:oci/falcosecurity/falco-talon@0.41.3", + "type": "container", + "supplier": { + "name": "falcosecurity" + }, + "name": "falcosecurity/falco-talon", + "version": "0.41.3", + "cpe": "cpe:2.3:a:falcosecurity:falco-talon:0.41.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/falcosecurity/falco-talon@0.41.3" + }, + { + "bom-ref": "pkg:oci/falcosecurity/falco@0.41.3", + "type": "container", + "supplier": { + "name": "falcosecurity" + }, + "name": "falcosecurity/falco", + "version": "0.41.3", + "cpe": "cpe:2.3:a:falcosecurity:falco:0.41.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/falcosecurity/falco@0.41.3" + }, + { + "bom-ref": "pkg:oci/falcosecurity/falco@0.41.3-debian?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "falcosecurity" + }, + "name": "docker.io/falcosecurity/falco", + "version": "0.41.3-debian", + "cpe": "cpe:2.3:a:falcosecurity:falco:0.41.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/falcosecurity/falco@0.41.3-debian?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/falcosecurity/falcoctl@0.11.2?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "falcosecurity" + }, + "name": "docker.io/falcosecurity/falcoctl", + "version": "0.11.2", + "cpe": "cpe:2.3:a:falcosecurity:falcoctl:0.11.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/falcosecurity/falcoctl@0.11.2?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/falcosecurity/falcosidekick-ui@2.2.0", + "type": "container", + "supplier": { + "name": "falcosecurity" + }, + "name": "falcosecurity/falcosidekick-ui", + "version": "2.2.0", + "cpe": "cpe:2.3:a:falcosecurity:falcosidekick-ui:2.2.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/falcosecurity/falcosidekick-ui@2.2.0" + }, + { + "bom-ref": "pkg:oci/falcosecurity/falcosidekick@2.31.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "falcosecurity" + }, + "name": "docker.io/falcosecurity/falcosidekick", + "version": "2.31.1", + "cpe": "cpe:2.3:a:falcosecurity:falcosidekick:2.31.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/falcosecurity/falcosidekick@2.31.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/falcosecurity/k8s-metacollector@0.1.1", + "type": "container", + "supplier": { + "name": "falcosecurity" + }, + "name": "falcosecurity/k8s-metacollector", + "version": "0.1.1", + "cpe": "cpe:2.3:a:falcosecurity:k8s-metacollector:0.1.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/falcosecurity/k8s-metacollector@0.1.1" + }, + { + "bom-ref": "pkg:oci/falcosecurity/k8s-metacollector@0.41.3", + "type": "container", + "supplier": { + "name": "falcosecurity" + }, + "name": "falcosecurity/k8s-metacollector", + "version": "0.41.3", + "cpe": "cpe:2.3:a:falcosecurity:k8s-metacollector:0.41.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/falcosecurity/k8s-metacollector@0.41.3" + }, + { + "bom-ref": "pkg:oci/falcosecurity/plugins/plugin/container@0.3.1?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "falcosecurity" + }, + "name": "ghcr.io/falcosecurity/plugins/plugin/container", + "version": "0.3.1", + "cpe": "cpe:2.3:a:falcosecurity:container:0.3.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/falcosecurity/plugins/plugin/container@0.3.1?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/falcosecurity/plugins/plugin/k8smeta@0.3.0?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "falcosecurity" + }, + "name": "ghcr.io/falcosecurity/plugins/plugin/k8smeta", + "version": "0.3.0", + "cpe": "cpe:2.3:a:falcosecurity:k8smeta:0.3.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/falcosecurity/plugins/plugin/k8smeta@0.3.0?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/fluentd_elasticsearch/fluentd@v4.7.5?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "fluentd_elasticsearch" + }, + "name": "quay.io/fluentd_elasticsearch/fluentd", + "version": "v4.7.5", + "cpe": "cpe:2.3:a:fluentd_elasticsearch:fluentd:4.7.5:*:*:*:*:*:*:*", + "purl": "pkg:oci/fluentd_elasticsearch/fluentd@v4.7.5?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/goharbor/harbor-core@v2.13.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "goharbor" + }, + "name": "docker.io/goharbor/harbor-core", + "version": "v2.13.1", + "cpe": "cpe:2.3:a:goharbor:harbor-core:2.13.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/goharbor/harbor-core@v2.13.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/goharbor/harbor-db@v2.13.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "goharbor" + }, + "name": "docker.io/goharbor/harbor-db", + "version": "v2.13.1", + "cpe": "cpe:2.3:a:goharbor:harbor-db:2.13.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/goharbor/harbor-db@v2.13.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/goharbor/harbor-exporter@v2.13.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "goharbor" + }, + "name": "docker.io/goharbor/harbor-exporter", + "version": "v2.13.1", + "cpe": "cpe:2.3:a:goharbor:harbor-exporter:2.13.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/goharbor/harbor-exporter@v2.13.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/goharbor/harbor-jobservice@v2.13.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "goharbor" + }, + "name": "docker.io/goharbor/harbor-jobservice", + "version": "v2.13.1", + "cpe": "cpe:2.3:a:goharbor:harbor-jobservice:2.13.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/goharbor/harbor-jobservice@v2.13.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/goharbor/harbor-portal@v2.13.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "goharbor" + }, + "name": "docker.io/goharbor/harbor-portal", + "version": "v2.13.1", + "cpe": "cpe:2.3:a:goharbor:harbor-portal:2.13.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/goharbor/harbor-portal@v2.13.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/goharbor/harbor-registryctl@v2.13.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "goharbor" + }, + "name": "docker.io/goharbor/harbor-registryctl", + "version": "v2.13.1", + "cpe": "cpe:2.3:a:goharbor:harbor-registryctl:2.13.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/goharbor/harbor-registryctl@v2.13.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/goharbor/nginx-photon@v2.13.1", + "type": "container", + "supplier": { + "name": "goharbor" + }, + "name": "goharbor/nginx-photon", + "version": "v2.13.1", + "cpe": "cpe:2.3:a:goharbor:nginx-photon:2.13.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/goharbor/nginx-photon@v2.13.1" + }, + { + "bom-ref": "pkg:oci/goharbor/redis-photon@v2.13.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "goharbor" + }, + "name": "docker.io/goharbor/redis-photon", + "version": "v2.13.1", + "cpe": "cpe:2.3:a:goharbor:redis-photon:2.13.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/goharbor/redis-photon@v2.13.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/goharbor/registry-photon@v2.13.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "goharbor" + }, + "name": "docker.io/goharbor/registry-photon", + "version": "v2.13.1", + "cpe": "cpe:2.3:a:goharbor:registry-photon:2.13.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/goharbor/registry-photon@v2.13.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/goharbor/trivy-adapter-photon@v2.13.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "goharbor" + }, + "name": "docker.io/goharbor/trivy-adapter-photon", + "version": "v2.13.1", + "cpe": "cpe:2.3:a:goharbor:trivy-adapter-photon:2.13.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/goharbor/trivy-adapter-photon@v2.13.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/grafana/grafana-image-renderer@latest", + "type": "container", + "supplier": { + "name": "grafana" + }, + "name": "grafana/grafana-image-renderer", + "version": "latest", + "cpe": "cpe:2.3:a:grafana:grafana-image-renderer:*:*:*:*:*:*:*:*", + "purl": "pkg:oci/grafana/grafana-image-renderer@latest" + }, + { + "bom-ref": "pkg:oci/grafana/grafana@12.0.2", + "type": "container", + "supplier": { + "name": "grafana" + }, + "name": "grafana/grafana", + "version": "12.0.2", + "cpe": "cpe:2.3:a:grafana:grafana:12.0.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/grafana/grafana@12.0.2" + }, + { + "bom-ref": "pkg:oci/grafana/grafana@12.0.3?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "grafana" + }, + "name": "docker.io/grafana/grafana", + "version": "12.0.3", + "cpe": "cpe:2.3:a:grafana:grafana:12.0.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/grafana/grafana@12.0.3?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/grafana/grafana@12.1.1", + "type": "container", + "supplier": { + "name": "grafana" + }, + "name": "grafana/grafana", + "version": "12.1.1", + "cpe": "cpe:2.3:a:grafana:grafana:12.1.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/grafana/grafana@12.1.1" + }, + { + "bom-ref": "pkg:oci/grafana/grafana@v0.85.0", + "type": "container", + "supplier": { + "name": "grafana" + }, + "name": "grafana/grafana", + "version": "v0.85.0", + "cpe": "cpe:2.3:a:grafana:grafana:0.85.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/grafana/grafana@v0.85.0" + }, + { + "bom-ref": "pkg:oci/ingress-controller/controller@1.0.0-dev", + "type": "container", + "supplier": { + "name": "ingress-controller" + }, + "name": "ingress-controller/controller", + "version": "1.0.0-dev", + "cpe": "cpe:2.3:a:ingress-controller:controller:1.0.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/ingress-controller/controller@1.0.0-dev" + }, + { + "bom-ref": "pkg:oci/ingress-nginx/controller-chroot@v1.13.3?repository_url=registry.k8s.io", + "type": "container", + "supplier": { + "name": "ingress-nginx" + }, + "name": "registry.k8s.io/ingress-nginx/controller-chroot", + "version": "v1.13.3", + "cpe": "cpe:2.3:a:kubernetes:controller-chroot:1.13.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/ingress-nginx/controller-chroot@v1.13.3?repository_url=registry.k8s.io" + }, + { + "bom-ref": "pkg:oci/ingress-nginx/controller@v1.13.3?repository_url=registry.k8s.io", + "type": "container", + "supplier": { + "name": "ingress-nginx" + }, + "name": "registry.k8s.io/ingress-nginx/controller", + "version": "v1.13.3", + "cpe": "cpe:2.3:a:kubernetes:controller:1.13.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/ingress-nginx/controller@v1.13.3?repository_url=registry.k8s.io" + }, + { + "bom-ref": "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.5.2?repository_url=registry.k8s.io", + "type": "container", + "supplier": { + "name": "ingress-nginx" + }, + "name": "registry.k8s.io/ingress-nginx/kube-webhook-certgen", + "version": "v1.5.2", + "cpe": "cpe:2.3:a:kubernetes:kube-webhook-certgen:1.5.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.5.2?repository_url=registry.k8s.io" + }, + { + "bom-ref": "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.6.2", + "type": "container", + "supplier": { + "name": "ingress-nginx" + }, + "name": "ingress-nginx/kube-webhook-certgen", + "version": "v1.6.2", + "cpe": "cpe:2.3:a:ingress-nginx:kube-webhook-certgen:1.6.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.6.2" + }, + { + "bom-ref": "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.6.3?repository_url=registry.k8s.io", + "type": "container", + "supplier": { + "name": "ingress-nginx" + }, + "name": "registry.k8s.io/ingress-nginx/kube-webhook-certgen", + "version": "v1.6.3", + "cpe": "cpe:2.3:a:kubernetes:kube-webhook-certgen:1.6.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.6.3?repository_url=registry.k8s.io" + }, + { + "bom-ref": "pkg:oci/jetstack/cert-manager-acmesolver@v1.18.3?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "jetstack" + }, + "name": "quay.io/jetstack/cert-manager-acmesolver", + "version": "v1.18.3", + "cpe": "cpe:2.3:a:jetstack:cert-manager-acmesolver:1.18.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/jetstack/cert-manager-acmesolver@v1.18.3?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/jetstack/cert-manager-cainjector@v1.18.3?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "jetstack" + }, + "name": "quay.io/jetstack/cert-manager-cainjector", + "version": "v1.18.3", + "cpe": "cpe:2.3:a:jetstack:cert-manager-cainjector:1.18.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/jetstack/cert-manager-cainjector@v1.18.3?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/jetstack/cert-manager-controller@v1.18.3?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "jetstack" + }, + "name": "quay.io/jetstack/cert-manager-controller", + "version": "v1.18.3", + "cpe": "cpe:2.3:a:jetstack:cert-manager-controller:1.18.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/jetstack/cert-manager-controller@v1.18.3?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/jetstack/cert-manager-startupapicheck@v1.18.3?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "jetstack" + }, + "name": "quay.io/jetstack/cert-manager-startupapicheck", + "version": "v1.18.3", + "cpe": "cpe:2.3:a:jetstack:cert-manager-startupapicheck:1.18.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/jetstack/cert-manager-startupapicheck@v1.18.3?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/jetstack/cert-manager-webhook@v1.18.3?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "jetstack" + }, + "name": "quay.io/jetstack/cert-manager-webhook", + "version": "v1.18.3", + "cpe": "cpe:2.3:a:jetstack:cert-manager-webhook:1.18.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/jetstack/cert-manager-webhook@v1.18.3?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/k8saudit-rules@0.11", + "type": "container", + "supplier": { + "name": "k8saudit-rules" + }, + "name": "k8saudit-rules", + "version": "0.11", + "cpe": "cpe:2.3:a:k8saudit-rules:k8saudit-rules:0.11:*:*:*:*:*:*:*", + "purl": "pkg:oci/k8saudit-rules@0.11" + }, + { + "bom-ref": "pkg:oci/k8saudit@0.11", + "type": "container", + "supplier": { + "name": "k8saudit" + }, + "name": "k8saudit", + "version": "0.11", + "cpe": "cpe:2.3:a:k8saudit:k8saudit:0.11:*:*:*:*:*:*:*", + "purl": "pkg:oci/k8saudit@0.11" + }, + { + "bom-ref": "pkg:oci/kiwigrid/k8s-sidecar@1.30.10", + "type": "container", + "supplier": { + "name": "kiwigrid" + }, + "name": "kiwigrid/k8s-sidecar", + "version": "1.30.10", + "cpe": "cpe:2.3:a:kiwigrid:k8s-sidecar:1.30.10:*:*:*:*:*:*:*", + "purl": "pkg:oci/kiwigrid/k8s-sidecar@1.30.10" + }, + { + "bom-ref": "pkg:oci/kiwigrid/k8s-sidecar@1.30.3?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "kiwigrid" + }, + "name": "quay.io/kiwigrid/k8s-sidecar", + "version": "1.30.3", + "cpe": "cpe:2.3:a:kiwigrid:k8s-sidecar:1.30.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/kiwigrid/k8s-sidecar@1.30.3?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/kube-state-metrics/kube-state-metrics@v0.85.0", + "type": "container", + "supplier": { + "name": "kube-state-metrics" + }, + "name": "kube-state-metrics/kube-state-metrics", + "version": "v0.85.0", + "cpe": "cpe:2.3:a:kube-state-metrics:kube-state-metrics:0.85.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/kube-state-metrics/kube-state-metrics@v0.85.0" + }, + { + "bom-ref": "pkg:oci/kube-state-metrics/kube-state-metrics@v2.17.0?repository_url=registry.k8s.io", + "type": "container", + "supplier": { + "name": "kube-state-metrics" + }, + "name": "registry.k8s.io/kube-state-metrics/kube-state-metrics", + "version": "v2.17.0", + "cpe": "cpe:2.3:a:kubernetes:kube-state-metrics:2.17.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/kube-state-metrics/kube-state-metrics@v2.17.0?repository_url=registry.k8s.io" + }, + { + "bom-ref": "pkg:oci/kubereboot/kured@1.20.0?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "kubereboot" + }, + "name": "ghcr.io/kubereboot/kured", + "version": "1.20.0", + "cpe": "cpe:2.3:a:kubereboot:kured:1.20.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/kubereboot/kured@1.20.0?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/kyverno/background-controller@v1.13.4", + "type": "container", + "supplier": { + "name": "kyverno" + }, + "name": "kyverno/background-controller", + "version": "v1.13.4", + "cpe": "cpe:2.3:a:kyverno:background-controller:1.13.4:*:*:*:*:*:*:*", + "purl": "pkg:oci/kyverno/background-controller@v1.13.4" + }, + { + "bom-ref": "pkg:oci/kyverno/cleanup-controller@v1.13.4", + "type": "container", + "supplier": { + "name": "kyverno" + }, + "name": "kyverno/cleanup-controller", + "version": "v1.13.4", + "cpe": "cpe:2.3:a:kyverno:cleanup-controller:1.13.4:*:*:*:*:*:*:*", + "purl": "pkg:oci/kyverno/cleanup-controller@v1.13.4" + }, + { + "bom-ref": "pkg:oci/kyverno/kyverno-cli@v1.13.4?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "kyverno" + }, + "name": "ghcr.io/kyverno/kyverno-cli", + "version": "v1.13.4", + "cpe": "cpe:2.3:a:kyverno:kyverno-cli:1.13.4:*:*:*:*:*:*:*", + "purl": "pkg:oci/kyverno/kyverno-cli@v1.13.4?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/kyverno/kyverno@v1.13.4?repository_url=ghcr.io", + "type": "container", + "supplier": { + "name": "kyverno" + }, + "name": "ghcr.io/kyverno/kyverno", + "version": "v1.13.4", + "cpe": "cpe:2.3:a:kyverno:kyverno:1.13.4:*:*:*:*:*:*:*", + "purl": "pkg:oci/kyverno/kyverno@v1.13.4?repository_url=ghcr.io" + }, + { + "bom-ref": "pkg:oci/kyverno/kyvernopre@v1.13.4", + "type": "container", + "supplier": { + "name": "kyverno" + }, + "name": "kyverno/kyvernopre", + "version": "v1.13.4", + "cpe": "cpe:2.3:a:kyverno:kyvernopre:1.13.4:*:*:*:*:*:*:*", + "purl": "pkg:oci/kyverno/kyvernopre@v1.13.4" + }, + { + "bom-ref": "pkg:oci/kyverno/reports-controller@v1.13.4", + "type": "container", + "supplier": { + "name": "kyverno" + }, + "name": "kyverno/reports-controller", + "version": "v1.13.4", + "cpe": "cpe:2.3:a:kyverno:reports-controller:1.13.4:*:*:*:*:*:*:*", + "purl": "pkg:oci/kyverno/reports-controller@v1.13.4" + }, + { + "bom-ref": "pkg:oci/library/busybox@1.31.1", + "type": "container", + "supplier": { + "name": "Docker" + }, + "name": "library/busybox", + "version": "1.31.1", + "cpe": "cpe:2.3:a:docker:busybox:1.31.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/library/busybox@1.31.1" + }, + { + "bom-ref": "pkg:oci/library/busybox@1.36?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "Docker" + }, + "name": "docker.io/library/busybox", + "version": "1.36", + "cpe": "cpe:2.3:a:docker:busybox:1.36:*:*:*:*:*:*:*", + "purl": "pkg:oci/library/busybox@1.36?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/metrics-server/metrics-server@v0.8.0?repository_url=registry.k8s.io", + "type": "container", + "supplier": { + "name": "metrics-server" + }, + "name": "registry.k8s.io/metrics-server/metrics-server", + "version": "v0.8.0", + "cpe": "cpe:2.3:a:kubernetes:metrics-server:0.8.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/metrics-server/metrics-server@v0.8.0?repository_url=registry.k8s.io" + }, + { + "bom-ref": "pkg:oci/minio/mc@RELEASE.2023-09-29T16-41-22Z?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "minio" + }, + "name": "quay.io/minio/mc", + "version": "RELEASE.2023-09-29T16-41-22Z", + "cpe": "cpe:2.3:a:minio:mc:RELEASE.2023-09-29T16-41-22Z:*:*:*:*:*:*:*", + "purl": "pkg:oci/minio/mc@RELEASE.2023-09-29T16-41-22Z?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/minio/minio@RELEASE.2023-09-30T07-02-29Z?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "minio" + }, + "name": "quay.io/minio/minio", + "version": "RELEASE.2023-09-30T07-02-29Z", + "cpe": "cpe:2.3:a:minio:minio:RELEASE.2023-09-30T07-02-29Z:*:*:*:*:*:*:*", + "purl": "pkg:oci/minio/minio@RELEASE.2023-09-30T07-02-29Z?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/nfd/node-feature-discovery@v0.16.6?repository_url=registry.k8s.io", + "type": "container", + "supplier": { + "name": "nfd" + }, + "name": "registry.k8s.io/nfd/node-feature-discovery", + "version": "v0.16.6", + "cpe": "cpe:2.3:a:kubernetes:node-feature-discovery:0.16.6:*:*:*:*:*:*:*", + "purl": "pkg:oci/nfd/node-feature-discovery@v0.16.6?repository_url=registry.k8s.io" + }, + { + "bom-ref": "pkg:oci/nfd/node-feature-discovery@v24.9.2?repository_url=registry.k8s.io", + "type": "container", + "supplier": { + "name": "nfd" + }, + "name": "registry.k8s.io/nfd/node-feature-discovery", + "version": "v24.9.2", + "cpe": "cpe:2.3:a:kubernetes:node-feature-discovery:24.9.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/nfd/node-feature-discovery@v24.9.2?repository_url=registry.k8s.io" + }, + { + "bom-ref": "pkg:oci/nvidia/cloud-native/kata-gpu-artifacts@ubuntu22.04-535.54.03?repository_url=nvcr.io", + "type": "container", + "supplier": { + "name": "nvidia" + }, + "name": "nvcr.io/nvidia/cloud-native/kata-gpu-artifacts", + "version": "ubuntu22.04-535.54.03", + "cpe": "cpe:2.3:a:nvidia:kata-gpu-artifacts:ubuntu22.04-535.54.03:*:*:*:*:*:*:*", + "purl": "pkg:oci/nvidia/cloud-native/kata-gpu-artifacts@ubuntu22.04-535.54.03?repository_url=nvcr.io" + }, + { + "bom-ref": "pkg:oci/nvidia/cloud-native/kata-gpu-artifacts@ubuntu22.04-535.86.10-snp?repository_url=nvcr.io", + "type": "container", + "supplier": { + "name": "nvidia" + }, + "name": "nvcr.io/nvidia/cloud-native/kata-gpu-artifacts", + "version": "ubuntu22.04-535.86.10-snp", + "cpe": "cpe:2.3:a:nvidia:kata-gpu-artifacts:ubuntu22.04-535.86.10-snp:*:*:*:*:*:*:*", + "purl": "pkg:oci/nvidia/cloud-native/kata-gpu-artifacts@ubuntu22.04-535.86.10-snp?repository_url=nvcr.io" + }, + { + "bom-ref": "pkg:oci/nvidia/cloud-native@v24.9.2?repository_url=nvcr.io", + "type": "container", + "supplier": { + "name": "nvidia" + }, + "name": "nvcr.io/nvidia/cloud-native", + "version": "v24.9.2", + "cpe": "cpe:2.3:a:nvidia:cloud-native:24.9.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/nvidia/cloud-native@v24.9.2?repository_url=nvcr.io" + }, + { + "bom-ref": "pkg:oci/nvidia/gpu-operator@v24.9.2?repository_url=nvcr.io", + "type": "container", + "supplier": { + "name": "nvidia" + }, + "name": "nvcr.io/nvidia/gpu-operator", + "version": "v24.9.2", + "cpe": "cpe:2.3:a:nvidia:gpu-operator:24.9.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/nvidia/gpu-operator@v24.9.2?repository_url=nvcr.io" + }, + { + "bom-ref": "pkg:oci/nvidia/k8s@v24.9.2?repository_url=nvcr.io", + "type": "container", + "supplier": { + "name": "nvidia" + }, + "name": "nvcr.io/nvidia/k8s", + "version": "v24.9.2", + "cpe": "cpe:2.3:a:nvidia:k8s:24.9.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/nvidia/k8s@v24.9.2?repository_url=nvcr.io" + }, + { + "bom-ref": "pkg:oci/nvidia@v24.9.2?repository_url=nvcr.io", + "type": "container", + "supplier": { + "name": "nvidia" + }, + "name": "nvcr.io/nvidia", + "version": "v24.9.2", + "cpe": "cpe:2.3:a:nvidia:nvidia:24.9.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/nvidia@v24.9.2?repository_url=nvcr.io" + }, + { + "bom-ref": "pkg:oci/openpolicyagent/gatekeeper-crds@v3.20.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "openpolicyagent" + }, + "name": "docker.io/openpolicyagent/gatekeeper-crds", + "version": "v3.20.1", + "cpe": "cpe:2.3:a:openpolicyagent:gatekeeper-crds:3.20.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/openpolicyagent/gatekeeper-crds@v3.20.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/openpolicyagent/gatekeeper@v3.20.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "openpolicyagent" + }, + "name": "docker.io/openpolicyagent/gatekeeper", + "version": "v3.20.1", + "cpe": "cpe:2.3:a:openpolicyagent:gatekeeper:3.20.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/openpolicyagent/gatekeeper@v3.20.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/opensearchproject/opensearch-dashboards@2.19.3?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "opensearchproject" + }, + "name": "docker.io/opensearchproject/opensearch-dashboards", + "version": "2.19.3", + "cpe": "cpe:2.3:a:opensearchproject:opensearch-dashboards:2.19.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/opensearchproject/opensearch-dashboards@2.19.3?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/opensearchproject/opensearch@2.18.0", + "type": "container", + "supplier": { + "name": "opensearchproject" + }, + "name": "opensearchproject/opensearch", + "version": "2.18.0", + "cpe": "cpe:2.3:a:opensearchproject:opensearch:2.18.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/opensearchproject/opensearch@2.18.0" + }, + { + "bom-ref": "pkg:oci/opensearchproject/opensearch@2.19.3?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "opensearchproject" + }, + "name": "docker.io/opensearchproject/opensearch", + "version": "2.19.3", + "cpe": "cpe:2.3:a:opensearchproject:opensearch:2.19.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/opensearchproject/opensearch@2.19.3?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/prometheus-community/windows-exporter@0.31.3", + "type": "container", + "supplier": { + "name": "prometheus-community" + }, + "name": "prometheus-community/windows-exporter", + "version": "0.31.3", + "cpe": "cpe:2.3:a:prometheus-community:windows-exporter:0.31.3:*:*:*:*:*:*:*", + "purl": "pkg:oci/prometheus-community/windows-exporter@0.31.3" + }, + { + "bom-ref": "pkg:oci/prometheus-community/windows-exporter@v0.85.0", + "type": "container", + "supplier": { + "name": "prometheus-community" + }, + "name": "prometheus-community/windows-exporter", + "version": "v0.85.0", + "cpe": "cpe:2.3:a:prometheus-community:windows-exporter:0.85.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/prometheus-community/windows-exporter@v0.85.0" + }, + { + "bom-ref": "pkg:oci/prometheus-operator/admission-webhook@v0.85.0", + "type": "container", + "supplier": { + "name": "prometheus-operator" + }, + "name": "prometheus-operator/admission-webhook", + "version": "v0.85.0", + "cpe": "cpe:2.3:a:prometheus-operator:admission-webhook:0.85.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/prometheus-operator/admission-webhook@v0.85.0" + }, + { + "bom-ref": "pkg:oci/prometheus-operator/prometheus-config-reloader@v0.85.0?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "prometheus-operator" + }, + "name": "quay.io/prometheus-operator/prometheus-config-reloader", + "version": "v0.85.0", + "cpe": "cpe:2.3:a:prometheus-operator:prometheus-config-reloader:0.85.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/prometheus-operator/prometheus-config-reloader@v0.85.0?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/prometheus-operator/prometheus-operator@v0.85.0?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "prometheus-operator" + }, + "name": "quay.io/prometheus-operator/prometheus-operator", + "version": "v0.85.0", + "cpe": "cpe:2.3:a:prometheus-operator:prometheus-operator:0.85.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/prometheus-operator/prometheus-operator@v0.85.0?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/prometheus/alertmanager@v0.28.1?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "prometheus" + }, + "name": "quay.io/prometheus/alertmanager", + "version": "v0.28.1", + "cpe": "cpe:2.3:a:prometheus:alertmanager:0.28.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/prometheus/alertmanager@v0.28.1?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/prometheus/blackbox-exporter@v0.27.0?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "prometheus" + }, + "name": "quay.io/prometheus/blackbox-exporter", + "version": "v0.27.0", + "cpe": "cpe:2.3:a:prometheus:blackbox-exporter:0.27.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/prometheus/blackbox-exporter@v0.27.0?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/prometheus/node-exporter@v0.85.0", + "type": "container", + "supplier": { + "name": "prometheus" + }, + "name": "prometheus/node-exporter", + "version": "v0.85.0", + "cpe": "cpe:2.3:a:prometheus:node-exporter:0.85.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/prometheus/node-exporter@v0.85.0" + }, + { + "bom-ref": "pkg:oci/prometheus/node-exporter@v1.9.1?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "prometheus" + }, + "name": "quay.io/prometheus/node-exporter", + "version": "v1.9.1", + "cpe": "cpe:2.3:a:prometheus:node-exporter:1.9.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/prometheus/node-exporter@v1.9.1?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/prometheus/prometheus@v3.6.0?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "prometheus" + }, + "name": "quay.io/prometheus/prometheus", + "version": "v3.6.0", + "cpe": "cpe:2.3:a:prometheus:prometheus:3.6.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/prometheus/prometheus@v3.6.0?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/prometheuscommunity/elasticsearch-exporter@v1.7.0?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "prometheuscommunity" + }, + "name": "quay.io/prometheuscommunity/elasticsearch-exporter", + "version": "v1.7.0", + "cpe": "cpe:2.3:a:prometheuscommunity:elasticsearch-exporter:1.7.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/prometheuscommunity/elasticsearch-exporter@v1.7.0?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/prometheuscommunity/prom-label-proxy@v0.11.0?repository_url=quay.io", + "type": "container", + "supplier": { + "name": "prometheuscommunity" + }, + "name": "quay.io/prometheuscommunity/prom-label-proxy", + "version": "v0.11.0", + "cpe": "cpe:2.3:a:prometheuscommunity:prom-label-proxy:0.11.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/prometheuscommunity/prom-label-proxy@v0.11.0?repository_url=quay.io" + }, + { + "bom-ref": "pkg:oci/redis/redis-stack@7.2.0-v11", + "type": "container", + "supplier": { + "name": "redis" + }, + "name": "redis/redis-stack", + "version": "7.2.0-v11", + "cpe": "cpe:2.3:a:redis:redis-stack:7.2.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/redis/redis-stack@7.2.0-v11" + }, + { + "bom-ref": "pkg:oci/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36@v1.1.0?repository_url=ghcr.io\u0026digest=sha256:72ba947187317aee83b8b6ba510b17375bede4ce062e366cd0162515e0f7d5f2", + "type": "container", + "supplier": { + "name": "tektoncd" + }, + "name": "ghcr.io/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36", + "version": "v1.1.0", + "cpe": "cpe:2.3:a:tektoncd:controller-10a3e32792f33651396d02b6855a6e36:1.1.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36@v1.1.0?repository_url=ghcr.io\u0026digest=sha256:72ba947187317aee83b8b6ba510b17375bede4ce062e366cd0162515e0f7d5f2" + }, + { + "bom-ref": "pkg:oci/thanos/thanos@v0.39.2", + "type": "container", + "supplier": { + "name": "thanos" + }, + "name": "thanos/thanos", + "version": "v0.39.2", + "cpe": "cpe:2.3:a:thanos:thanos:0.39.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/thanos/thanos@v0.39.2" + }, + { + "bom-ref": "pkg:oci/velero/velero-plugin-for-aws@v1.9.0?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "velero" + }, + "name": "docker.io/velero/velero-plugin-for-aws", + "version": "v1.9.0", + "cpe": "cpe:2.3:a:velero:velero-plugin-for-aws:1.9.0:*:*:*:*:*:*:*", + "purl": "pkg:oci/velero/velero-plugin-for-aws@v1.9.0?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/velero/velero-plugin-for-gcp@v1.9.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "velero" + }, + "name": "docker.io/velero/velero-plugin-for-gcp", + "version": "v1.9.1", + "cpe": "cpe:2.3:a:velero:velero-plugin-for-gcp:1.9.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/velero/velero-plugin-for-gcp@v1.9.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/velero/velero-plugin-for-microsoft-azure@v1.9.2?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "velero" + }, + "name": "docker.io/velero/velero-plugin-for-microsoft-azure", + "version": "v1.9.2", + "cpe": "cpe:2.3:a:velero:velero-plugin-for-microsoft-azure:1.9.2:*:*:*:*:*:*:*", + "purl": "pkg:oci/velero/velero-plugin-for-microsoft-azure@v1.9.2?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/velero/velero@v1.16.1?repository_url=docker.io", + "type": "container", + "supplier": { + "name": "velero" + }, + "name": "docker.io/velero/velero", + "version": "v1.16.1", + "cpe": "cpe:2.3:a:velero:velero:1.16.1:*:*:*:*:*:*:*", + "purl": "pkg:oci/velero/velero@v1.16.1?repository_url=docker.io" + }, + { + "bom-ref": "pkg:oci/weaveworks/kured@latest", + "type": "container", + "supplier": { + "name": "weaveworks" + }, + "name": "weaveworks/kured", + "version": "latest", + "cpe": "cpe:2.3:a:weaveworks:kured:*:*:*:*:*:*:*:*", + "purl": "pkg:oci/weaveworks/kured@latest" + } + ], + "dependencies": [ + { + "ref": "pkg:generic/compliantkubernetes-apps@latest", + "dependsOn": [ + "pkg:helm/autoscaling-monitoring@0.1.0", + "pkg:helm/calico-accountant@0.1.1", + "pkg:helm/calico-default-deny@0.1.0", + "pkg:helm/calico-felix-metrics@0.1.0", + "pkg:helm/cert-manager@v1.18.3", + "pkg:helm/cilium-default-deny@0.1.0", + "pkg:helm/cluster-admin-rbac@0.1.0", + "pkg:helm/common@2.30.0", + "pkg:helm/crds@0.0.0", + "pkg:helm/crds@3.3.6", + "pkg:helm/crossplane-packages@0.1.0", + "pkg:helm/crossplane@2.0.2", + "pkg:helm/dex@0.18.0", + "pkg:helm/external-dns-endpoints@0.1.0", + "pkg:helm/external-dns-secrets@0.1.0", + "pkg:helm/external-dns@1.14.4", + "pkg:helm/falco-talon@0.3.0", + "pkg:helm/falco@6.0.2", + "pkg:helm/falcosidekick@0.9.11", + "pkg:helm/file-copier@0.1.0", + "pkg:helm/fluentd-elasticsearch@13.12.2", + "pkg:helm/fluentd@7.1.1", + "pkg:helm/gatekeeper-constraints@0.1.0", + "pkg:helm/gatekeeper-metrics@0.1.0", + "pkg:helm/gatekeeper-mutations@0.1.0", + "pkg:helm/gatekeeper-templates@0.1.0", + "pkg:helm/gatekeeper@3.20.1", + "pkg:helm/gpu-operator@v24.9.2", + "pkg:helm/grafana-dashboards@0.3.0", + "pkg:helm/grafana-label-enforcer@0.1.0", + "pkg:helm/grafana@10.0.0", + "pkg:helm/grafana@3.3.6", + "pkg:helm/grafana@9.2.10", + "pkg:helm/harbor-backup@0.1.0", + "pkg:helm/harbor-certs@0.1.0", + "pkg:helm/harbor-mpu-cleaner@0.1.0", + "pkg:helm/harbor@1.17.1", + "pkg:helm/hnc-config@0.1.0", + "pkg:helm/hnc@0.1.0", + "pkg:helm/ingress-nginx-probe-ingress@0.1.0", + "pkg:helm/ingress-nginx@4.13.3", + "pkg:helm/init-harbor@0.2.0", + "pkg:helm/k8s-metacollector@0.1.10", + "pkg:helm/kube-prometheus-stack@77.11.1", + "pkg:helm/kube-state-metrics-extra-resource-metrics@0.1.0", + "pkg:helm/kube-state-metrics@6.3.0", + "pkg:helm/kubeapi-metrics@0.1.0", + "pkg:helm/kured-secret@0.1.0", + "pkg:helm/kured@5.10.0", + "pkg:helm/kyverno-policies@0.1.0", + "pkg:helm/kyverno@3.3.6", + "pkg:helm/letsencrypt@0.1.0", + "pkg:helm/log-manager@0.1.0", + "pkg:helm/metrics-server@3.13.0", + "pkg:helm/minio@15.0.5", + "pkg:helm/minio@5.0.14", + "pkg:helm/namespaces@0.1.1", + "pkg:helm/networkpolicy-generator@0.1.0", + "pkg:helm/networkpolicy-service@0.2.0", + "pkg:helm/networkpolicy-workload@0.2.0", + "pkg:helm/node-feature-discovery@0.16.6", + "pkg:helm/node-local-dns@0.1.1", + "pkg:helm/opensearch-configurer@0.1.0", + "pkg:helm/opensearch-curator@0.1.0", + "pkg:helm/opensearch-dashboards@2.31.0", + "pkg:helm/opensearch-secrets@0.1.0", + "pkg:helm/opensearch-securityadmin@0.1.0", + "pkg:helm/opensearch@2.35.0", + "pkg:helm/openstack-monitoring@0.1.0", + "pkg:helm/podsecuritypolicies@0.1.0", + "pkg:helm/prometheus-alerts@0.1.1", + "pkg:helm/prometheus-blackbox-exporter@11.3.1", + "pkg:helm/prometheus-elasticsearch-exporter@6.1.0", + "pkg:helm/prometheus-node-exporter@4.48.0", + "pkg:helm/prometheus-servicemonitor@0.1.1", + "pkg:helm/prometheus-windows-exporter@0.12.2", + "pkg:helm/rclone@0.1.0", + "pkg:helm/s3-exporter@0.1.0", + "pkg:helm/tekton-monitoring@0.1.0", + "pkg:helm/tekton-pipeline@1.1.0", + "pkg:helm/thanos-ingress-secret@0.1.0", + "pkg:helm/thanos-ruler@0.1.0", + "pkg:helm/thanos@15.13.1", + "pkg:helm/tigera-operator@v3.26.4", + "pkg:helm/trivy-operator@0.31.0", + "pkg:helm/user-crds@0.1.0", + "pkg:helm/user-rbac@0.1.0", + "pkg:helm/velero@10.0.11" + ] + }, + { + "ref": "pkg:helm/autoscaling-monitoring@0.1.0", + "dependsOn": [ + "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.5.2?repository_url=registry.k8s.io", + "pkg:oci/kiwigrid/k8s-sidecar@1.30.3?repository_url=quay.io", + "pkg:oci/prometheus-operator/prometheus-config-reloader@v0.85.0?repository_url=quay.io", + "pkg:oci/prometheus-operator/prometheus-operator@v0.85.0?repository_url=quay.io", + "pkg:oci/prometheus/alertmanager@v0.28.1?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/calico-accountant@0.1.1", + "dependsOn": [ + "pkg:oci/elastisys/calico-accountant@0.1.6-ck8s3?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/calico-default-deny@0.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:helm/calico-felix-metrics@0.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:helm/cert-manager@v1.18.3", + "dependsOn": [ + "pkg:oci/jetstack/cert-manager-acmesolver@v1.18.3?repository_url=quay.io", + "pkg:oci/jetstack/cert-manager-cainjector@v1.18.3?repository_url=quay.io", + "pkg:oci/jetstack/cert-manager-controller@v1.18.3?repository_url=quay.io", + "pkg:oci/jetstack/cert-manager-startupapicheck@v1.18.3?repository_url=quay.io", + "pkg:oci/jetstack/cert-manager-webhook@v1.18.3?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/cilium-default-deny@0.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:helm/cluster-admin-rbac@0.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:helm/common@2.29.0", + "dependsOn": [ + "pkg:oci/elastisys/fluentd-aggregator@v7.1.1-ck8s2?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/common@2.30.0", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/thanos@0.37.2-debian-12-r8?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/crds@0.0.0", + "dependsOn": [ + "pkg:oci/prometheus/prometheus@v3.6.0?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/crds@3.3.6", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "pkg:oci/kyverno/kyverno-cli@v1.13.4?repository_url=ghcr.io", + "pkg:oci/kyverno/kyverno@v1.13.4?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/crossplane-packages@0.1.0", + "dependsOn": [ + "pkg:oci/crossplane-contrib/function-auto-ready@v0.5.0?repository_url=xpkg.crossplane.io", + "pkg:oci/crossplane-contrib/function-go-templating@v0.11.0?repository_url=xpkg.crossplane.io", + "pkg:oci/crossplane-contrib/function-patch-and-transform@v0.9.0?repository_url=xpkg.crossplane.io", + "pkg:oci/crossplane-contrib/provider-helm@v1.0.0?repository_url=xpkg.crossplane.io", + "pkg:oci/crossplane/crossplane@v2.0.2?repository_url=xpkg.crossplane.io", + "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "pkg:oci/elastisys/function-capability@v0.4.0?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/crossplane@2.0.2", + "dependsOn": [ + "pkg:oci/crossplane-contrib/function-auto-ready@v0.5.0?repository_url=xpkg.crossplane.io", + "pkg:oci/crossplane-contrib/function-go-templating@v0.11.0?repository_url=xpkg.crossplane.io", + "pkg:oci/crossplane-contrib/function-patch-and-transform@v0.9.0?repository_url=xpkg.crossplane.io", + "pkg:oci/crossplane-contrib/provider-helm@v1.0.0?repository_url=xpkg.crossplane.io", + "pkg:oci/crossplane/crossplane@v2.0.2?repository_url=xpkg.crossplane.io", + "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "pkg:oci/elastisys/function-capability@v0.4.0?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/dex@0.18.0", + "dependsOn": [ + "pkg:oci/dexidp/dex@v2.40.0?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/external-dns-endpoints@0.1.0", + "dependsOn": [ + "pkg:oci/external-dns/external-dns@v0.14.2?repository_url=registry.k8s.io" + ] + }, + { + "ref": "pkg:helm/external-dns-secrets@0.1.0", + "dependsOn": [ + "pkg:oci/external-dns/external-dns@v0.14.2?repository_url=registry.k8s.io" + ] + }, + { + "ref": "pkg:helm/external-dns@1.14.4", + "dependsOn": [ + "pkg:oci/crossplane-contrib/provider-kubernetes@v1.0.0?repository_url=xpkg.crossplane.io", + "pkg:oci/external-dns/external-dns@0.14.1?repository_url=registry.k8s.io", + "pkg:oci/external-dns/external-dns@v0.14.2?repository_url=registry.k8s.io" + ] + }, + { + "ref": "pkg:helm/falco-talon@0.3.0", + "dependsOn": [ + "pkg:oci/falcosecurity/falco-driver-loader@0.41.3?repository_url=docker.io", + "pkg:oci/falcosecurity/falco-talon@0.3.0", + "pkg:oci/falcosecurity/falco@0.41.3-debian?repository_url=docker.io", + "pkg:oci/falcosecurity/falcoctl@0.11.2?repository_url=docker.io", + "pkg:oci/falcosecurity/falcosidekick@2.31.1?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/falco@6.0.2", + "dependsOn": [ + "pkg:helm/falco-talon@0.3.0", + "pkg:helm/falcosidekick@0.9.11", + "pkg:helm/k8s-metacollector@0.1.10", + "pkg:oci/falcosecurity/falco-driver-loader@0.41.3?repository_url=docker.io", + "pkg:oci/falcosecurity/falco-talon@0.41.3", + "pkg:oci/falcosecurity/falco@0.41.3", + "pkg:oci/falcosecurity/falco@0.41.3-debian?repository_url=docker.io", + "pkg:oci/falcosecurity/falcoctl@0.11.2?repository_url=docker.io", + "pkg:oci/falcosecurity/falcosidekick-ui@2.2.0", + "pkg:oci/falcosecurity/falcosidekick@2.31.1?repository_url=docker.io", + "pkg:oci/falcosecurity/k8s-metacollector@0.41.3", + "pkg:oci/falcosecurity/plugins/plugin/container@0.3.1?repository_url=ghcr.io", + "pkg:oci/falcosecurity/plugins/plugin/k8smeta@0.3.0?repository_url=ghcr.io", + "pkg:oci/k8saudit-rules@0.11", + "pkg:oci/k8saudit@0.11", + "pkg:oci/redis/redis-stack@7.2.0-v11" + ] + }, + { + "ref": "pkg:helm/falcosidekick@0.9.11", + "dependsOn": [ + "pkg:oci/falcosecurity/falco-driver-loader@0.41.3?repository_url=docker.io", + "pkg:oci/falcosecurity/falco@0.41.3-debian?repository_url=docker.io", + "pkg:oci/falcosecurity/falcoctl@0.11.2?repository_url=docker.io", + "pkg:oci/falcosecurity/falcosidekick-ui@2.2.0", + "pkg:oci/falcosecurity/falcosidekick@2.31.1?repository_url=docker.io", + "pkg:oci/redis/redis-stack@7.2.0-v11" + ] + }, + { + "ref": "pkg:helm/file-copier@0.1.0", + "dependsOn": [ + "pkg:oci/library/busybox@1.36?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/fluentd-elasticsearch@13.12.2", + "dependsOn": [ + "pkg:oci/elastisys/fluentd-forwarder@v4.7.5-ck8s1?repository_url=ghcr.io", + "pkg:oci/fluentd_elasticsearch/fluentd@v4.7.5?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/fluentd@7.1.1", + "dependsOn": [ + "pkg:helm/common@2.29.0", + "pkg:oci/bitnami/fluentd@1.18.0-debian-12-r1", + "pkg:oci/elastisys/fluentd-aggregator@v7.1.1-ck8s2?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/gatekeeper-constraints@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "pkg:oci/openpolicyagent/gatekeeper-crds@v3.20.1?repository_url=docker.io", + "pkg:oci/openpolicyagent/gatekeeper@v3.20.1?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/gatekeeper-metrics@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "pkg:oci/openpolicyagent/gatekeeper-crds@v3.20.1?repository_url=docker.io", + "pkg:oci/openpolicyagent/gatekeeper@v3.20.1?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/gatekeeper-mutations@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "pkg:oci/openpolicyagent/gatekeeper-crds@v3.20.1?repository_url=docker.io", + "pkg:oci/openpolicyagent/gatekeeper@v3.20.1?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/gatekeeper-templates@0.1.0", + "dependsOn": [ + "pkg:oci/bitnami/kubectl@1.25?repository_url=docker.io", + "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "pkg:oci/openpolicyagent/gatekeeper-crds@v3.20.1?repository_url=docker.io", + "pkg:oci/openpolicyagent/gatekeeper@v3.20.1?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/gatekeeper@3.20.1", + "dependsOn": [ + "pkg:oci/curlimages/curl@8.12.0", + "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "pkg:oci/openpolicyagent/gatekeeper-crds@v3.20.1?repository_url=docker.io", + "pkg:oci/openpolicyagent/gatekeeper@v3.20.1?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/gpu-operator@v24.9.2", + "dependsOn": [ + "pkg:helm/node-feature-discovery@0.16.6", + "pkg:oci/nfd/node-feature-discovery@v24.9.2?repository_url=registry.k8s.io", + "pkg:oci/nvidia/cloud-native/kata-gpu-artifacts@ubuntu22.04-535.54.03?repository_url=nvcr.io", + "pkg:oci/nvidia/cloud-native/kata-gpu-artifacts@ubuntu22.04-535.86.10-snp?repository_url=nvcr.io", + "pkg:oci/nvidia/cloud-native@v24.9.2?repository_url=nvcr.io", + "pkg:oci/nvidia/gpu-operator@v24.9.2?repository_url=nvcr.io", + "pkg:oci/nvidia/k8s@v24.9.2?repository_url=nvcr.io", + "pkg:oci/nvidia@v24.9.2?repository_url=nvcr.io" + ] + }, + { + "ref": "pkg:helm/grafana-dashboards@0.3.0", + "dependsOn": [ + "pkg:oci/grafana/grafana@12.0.3?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/grafana-label-enforcer@0.1.0", + "dependsOn": [ + "pkg:oci/grafana/grafana@12.0.3?repository_url=docker.io", + "pkg:oci/prometheuscommunity/prom-label-proxy@v0.11.0?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/grafana@10.0.0", + "dependsOn": [ + "pkg:oci/bats/bats@v1.4.1", + "pkg:oci/curlimages/curl@8.9.1", + "pkg:oci/grafana/grafana-image-renderer@latest", + "pkg:oci/grafana/grafana@12.0.3?repository_url=docker.io", + "pkg:oci/grafana/grafana@12.1.1", + "pkg:oci/kiwigrid/k8s-sidecar@1.30.10", + "pkg:oci/library/busybox@1.31.1", + "pkg:oci/prometheus/prometheus@v3.6.0?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/grafana@3.3.6", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "pkg:oci/grafana/grafana@12.0.3?repository_url=docker.io", + "pkg:oci/kyverno/kyverno-cli@v1.13.4?repository_url=ghcr.io", + "pkg:oci/kyverno/kyverno@v1.13.4?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/grafana@9.2.10", + "dependsOn": [ + "pkg:oci/bats/bats@v1.4.1", + "pkg:oci/curlimages/curl@8.9.1", + "pkg:oci/grafana/grafana-image-renderer@latest", + "pkg:oci/grafana/grafana@12.0.2", + "pkg:oci/grafana/grafana@12.0.3?repository_url=docker.io", + "pkg:oci/kiwigrid/k8s-sidecar@1.30.3?repository_url=quay.io", + "pkg:oci/library/busybox@1.31.1" + ] + }, + { + "ref": "pkg:helm/harbor-backup@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/backup-postgres@1.5.0?repository_url=ghcr.io", + "pkg:oci/elastisys/curl-jq@1.0.0?repository_url=ghcr.io", + "pkg:oci/goharbor/harbor-core@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-db@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-jobservice@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-portal@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-registryctl@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/redis-photon@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/registry-photon@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/trivy-adapter-photon@v2.13.1?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/harbor-certs@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/backup-postgres@1.5.0?repository_url=ghcr.io", + "pkg:oci/elastisys/curl-jq@1.0.0?repository_url=ghcr.io", + "pkg:oci/goharbor/harbor-core@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-db@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-jobservice@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-portal@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-registryctl@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/redis-photon@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/registry-photon@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/trivy-adapter-photon@v2.13.1?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/harbor-mpu-cleaner@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/backup-postgres@1.5.0?repository_url=ghcr.io", + "pkg:oci/elastisys/curl-jq@1.0.0?repository_url=ghcr.io", + "pkg:oci/elastisys/python-boto3@0.1.1?repository_url=ghcr.io", + "pkg:oci/goharbor/harbor-core@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-db@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-jobservice@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-portal@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-registryctl@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/redis-photon@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/registry-photon@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/trivy-adapter-photon@v2.13.1?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/harbor@1.17.1", + "dependsOn": [ + "pkg:oci/elastisys/backup-postgres@1.5.0?repository_url=ghcr.io", + "pkg:oci/elastisys/curl-jq@1.0.0?repository_url=ghcr.io", + "pkg:oci/goharbor/harbor-core@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-db@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-exporter@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-jobservice@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-portal@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-registryctl@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/nginx-photon@v2.13.1", + "pkg:oci/goharbor/redis-photon@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/registry-photon@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/trivy-adapter-photon@v2.13.1?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/hnc-config@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/hnc-manager@v1.1.0?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/hnc@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/hnc-manager@v1.1.0?repository_url=ghcr.io", + "pkg:oci/ingress-nginx/controller@v1.13.3?repository_url=registry.k8s.io", + "pkg:oci/jetstack/cert-manager-controller@v1.18.3?repository_url=quay.io", + "pkg:oci/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36@v1.1.0?repository_url=ghcr.io\u0026digest=sha256:72ba947187317aee83b8b6ba510b17375bede4ce062e366cd0162515e0f7d5f2" + ] + }, + { + "ref": "pkg:helm/ingress-nginx-probe-ingress@0.1.0", + "dependsOn": [ + "pkg:oci/defaultbackend-amd64@1.5?repository_url=registry.k8s.io", + "pkg:oci/ingress-nginx/controller-chroot@v1.13.3?repository_url=registry.k8s.io", + "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.6.3?repository_url=registry.k8s.io" + ] + }, + { + "ref": "pkg:helm/ingress-nginx@4.13.3", + "dependsOn": [ + "pkg:oci/crossplane-contrib/provider-kubernetes@v1.0.0?repository_url=xpkg.crossplane.io", + "pkg:oci/defaultbackend-amd64@1.5?repository_url=registry.k8s.io", + "pkg:oci/ingress-controller/controller@1.0.0-dev", + "pkg:oci/ingress-nginx/controller-chroot@v1.13.3?repository_url=registry.k8s.io", + "pkg:oci/ingress-nginx/controller@v1.13.3?repository_url=registry.k8s.io", + "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.6.3?repository_url=registry.k8s.io" + ] + }, + { + "ref": "pkg:helm/init-harbor@0.2.0", + "dependsOn": [ + "pkg:oci/elastisys/backup-postgres@1.5.0?repository_url=ghcr.io", + "pkg:oci/elastisys/curl-jq@1.0.0?repository_url=ghcr.io", + "pkg:oci/goharbor/harbor-core@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-db@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-jobservice@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-portal@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/harbor-registryctl@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/redis-photon@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/registry-photon@v2.13.1?repository_url=docker.io", + "pkg:oci/goharbor/trivy-adapter-photon@v2.13.1?repository_url=docker.io", + "pkg:oci/kyverno/kyverno@v1.13.4?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/k8s-metacollector@0.1.10", + "dependsOn": [ + "pkg:oci/falcosecurity/falco-driver-loader@0.41.3?repository_url=docker.io", + "pkg:oci/falcosecurity/falco@0.41.3-debian?repository_url=docker.io", + "pkg:oci/falcosecurity/falcoctl@0.11.2?repository_url=docker.io", + "pkg:oci/falcosecurity/falcosidekick@2.31.1?repository_url=docker.io", + "pkg:oci/falcosecurity/k8s-metacollector@0.1.1" + ] + }, + { + "ref": "pkg:helm/kube-prometheus-stack@77.11.1", + "dependsOn": [ + "pkg:helm/crds@0.0.0", + "pkg:helm/grafana@10.0.0", + "pkg:helm/kube-state-metrics@6.3.0", + "pkg:helm/prometheus-node-exporter@4.48.0", + "pkg:helm/prometheus-windows-exporter@0.12.2", + "pkg:oci/bats/bats@v1.4.1", + "pkg:oci/brancz/kube-rbac-proxy@v0.19.1", + "pkg:oci/brancz/kube-rbac-proxy@v0.20.0", + "pkg:oci/curlimages/curl@8.9.1", + "pkg:oci/grafana/grafana-image-renderer@latest", + "pkg:oci/grafana/grafana@v0.85.0", + "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.6.2", + "pkg:oci/kiwigrid/k8s-sidecar@1.30.10", + "pkg:oci/kube-state-metrics/kube-state-metrics@v0.85.0", + "pkg:oci/library/busybox@1.31.1", + "pkg:oci/prometheus-community/windows-exporter@v0.85.0", + "pkg:oci/prometheus-operator/admission-webhook@v0.85.0", + "pkg:oci/prometheus-operator/prometheus-config-reloader@v0.85.0?repository_url=quay.io", + "pkg:oci/prometheus-operator/prometheus-operator@v0.85.0?repository_url=quay.io", + "pkg:oci/prometheus/alertmanager@v0.28.1?repository_url=quay.io", + "pkg:oci/prometheus/node-exporter@v0.85.0", + "pkg:oci/prometheus/prometheus@v3.6.0?repository_url=quay.io", + "pkg:oci/thanos/thanos@v0.39.2" + ] + }, + { + "ref": "pkg:helm/kube-state-metrics-extra-resource-metrics@0.1.0", + "dependsOn": [ + "pkg:oci/kube-state-metrics/kube-state-metrics@v2.17.0?repository_url=registry.k8s.io" + ] + }, + { + "ref": "pkg:helm/kube-state-metrics@6.3.0", + "dependsOn": [ + "pkg:oci/brancz/kube-rbac-proxy@v0.19.1", + "pkg:oci/kube-state-metrics/kube-state-metrics@v2.17.0?repository_url=registry.k8s.io", + "pkg:oci/prometheus/prometheus@v3.6.0?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/kubeapi-metrics@0.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:helm/kured-secret@0.1.0", + "dependsOn": [ + "pkg:oci/kubereboot/kured@1.20.0?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/kured@5.10.0", + "dependsOn": [ + "pkg:oci/kubereboot/kured@1.20.0?repository_url=ghcr.io", + "pkg:oci/weaveworks/kured@latest" + ] + }, + { + "ref": "pkg:helm/kyverno-policies@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "pkg:oci/kyverno/kyverno-cli@v1.13.4?repository_url=ghcr.io", + "pkg:oci/kyverno/kyverno@v1.13.4?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/kyverno@3.3.6", + "dependsOn": [ + "pkg:helm/crds@3.3.6", + "pkg:helm/grafana@3.3.6", + "pkg:oci/bitnami/kubectl@1.30.2", + "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "pkg:oci/kyverno/background-controller@v1.13.4", + "pkg:oci/kyverno/cleanup-controller@v1.13.4", + "pkg:oci/kyverno/kyverno-cli@v1.13.4?repository_url=ghcr.io", + "pkg:oci/kyverno/kyverno@v1.13.4?repository_url=ghcr.io", + "pkg:oci/kyverno/kyvernopre@v1.13.4", + "pkg:oci/kyverno/reports-controller@v1.13.4" + ] + }, + { + "ref": "pkg:helm/letsencrypt@0.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:helm/log-manager@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/compliantkubernetes-apps-log-manager@0.3.2?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/metrics-server@3.13.0", + "dependsOn": [ + "pkg:oci/autoscaling/addon-resizer@1.8.23?repository_url=registry.k8s.io", + "pkg:oci/crossplane-contrib/provider-kubernetes@v1.0.0?repository_url=xpkg.crossplane.io", + "pkg:oci/metrics-server/metrics-server@v0.8.0?repository_url=registry.k8s.io" + ] + }, + { + "ref": "pkg:helm/minio@15.0.5", + "dependsOn": [ + "pkg:helm/common@2.30.0", + "pkg:oci/bitnami/minio-client@2025.2.21-debian-12-r0", + "pkg:oci/bitnami/minio@2025.2.28-debian-12-r0", + "pkg:oci/bitnami/os-shell@12-debian-12-r39", + "pkg:oci/elastisys/bitnami/thanos@0.37.2-debian-12-r8?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/minio@5.0.14", + "dependsOn": [ + "pkg:oci/minio/mc@RELEASE.2023-09-29T16-41-22Z?repository_url=quay.io", + "pkg:oci/minio/minio@RELEASE.2023-09-30T07-02-29Z?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/namespaces@0.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:helm/networkpolicy-generator@0.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:helm/networkpolicy-service@0.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:helm/networkpolicy-workload@0.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:helm/node-feature-discovery@0.16.6", + "dependsOn": [ + "pkg:oci/nfd/node-feature-discovery@v0.16.6?repository_url=registry.k8s.io", + "pkg:oci/nvidia/gpu-operator@v24.9.2?repository_url=nvcr.io" + ] + }, + { + "ref": "pkg:helm/node-local-dns@0.1.1", + "dependsOn": [ + "pkg:oci/dns/k8s-dns-node-cache@1.25.0?repository_url=registry.k8s.io" + ] + }, + { + "ref": "pkg:helm/opensearch-configurer@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/elasticsearch-curator@5.8.4-debian-10-r235?repository_url=ghcr.io", + "pkg:oci/elastisys/curl-jq@1.0.0?repository_url=ghcr.io", + "pkg:oci/opensearchproject/opensearch@2.19.3?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/opensearch-curator@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/elasticsearch-curator@5.8.4-debian-10-r235?repository_url=ghcr.io", + "pkg:oci/elastisys/curl-jq@1.0.0?repository_url=ghcr.io", + "pkg:oci/opensearchproject/opensearch@2.19.3?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/opensearch-dashboards@2.31.0", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/elasticsearch-curator@5.8.4-debian-10-r235?repository_url=ghcr.io", + "pkg:oci/elastisys/curl-jq@1.0.0?repository_url=ghcr.io", + "pkg:oci/opensearchproject/opensearch-dashboards@2.19.3?repository_url=docker.io", + "pkg:oci/opensearchproject/opensearch@2.19.3?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/opensearch-secrets@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/elasticsearch-curator@5.8.4-debian-10-r235?repository_url=ghcr.io", + "pkg:oci/elastisys/curl-jq@1.0.0?repository_url=ghcr.io", + "pkg:oci/opensearchproject/opensearch@2.19.3?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/opensearch-securityadmin@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/elasticsearch-curator@5.8.4-debian-10-r235?repository_url=ghcr.io", + "pkg:oci/elastisys/curl-jq@1.0.0?repository_url=ghcr.io", + "pkg:oci/opensearchproject/opensearch@2.18.0", + "pkg:oci/opensearchproject/opensearch@2.19.3?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/opensearch@2.35.0", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/elasticsearch-curator@5.8.4-debian-10-r235?repository_url=ghcr.io", + "pkg:oci/elastisys/curl-jq@1.0.0?repository_url=ghcr.io", + "pkg:oci/opensearchproject/opensearch@2.19.3?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/openstack-monitoring@0.1.0", + "dependsOn": [ + "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.5.2?repository_url=registry.k8s.io", + "pkg:oci/kiwigrid/k8s-sidecar@1.30.3?repository_url=quay.io", + "pkg:oci/prometheus-operator/prometheus-config-reloader@v0.85.0?repository_url=quay.io", + "pkg:oci/prometheus-operator/prometheus-operator@v0.85.0?repository_url=quay.io", + "pkg:oci/prometheus/alertmanager@v0.28.1?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/podsecuritypolicies@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "pkg:oci/openpolicyagent/gatekeeper-crds@v3.20.1?repository_url=docker.io", + "pkg:oci/openpolicyagent/gatekeeper@v3.20.1?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/prometheus-alerts@0.1.1", + "dependsOn": [ + "pkg:oci/prometheus/prometheus@v3.6.0?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/prometheus-blackbox-exporter@11.3.1", + "dependsOn": [ + "pkg:oci/goharbor/harbor-exporter@v2.13.1?repository_url=docker.io", + "pkg:oci/prometheus-operator/prometheus-config-reloader@v0.85.0?repository_url=quay.io", + "pkg:oci/prometheus/blackbox-exporter@v0.27.0?repository_url=quay.io", + "pkg:oci/prometheus/prometheus@v3.6.0?repository_url=quay.io", + "pkg:oci/prometheuscommunity/elasticsearch-exporter@v1.7.0?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/prometheus-elasticsearch-exporter@6.1.0", + "dependsOn": [ + "pkg:oci/goharbor/harbor-exporter@v2.13.1?repository_url=docker.io", + "pkg:oci/prometheus/prometheus@v3.6.0?repository_url=quay.io", + "pkg:oci/prometheuscommunity/elasticsearch-exporter@v1.7.0?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/prometheus-node-exporter@4.48.0", + "dependsOn": [ + "pkg:oci/brancz/kube-rbac-proxy@v0.20.0", + "pkg:oci/goharbor/harbor-exporter@v2.13.1?repository_url=docker.io", + "pkg:oci/prometheus/node-exporter@v1.9.1?repository_url=quay.io", + "pkg:oci/prometheus/prometheus@v3.6.0?repository_url=quay.io", + "pkg:oci/prometheuscommunity/elasticsearch-exporter@v1.7.0?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/prometheus-servicemonitor@0.1.1", + "dependsOn": [ + "pkg:oci/prometheus/prometheus@v3.6.0?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/prometheus-windows-exporter@0.12.2", + "dependsOn": [ + "pkg:oci/goharbor/harbor-exporter@v2.13.1?repository_url=docker.io", + "pkg:oci/prometheus-community/windows-exporter@0.31.3", + "pkg:oci/prometheus/prometheus@v3.6.0?repository_url=quay.io", + "pkg:oci/prometheuscommunity/elasticsearch-exporter@v1.7.0?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/rclone@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/rclone-sync@1.63.0?repository_url=ghcr.io", + "pkg:oci/elastisys/rclone-sync@1.72.0?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/s3-exporter@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/s3-exporter@0.5.0?repository_url=ghcr.io", + "pkg:oci/goharbor/harbor-exporter@v2.13.1?repository_url=docker.io", + "pkg:oci/prometheuscommunity/elasticsearch-exporter@v1.7.0?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/tekton-monitoring@0.1.0", + "dependsOn": [ + "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.5.2?repository_url=registry.k8s.io", + "pkg:oci/kiwigrid/k8s-sidecar@1.30.3?repository_url=quay.io", + "pkg:oci/prometheus-operator/prometheus-config-reloader@v0.85.0?repository_url=quay.io", + "pkg:oci/prometheus-operator/prometheus-operator@v0.85.0?repository_url=quay.io", + "pkg:oci/prometheus/alertmanager@v0.28.1?repository_url=quay.io" + ] + }, + { + "ref": "pkg:helm/tekton-pipeline@1.1.0", + "dependsOn": [ + "pkg:oci/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36@v1.1.0?repository_url=ghcr.io\u0026digest=sha256:72ba947187317aee83b8b6ba510b17375bede4ce062e366cd0162515e0f7d5f2" + ] + }, + { + "ref": "pkg:helm/thanos-ingress-secret@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/thanos@0.37.2-debian-12-r8?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/thanos-ruler@0.1.0", + "dependsOn": [ + "pkg:oci/elastisys/bitnami/thanos@0.37.2-debian-12-r8?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/thanos@15.13.1", + "dependsOn": [ + "pkg:helm/common@2.30.0", + "pkg:helm/minio@15.0.5", + "pkg:oci/bitnami/minio-client@2025.2.21-debian-12-r0", + "pkg:oci/bitnami/minio@2025.2.28-debian-12-r0", + "pkg:oci/bitnami/os-shell@12-debian-12-r39", + "pkg:oci/bitnami/thanos@0.37.2-debian-12-r8", + "pkg:oci/elastisys/bitnami/thanos@0.37.2-debian-12-r8?repository_url=ghcr.io" + ] + }, + { + "ref": "pkg:helm/tigera-operator@v3.26.4", + "dependsOn": [ + "pkg:oci/calico/ctl@v3.26.4?repository_url=docker.io" + ] + }, + { + "ref": "pkg:helm/trivy-operator@0.31.0", + "dependsOn": [ + "pkg:oci/aquasec/trivy-checks@1", + "pkg:oci/aquasec/trivy-operator@0.29.0?repository_url=mirror.gcr.io", + "pkg:oci/aquasec/trivy@0.66.0", + "pkg:oci/aquasecurity/node-collector@0.3.1" + ] + }, + { + "ref": "pkg:helm/user-crds@0.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:helm/user-rbac@0.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:helm/velero@10.0.11", + "dependsOn": [ + "pkg:oci/bitnami/kubectl@1.16.1?repository_url=docker.io", + "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "pkg:oci/velero/velero-plugin-for-aws@v1.9.0?repository_url=docker.io", + "pkg:oci/velero/velero-plugin-for-gcp@v1.9.1?repository_url=docker.io", + "pkg:oci/velero/velero-plugin-for-microsoft-azure@v1.9.2?repository_url=docker.io", + "pkg:oci/velero/velero@v1.16.1?repository_url=docker.io" + ] + }, + { + "ref": "pkg:oci/aquasec/trivy-checks@1", + "dependsOn": [] + }, + { + "ref": "pkg:oci/aquasec/trivy-operator@0.29.0?repository_url=mirror.gcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/aquasec/trivy@0.66.0", + "dependsOn": [] + }, + { + "ref": "pkg:oci/aquasecurity/node-collector@0.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:oci/autoscaling/addon-resizer@1.8.23?repository_url=registry.k8s.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/bats/bats@v1.4.1", + "dependsOn": [] + }, + { + "ref": "pkg:oci/bitnami/fluentd@1.18.0-debian-12-r1", + "dependsOn": [] + }, + { + "ref": "pkg:oci/bitnami/kubectl@1.16.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/bitnami/kubectl@1.25?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/bitnami/kubectl@1.30.2", + "dependsOn": [] + }, + { + "ref": "pkg:oci/bitnami/minio-client@2025.2.21-debian-12-r0", + "dependsOn": [] + }, + { + "ref": "pkg:oci/bitnami/minio@2025.2.28-debian-12-r0", + "dependsOn": [] + }, + { + "ref": "pkg:oci/bitnami/os-shell@12-debian-12-r39", + "dependsOn": [] + }, + { + "ref": "pkg:oci/bitnami/thanos@0.37.2-debian-12-r8", + "dependsOn": [] + }, + { + "ref": "pkg:oci/brancz/kube-rbac-proxy@v0.19.1", + "dependsOn": [] + }, + { + "ref": "pkg:oci/brancz/kube-rbac-proxy@v0.20.0", + "dependsOn": [] + }, + { + "ref": "pkg:oci/calico/ctl@v3.26.4?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/crossplane-contrib/function-auto-ready@v0.5.0?repository_url=xpkg.crossplane.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/crossplane-contrib/function-go-templating@v0.11.0?repository_url=xpkg.crossplane.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/crossplane-contrib/function-patch-and-transform@v0.9.0?repository_url=xpkg.crossplane.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/crossplane-contrib/provider-helm@v1.0.0?repository_url=xpkg.crossplane.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/crossplane-contrib/provider-kubernetes@v1.0.0?repository_url=xpkg.crossplane.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/crossplane/crossplane@v2.0.2?repository_url=xpkg.crossplane.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/curlimages/curl@8.12.0", + "dependsOn": [] + }, + { + "ref": "pkg:oci/curlimages/curl@8.9.1", + "dependsOn": [] + }, + { + "ref": "pkg:oci/defaultbackend-amd64@1.5?repository_url=registry.k8s.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/dexidp/dex@v2.40.0?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/dns/k8s-dns-node-cache@1.25.0?repository_url=registry.k8s.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/backup-postgres@1.5.0?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/bitnami/elasticsearch-curator@5.8.4-debian-10-r235?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/bitnami/kubectl@1.32.4?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/bitnami/thanos@0.37.2-debian-12-r8?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/calico-accountant@0.1.6-ck8s3?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/compliantkubernetes-apps-log-manager@0.3.2?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/curl-jq@1.0.0?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/fluentd-aggregator@v7.1.1-ck8s2?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/fluentd-forwarder@v4.7.5-ck8s1?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/function-capability@v0.4.0?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/hnc-manager@v1.1.0?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/python-boto3@0.1.1?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/rclone-sync@1.63.0?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/rclone-sync@1.72.0?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/elastisys/s3-exporter@0.5.0?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/external-dns/external-dns@0.14.1?repository_url=registry.k8s.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/external-dns/external-dns@v0.14.2?repository_url=registry.k8s.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/falcosecurity/falco-driver-loader@0.41.3?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/falcosecurity/falco-talon@0.3.0", + "dependsOn": [] + }, + { + "ref": "pkg:oci/falcosecurity/falco-talon@0.41.3", + "dependsOn": [] + }, + { + "ref": "pkg:oci/falcosecurity/falco@0.41.3", + "dependsOn": [] + }, + { + "ref": "pkg:oci/falcosecurity/falco@0.41.3-debian?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/falcosecurity/falcoctl@0.11.2?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/falcosecurity/falcosidekick-ui@2.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:oci/falcosecurity/falcosidekick@2.31.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/falcosecurity/k8s-metacollector@0.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:oci/falcosecurity/k8s-metacollector@0.41.3", + "dependsOn": [] + }, + { + "ref": "pkg:oci/falcosecurity/plugins/plugin/container@0.3.1?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/falcosecurity/plugins/plugin/k8smeta@0.3.0?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/fluentd_elasticsearch/fluentd@v4.7.5?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/goharbor/harbor-core@v2.13.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/goharbor/harbor-db@v2.13.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/goharbor/harbor-exporter@v2.13.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/goharbor/harbor-jobservice@v2.13.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/goharbor/harbor-portal@v2.13.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/goharbor/harbor-registryctl@v2.13.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/goharbor/nginx-photon@v2.13.1", + "dependsOn": [] + }, + { + "ref": "pkg:oci/goharbor/redis-photon@v2.13.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/goharbor/registry-photon@v2.13.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/goharbor/trivy-adapter-photon@v2.13.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/grafana/grafana-image-renderer@latest", + "dependsOn": [] + }, + { + "ref": "pkg:oci/grafana/grafana@12.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:oci/grafana/grafana@12.0.3?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/grafana/grafana@12.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:oci/grafana/grafana@v0.85.0", + "dependsOn": [] + }, + { + "ref": "pkg:oci/ingress-controller/controller@1.0.0-dev", + "dependsOn": [] + }, + { + "ref": "pkg:oci/ingress-nginx/controller-chroot@v1.13.3?repository_url=registry.k8s.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/ingress-nginx/controller@v1.13.3?repository_url=registry.k8s.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.5.2?repository_url=registry.k8s.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.6.2", + "dependsOn": [] + }, + { + "ref": "pkg:oci/ingress-nginx/kube-webhook-certgen@v1.6.3?repository_url=registry.k8s.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/jetstack/cert-manager-acmesolver@v1.18.3?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/jetstack/cert-manager-cainjector@v1.18.3?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/jetstack/cert-manager-controller@v1.18.3?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/jetstack/cert-manager-startupapicheck@v1.18.3?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/jetstack/cert-manager-webhook@v1.18.3?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/k8saudit-rules@0.11", + "dependsOn": [] + }, + { + "ref": "pkg:oci/k8saudit@0.11", + "dependsOn": [] + }, + { + "ref": "pkg:oci/kiwigrid/k8s-sidecar@1.30.10", + "dependsOn": [] + }, + { + "ref": "pkg:oci/kiwigrid/k8s-sidecar@1.30.3?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/kube-state-metrics/kube-state-metrics@v0.85.0", + "dependsOn": [] + }, + { + "ref": "pkg:oci/kube-state-metrics/kube-state-metrics@v2.17.0?repository_url=registry.k8s.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/kubereboot/kured@1.20.0?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/kyverno/background-controller@v1.13.4", + "dependsOn": [] + }, + { + "ref": "pkg:oci/kyverno/cleanup-controller@v1.13.4", + "dependsOn": [] + }, + { + "ref": "pkg:oci/kyverno/kyverno-cli@v1.13.4?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/kyverno/kyverno@v1.13.4?repository_url=ghcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/kyverno/kyvernopre@v1.13.4", + "dependsOn": [] + }, + { + "ref": "pkg:oci/kyverno/reports-controller@v1.13.4", + "dependsOn": [] + }, + { + "ref": "pkg:oci/library/busybox@1.31.1", + "dependsOn": [] + }, + { + "ref": "pkg:oci/library/busybox@1.36?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/metrics-server/metrics-server@v0.8.0?repository_url=registry.k8s.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/minio/mc@RELEASE.2023-09-29T16-41-22Z?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/minio/minio@RELEASE.2023-09-30T07-02-29Z?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/nfd/node-feature-discovery@v0.16.6?repository_url=registry.k8s.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/nfd/node-feature-discovery@v24.9.2?repository_url=registry.k8s.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/nvidia/cloud-native/kata-gpu-artifacts@ubuntu22.04-535.54.03?repository_url=nvcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/nvidia/cloud-native/kata-gpu-artifacts@ubuntu22.04-535.86.10-snp?repository_url=nvcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/nvidia/cloud-native@v24.9.2?repository_url=nvcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/nvidia/gpu-operator@v24.9.2?repository_url=nvcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/nvidia/k8s@v24.9.2?repository_url=nvcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/nvidia@v24.9.2?repository_url=nvcr.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/openpolicyagent/gatekeeper-crds@v3.20.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/openpolicyagent/gatekeeper@v3.20.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/opensearchproject/opensearch-dashboards@2.19.3?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/opensearchproject/opensearch@2.18.0", + "dependsOn": [] + }, + { + "ref": "pkg:oci/opensearchproject/opensearch@2.19.3?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/prometheus-community/windows-exporter@0.31.3", + "dependsOn": [] + }, + { + "ref": "pkg:oci/prometheus-community/windows-exporter@v0.85.0", + "dependsOn": [] + }, + { + "ref": "pkg:oci/prometheus-operator/admission-webhook@v0.85.0", + "dependsOn": [] + }, + { + "ref": "pkg:oci/prometheus-operator/prometheus-config-reloader@v0.85.0?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/prometheus-operator/prometheus-operator@v0.85.0?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/prometheus/alertmanager@v0.28.1?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/prometheus/blackbox-exporter@v0.27.0?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/prometheus/node-exporter@v0.85.0", + "dependsOn": [] + }, + { + "ref": "pkg:oci/prometheus/node-exporter@v1.9.1?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/prometheus/prometheus@v3.6.0?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/prometheuscommunity/elasticsearch-exporter@v1.7.0?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/prometheuscommunity/prom-label-proxy@v0.11.0?repository_url=quay.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/redis/redis-stack@7.2.0-v11", + "dependsOn": [] + }, + { + "ref": "pkg:oci/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36@v1.1.0?repository_url=ghcr.io\u0026digest=sha256:72ba947187317aee83b8b6ba510b17375bede4ce062e366cd0162515e0f7d5f2", + "dependsOn": [] + }, + { + "ref": "pkg:oci/thanos/thanos@v0.39.2", + "dependsOn": [] + }, + { + "ref": "pkg:oci/velero/velero-plugin-for-aws@v1.9.0?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/velero/velero-plugin-for-gcp@v1.9.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/velero/velero-plugin-for-microsoft-azure@v1.9.2?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/velero/velero@v1.16.1?repository_url=docker.io", + "dependsOn": [] + }, + { + "ref": "pkg:oci/weaveworks/kured@latest", + "dependsOn": [] + } + ] +} From d41ffa5ffd11ca19f7aa142e111eee8e29ced49b Mon Sep 17 00:00:00 2001 From: Viktor Forsberg Date: Fri, 5 Dec 2025 10:48:51 +0100 Subject: [PATCH 03/10] apps: remove denial logging from node-local-dns, due to spamming --- helmfile.d/charts/node-local-dns/templates/node-local-dns.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helmfile.d/charts/node-local-dns/templates/node-local-dns.yaml b/helmfile.d/charts/node-local-dns/templates/node-local-dns.yaml index 11a203f45a..3214caf64c 100644 --- a/helmfile.d/charts/node-local-dns/templates/node-local-dns.yaml +++ b/helmfile.d/charts/node-local-dns/templates/node-local-dns.yaml @@ -108,7 +108,7 @@ data: {{- . | nindent 6 }} {{- end }} log . {combined} { - class denial error + class error } cache 30 reload From 1193ed6871ec3608e48e07037007c5089bcc5bab Mon Sep 17 00:00:00 2001 From: Simon Lundkvist Date: Mon, 8 Dec 2025 17:00:34 +0100 Subject: [PATCH 04/10] apps sc: add exception for top_queries index in critical max field limit alert --- .../charts/prometheus-alerts/templates/alerts/opensearch.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helmfile.d/charts/prometheus-alerts/templates/alerts/opensearch.yaml b/helmfile.d/charts/prometheus-alerts/templates/alerts/opensearch.yaml index 1bb91c4e1a..37ebbe22ae 100644 --- a/helmfile.d/charts/prometheus-alerts/templates/alerts/opensearch.yaml +++ b/helmfile.d/charts/prometheus-alerts/templates/alerts/opensearch.yaml @@ -66,7 +66,7 @@ spec: summary: Index {{`{{ $labels.index }}`}} is using {{`{{ $value }}`}} percent of max field limit runbook_url: {{ .Values.runbookUrls.opensearch.OpenSearchFieldLimit }} - alert: OpenSearchFieldLimit - expr: (sum(max_over_time(elasticsearch_indices_mappings_stats_fields{namespace="opensearch-system"}[5m])) by (index) / sum(max_over_time(elasticsearch_indices_settings_total_fields{namespace="opensearch-system"}[5m])) by (index)) * 100 > 95 + expr: (sum(max_over_time(elasticsearch_indices_mappings_stats_fields{namespace="opensearch-system",index!~"top_queries.*"}[5m])) by (index) / sum(max_over_time(elasticsearch_indices_settings_total_fields{namespace="opensearch-system",index!~"top_queries.*}[5m])) by (index)) * 100 > 95 for: 15m labels: severity: critical From d82a9033fc96210d32038160b81217bea4458a19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rare=C8=99=20Cosma?= Date: Thu, 11 Dec 2025 16:11:11 +0200 Subject: [PATCH 05/10] fixes for upcoming patch release (#2895) --- .../templates/alerts/opensearch.yaml | 2 +- tests/Dockerfile | 5 ++ .../velero/resources/backup-spec-sc.yaml | 1 + .../velero/resources/backup-spec-wc.yaml | 1 + .../velero/resources/test-application.yaml | 1 + tests/unit/general/alerting-rules.bats | 50 +++++++++++++++++++ 6 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 tests/unit/general/alerting-rules.bats diff --git a/helmfile.d/charts/prometheus-alerts/templates/alerts/opensearch.yaml b/helmfile.d/charts/prometheus-alerts/templates/alerts/opensearch.yaml index 37ebbe22ae..e691293113 100644 --- a/helmfile.d/charts/prometheus-alerts/templates/alerts/opensearch.yaml +++ b/helmfile.d/charts/prometheus-alerts/templates/alerts/opensearch.yaml @@ -66,7 +66,7 @@ spec: summary: Index {{`{{ $labels.index }}`}} is using {{`{{ $value }}`}} percent of max field limit runbook_url: {{ .Values.runbookUrls.opensearch.OpenSearchFieldLimit }} - alert: OpenSearchFieldLimit - expr: (sum(max_over_time(elasticsearch_indices_mappings_stats_fields{namespace="opensearch-system",index!~"top_queries.*"}[5m])) by (index) / sum(max_over_time(elasticsearch_indices_settings_total_fields{namespace="opensearch-system",index!~"top_queries.*}[5m])) by (index)) * 100 > 95 + expr: (sum(max_over_time(elasticsearch_indices_mappings_stats_fields{namespace="opensearch-system",index!~"top_queries.*"}[5m])) by (index) / sum(max_over_time(elasticsearch_indices_settings_total_fields{namespace="opensearch-system",index!~"top_queries.*"}[5m])) by (index)) * 100 > 95 for: 15m labels: severity: critical diff --git a/tests/Dockerfile b/tests/Dockerfile index c05fc349e4..c9d7531e2e 100644 --- a/tests/Dockerfile +++ b/tests/Dockerfile @@ -71,6 +71,11 @@ RUN curl -LOs "https://github.com/open-policy-agent/opa/releases/download/v${OPA install -Tm 755 opa_linux_amd64 /usr/local/bin/opa && \ rm opa_linux_amd64 +ARG PROMETHEUS_VERSION="3.6.0" +RUN curl -fsSL "https://github.com/prometheus/prometheus/releases/download/v${PROMETHEUS_VERSION}/prometheus-${PROMETHEUS_VERSION}.linux-amd64.tar.gz" | \ + tar -zxvf - "prometheus-${PROMETHEUS_VERSION}.linux-amd64/promtool" --strip-components=1 && \ + mv promtool /usr/local/bin/ + ARG SOPS_VERSION="3.10.1" RUN curl -LOs "https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux.amd64" && \ install -Tm 755 "sops-v${SOPS_VERSION}.linux.amd64" /usr/local/bin/sops && \ diff --git a/tests/end-to-end/velero/resources/backup-spec-sc.yaml b/tests/end-to-end/velero/resources/backup-spec-sc.yaml index 3abe2a4c9f..5762078d99 100644 --- a/tests/end-to-end/velero/resources/backup-spec-sc.yaml +++ b/tests/end-to-end/velero/resources/backup-spec-sc.yaml @@ -20,5 +20,6 @@ labelSelector: velero: backup metadata: {} snapshotMoveData: true +snapshotVolumes: true storageLocation: default ttl: 720h0m0s diff --git a/tests/end-to-end/velero/resources/backup-spec-wc.yaml b/tests/end-to-end/velero/resources/backup-spec-wc.yaml index baccd98cc1..bf5f4464af 100644 --- a/tests/end-to-end/velero/resources/backup-spec-wc.yaml +++ b/tests/end-to-end/velero/resources/backup-spec-wc.yaml @@ -39,5 +39,6 @@ labelSelector: operator: DoesNotExist metadata: {} snapshotMoveData: true +snapshotVolumes: true storageLocation: default ttl: 720h0m0s diff --git a/tests/end-to-end/velero/resources/test-application.yaml b/tests/end-to-end/velero/resources/test-application.yaml index 68787c384e..13b9f6194c 100644 --- a/tests/end-to-end/velero/resources/test-application.yaml +++ b/tests/end-to-end/velero/resources/test-application.yaml @@ -15,6 +15,7 @@ metadata: name: velero-test namespace: velero-test spec: + terminationGracePeriodSeconds: 1 containers: - image: ${image} args: diff --git a/tests/unit/general/alerting-rules.bats b/tests/unit/general/alerting-rules.bats new file mode 100644 index 0000000000..8cf57a4a39 --- /dev/null +++ b/tests/unit/general/alerting-rules.bats @@ -0,0 +1,50 @@ +#!/usr/bin/env bats + +# bats file_tags=releases,general,prometheus + +setup_file() { + # for dynamically registering tests using `bats_test_function` + bats_require_minimum_version 1.11.1 + + load "../../bats.lib.bash" + load_common "env.bash" + load_common "gpg.bash" + load_common "yq.bash" + + gpg.setup + env.setup + + env.init openstack capi dev +} + +setup() { + load "../../bats.lib.bash" + load_assert + load_common "yq.bash" + load_common "env.bash" + env.private +} + +teardown_file() { + env.teardown + gpg.teardown +} + +declare -a clusters=("service" "workload") + +for cluster in "${clusters[@]}"; do + bats_test_function \ + --description "check ${cluster} cluster alerting rules" \ + -- check_alerting_rules "${cluster}" +done + +check_alerting_rules() { + local -r cluster="${1}_cluster" + + run --separate-stderr bats_pipe \ + helmfile -f "${ROOT}/helmfile.d" -e "${cluster}" -l app=prometheus -l chart=charts/prometheus-alerts template --log-level error \ + \| yq eval-all '[select(.kind == "PrometheusRule") | .spec.groups[]] | {"groups": .}' \ + \| promtool check rules --no-lint-fatal /dev/stdin + + assert_success +} From 83dee3401ab72c1ca1868cb471372c38080f307f Mon Sep 17 00:00:00 2001 From: AlbinB97 Date: Wed, 17 Dec 2025 13:41:56 +0100 Subject: [PATCH 06/10] Add changelog for release v0.49.2 --- changelog/0.49.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/changelog/0.49.md b/changelog/0.49.md index 334a581956..3823fdec93 100644 --- a/changelog/0.49.md +++ b/changelog/0.49.md @@ -111,3 +111,20 @@ Released 2025-11-20 ### Other(s) - [#2858](https://github.com/elastisys/compliantkubernetes-apps/pull/2858) - bug: apps wc: move user alertmanager secret to created with install hook [@viktor-f](https://github.com/viktor-f) + +## v0.49.2 + +Released 2025-12-17 + +## Changes by kind + +### Improvement(s) + +- [#2885](https://github.com/elastisys/compliantkubernetes-apps/pull/2885) - chore: bump rclone to v1.72.0 [@rarescosma](https://github.com/rarescosma) +- [#2888](https://github.com/elastisys/compliantkubernetes-apps/pull/2888) - apps: remove denial logging from node-local-dns, due to spamming [@viktor-f](https://github.com/viktor-f) +- [#2892](https://github.com/elastisys/compliantkubernetes-apps/pull/2892) - OpenSearch top_queries index improvements [@lunkan93](https://github.com/lunkan93) + +### Other(s) + +- [#2884](https://github.com/elastisys/compliantkubernetes-apps/pull/2884) - bug: apps: fix velero snapshots [@Eliastisys](https://github.com/Eliastisys) +- [#2895](https://github.com/elastisys/compliantkubernetes-apps/pull/2895) - bug: fixes for upcoming patch release [@rarescosma](https://github.com/rarescosma) From edb4f677e036b8eadeb0f2ef654c58bea50c49a2 Mon Sep 17 00:00:00 2001 From: AlbinB97 Date: Wed, 17 Dec 2025 18:59:35 +0100 Subject: [PATCH 07/10] scripts: fix update-ips script to allow subnet for elastx + capi --- bin/update-ips.bash | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/update-ips.bash b/bin/update-ips.bash index 4c7eb5c891..0da80d36ba 100755 --- a/bin/update-ips.bash +++ b/bin/update-ips.bash @@ -501,7 +501,9 @@ allow_subnet() { # Allowing the subnet is currently only supported for clusters setup with # CAPI on OpenStack. Fallback on allowing individual nodes otherwise. - if [ "$(yq_read "${cluster}" '.global.ck8sK8sInstaller' "")" != "capi" ] || [ "$(yq_read "${cluster}" '.global.ck8sCloudProvider' "")" != "openstack" ]; then + if [ "$(yq_read "${cluster}" '.global.ck8sK8sInstaller' "")" != "capi" ] || + { [ "$(yq_read "${cluster}" '.global.ck8sCloudProvider' "")" != "openstack" ] && + [ "$(yq_read "${cluster}" '.global.ck8sCloudProvider' "")" != "elastx" ]; }; then allow_nodes "${cluster}" "${config_option}" "${label}" return fi From c3ed35fda5049162d440612b0f825a7b488653e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rare=C8=99=20Cosma?= Date: Mon, 22 Sep 2025 11:38:39 +0300 Subject: [PATCH 08/10] Falco: switch over to the 'modern_ebpf' driver by default (#2721) --- config/common-config.yaml | 2 +- config/schemas/config.yaml | 6 ++--- .../values/falco/falco-common.yaml.gotmpl | 4 +-- .../v0.49/prepare/10-update-falco-driver.sh | 26 +++++++++++++++++++ tests/unit/general/images.bats | 2 ++ 5 files changed, 34 insertions(+), 6 deletions(-) create mode 100755 migration/v0.49/prepare/10-update-falco-driver.sh diff --git a/config/common-config.yaml b/config/common-config.yaml index 6e4714970c..daff583f68 100644 --- a/config/common-config.yaml +++ b/config/common-config.yaml @@ -182,7 +182,7 @@ falco: ## configure syscall source ## ref: https://falco.org/docs/concepts/event-sources/kernel/ driver: - kind: kmod + kind: modern_ebpf ebpf: # -- Path where the eBPF probe is located. It comes handy when the probe have been installed in the nodes using tools other than the init diff --git a/config/schemas/config.yaml b/config/schemas/config.yaml index 2321c3a1a2..8addf53409 100644 --- a/config/schemas/config.yaml +++ b/config/schemas/config.yaml @@ -3221,11 +3221,11 @@ properties: default: kmod enum: - kmod - - modern-bpf + - modern_ebpf - ebpf meta:enum: kmod: Kernel module (default) - modern-bpf: Modern eBPF probe + modern_ebpf: Modern eBPF probe ebpf: Legacy eBPF probe if: properties: @@ -3251,7 +3251,7 @@ properties: kind: type: string enum: - - modern-bpf + - modern_ebpf - ebpf ebpf: additionalProperties: false diff --git a/helmfile.d/values/falco/falco-common.yaml.gotmpl b/helmfile.d/values/falco/falco-common.yaml.gotmpl index 4a7ff82e07..549ff670cb 100644 --- a/helmfile.d/values/falco/falco-common.yaml.gotmpl +++ b/helmfile.d/values/falco/falco-common.yaml.gotmpl @@ -75,8 +75,8 @@ driver: {{- end }} hostNetwork: {{ .Values.falco.driver.ebpf.hostNetwork }} leastPrivileged: true - {{- else if eq .Values.falco.driver.kind "modern-bpf" }} - modern_bpf: + {{- else if eq .Values.falco.driver.kind "modern_ebpf" }} + modernEbpf: leastPrivileged: true {{- end }} loader: diff --git a/migration/v0.49/prepare/10-update-falco-driver.sh b/migration/v0.49/prepare/10-update-falco-driver.sh new file mode 100755 index 0000000000..de81537cc3 --- /dev/null +++ b/migration/v0.49/prepare/10-update-falco-driver.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +HERE="$(dirname "$(readlink -f "${0}")")" +ROOT="$(readlink -f "${HERE}/../../../")" + +# shellcheck source=scripts/migration/lib.sh +source "${ROOT}/scripts/migration/lib.sh" + +update_falco_driver() { + local -r cluster="${1}" + local current_driver + current_driver="$(yq_dig "${cluster}" '.falco.driver.kind')" + + if [[ "${current_driver}" == "modern-bpf" ]] || [[ "${current_driver}" == "kmod" ]]; then + log_info "Updating falco driver from ${current_driver} to modern_ebpf in ${cluster}-config..." + yq_add "${cluster}" '.falco.driver.kind' '"modern_ebpf"' + fi +} + +if [[ "${CK8S_CLUSTER}" =~ ^(sc|both)$ ]]; then + update_falco_driver sc +fi +if [[ "${CK8S_CLUSTER}" =~ ^(wc|both)$ ]]; then + update_falco_driver wc +fi +update_falco_driver common diff --git a/tests/unit/general/images.bats b/tests/unit/general/images.bats index be4cfdc200..3fe0390d84 100644 --- a/tests/unit/general/images.bats +++ b/tests/unit/general/images.bats @@ -17,6 +17,7 @@ setup_file() { env.init openstack capi dev yq.set sc .externalDns.enabled 'true' + yq.set sc .falco.driver.kind '"kmod"' yq.set sc .fluentd.enabled 'true' yq.set sc .gpu.enabled 'true' yq.set sc .harbor.backup.enabled 'true' @@ -35,6 +36,7 @@ setup_file() { yq.set wc .hnc.enabled 'true' yq.set wc .velero.enabled 'true' + yq.set wc .falco.driver.kind '"kmod"' _setup_rclone wc sync } From edfa2fe93c012a19f504bebd70a262fcc93fb376 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rare=C8=99=20Cosma?= Date: Thu, 18 Dec 2025 21:22:38 +0200 Subject: [PATCH 09/10] Update changelog/0.49.md --- changelog/0.49.md | 1 + 1 file changed, 1 insertion(+) diff --git a/changelog/0.49.md b/changelog/0.49.md index 3823fdec93..883741f126 100644 --- a/changelog/0.49.md +++ b/changelog/0.49.md @@ -128,3 +128,4 @@ Released 2025-12-17 - [#2884](https://github.com/elastisys/compliantkubernetes-apps/pull/2884) - bug: apps: fix velero snapshots [@Eliastisys](https://github.com/Eliastisys) - [#2895](https://github.com/elastisys/compliantkubernetes-apps/pull/2895) - bug: fixes for upcoming patch release [@rarescosma](https://github.com/rarescosma) +- [#2913](https://github.com/elastisys/compliantkubernetes-apps/pull/2913) - fix: copy falco driver migration to v0.50 [@rarescosma](https://github.com/rarescosma) From 60d14d2a2e28265ebfd1f8a4cdfad5cf00a37581 Mon Sep 17 00:00:00 2001 From: Simon Lundkvist Date: Mon, 8 Dec 2025 16:59:29 +0100 Subject: [PATCH 10/10] apps sc: add default index template for top_queries --- .../files/index-templates/topqueries.template.json | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 helmfile.d/charts/opensearch/configurer/files/index-templates/topqueries.template.json diff --git a/helmfile.d/charts/opensearch/configurer/files/index-templates/topqueries.template.json b/helmfile.d/charts/opensearch/configurer/files/index-templates/topqueries.template.json new file mode 100644 index 0000000000..d8494c0a57 --- /dev/null +++ b/helmfile.d/charts/opensearch/configurer/files/index-templates/topqueries.template.json @@ -0,0 +1,11 @@ +{ + "index_patterns": [ + "top_queries-*" + ], + "template": { + "settings": { + "index.mapping.total_fields.limit": "2500" + } + }, + "priority": "1850" +}