diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-10-23 03:11:15 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-10-23 03:11:15 +0300 |
commit | d278f2084b87c78a1e0fc17f3f80c57d4224bb22 (patch) | |
tree | 103dc3c7af389ba64b8fe79bd24894bfc3e54392 /doc/user | |
parent | 6d5197794a14f87acc0be3c3b66c27b47b2ab8b8 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user')
-rw-r--r-- | doc/user/clusters/agent/vulnerabilities.md | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/doc/user/clusters/agent/vulnerabilities.md b/doc/user/clusters/agent/vulnerabilities.md index a2dc50e43d7..4c6d4a9740b 100644 --- a/doc/user/clusters/agent/vulnerabilities.md +++ b/doc/user/clusters/agent/vulnerabilities.md @@ -20,7 +20,7 @@ If both `agent config` and `scan execution policies` are configured, the configu ### Enable via agent configuration -To enable scanning of all images within your Kubernetes cluster via the agent configuration, add a `container_scanning` configuration block to your agent +To enable scanning of images within your Kubernetes cluster via the agent configuration, add a `container_scanning` configuration block to your agent configuration with a `cadence` field containing a [CRON expression](https://en.wikipedia.org/wiki/Cron) for when the scans are run. ```yaml @@ -39,9 +39,9 @@ Other elements of the [CRON syntax](https://docs.oracle.com/cd/E12058_01/doc/doc NOTE: The CRON expression is evaluated in [UTC](https://www.timeanddate.com/worldclock/timezone/utc) using the system-time of the Kubernetes-agent pod. -By default, operational container scanning attempts to scan the workloads in all -namespaces for vulnerabilities. You can set the `vulnerability_report` block with the `namespaces` -field which can be used to restrict which namespaces are scanned. For example, +By default, operational container scanning does not scan any workloads for vulnerabilities. +You can set the `vulnerability_report` block with the `namespaces` +field which can be used to select which namespaces are scanned. For example, if you would like to scan only the `default`, `kube-system` namespaces, you can use this configuration: ```yaml |