The chart can be installed as from the OCI repository using helm install secobserve --version 1.0.22 oci://ghcr.io/SecObserve/charts/secobserve.
A Helm chart to deploy SecObserve, an open-source vulnerability and license management system designed for software development teams and cloud-native environments.
SecObserve helps teams identify, manage, and remediate security vulnerabilities and license compliance issues across their software projects, enhancing visibility and improving DevSecOps workflows.
Homepage: https://github.com/SecObserve/SecObserve
| Name | Url | |
|---|---|---|
| SecObserve community |
| Repository | Name | Version |
|---|---|---|
| oci://registry-1.docker.io/bitnamicharts | postgresql | 16.x.x |
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {} |
Sets the affinity for the secobserve pod For more information on affinity, see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity |
| nodeSelector | object | {} |
Node labels to select for secobserve pod assignment |
| replicaCount | int | 1 |
number of replicas to deploy |
| tolerations | object | {} |
Toleration labels for pod assignment |
| Key | Type | Default | Description |
|---|---|---|---|
| backend.env[0] | object | {"name":"ADMIN_USER","value":"admin"} |
admin user name |
| backend.env[10] | object | {"name":"CORS_ALLOWED_ORIGINS","value":"https://secobserve.dev"} |
CORS allowed origins |
| backend.env[11] | object | {"name":"DJANGO_SECRET_KEY","valueFrom":{"secretKeyRef":{"key":"django_secret_key","name":"secobserve-secrets"}}} |
django secret key |
| backend.env[11].valueFrom.secretKeyRef | object | {"key":"django_secret_key","name":"secobserve-secrets"} |
secret name containing the django secret key |
| backend.env[12] | object | {"name":"FIELD_ENCRYPTION_KEY","valueFrom":{"secretKeyRef":{"key":"field_encryption_key","name":"secobserve-secrets"}}} |
encryption key for fields |
| backend.env[12].valueFrom.secretKeyRef | object | {"key":"field_encryption_key","name":"secobserve-secrets"} |
secret name containig the field encryption key |
| backend.env[13] | object | {"name":"OIDC_AUTHORITY","value":"https://oidc.secobserve.dev"} |
admin OIDC authority |
| backend.env[14] | object | {"name":"OIDC_CLIENT_ID","value":"secobserve"} |
OIDC client id |
| backend.env[15] | object | {"name":"OIDC_USERNAME","value":"preferred_username"} |
OIDC user name |
| backend.env[16] | object | {"name":"OIDC_FIRST_NAME","value":"given_name"} |
OIDC first name |
| backend.env[17] | object | {"name":"OIDC_LAST_NAME","value":"family_name"} |
OIDC last name |
| backend.env[18] | object | {"name":"OIDC_FULL_NAME","value":"preferred_username"} |
OIDC full name |
| backend.env[19] | object | {"name":"OIDC_EMAIL","value":"email"} |
OIDC email address |
| backend.env[1] | object | {"name":"ADMIN_PASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"secobserve-secrets"}}} |
admin password |
| backend.env[20] | object | {"name":"OIDC_GROUPS","value":"groups"} |
OIDC groups |
| backend.env[2] | object | {"name":"ADMIN_EMAIL","value":"[email protected]"} |
admin email address |
| backend.env[3] | object | {"name":"DATABASE_ENGINE","value":"django.db.backends.postgresql"} |
database engine |
| backend.env[4] | object | {"name":"DATABASE_HOST","value":"secobserve-postgresql"} |
database host/service |
| backend.env[5] | object | {"name":"DATABASE_PORT","value":"5432"} |
database port |
| backend.env[6] | object | {"name":"DATABASE_DB","value":"secobserve"} |
database name |
| backend.env[7] | object | {"name":"DATABASE_USER","value":"secobserve"} |
database user |
| backend.env[8] | object | {"name":"DATABASE_PASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"secobserve-postgresql"}}} |
database password |
| backend.env[8].valueFrom.secretKeyRef | object | {"key":"password","name":"secobserve-postgresql"} |
reference to secret containing db credentials |
| backend.env[9] | object | {"name":"ALLOWED_HOSTS","value":"secobserve.dev"} |
allowed hosts |
| backend.image | object | {"pullPolicy":"IfNotPresent","registry":"ghcr.io","repository":"secobserve/secobserve-backend","tag":null} |
image registry |
| backend.image.pullPolicy | string | "IfNotPresent" |
image pull policy |
| backend.image.repository | string | "secobserve/secobserve-backend" |
image repository |
| backend.image.tag | string | nil |
image tag (uses appVersion value of Chart.yaml if not specified) |
| backend.resources | object | {"limits":{"cpu":"1000m","memory":"1500Mi"},"requests":{"cpu":"1000m","memory":"1500Mi"}} |
resource requirements and limits |
| backend.securityContext | object | {"allowPrivilegeEscalation":false,"enabled":true,"runAsGroup":1001,"runAsNonRoot":true,"runAsUser":1001} |
security context to use for backend pod |
| backend.service.port | int | 5000 |
service port |
| Key | Type | Default | Description |
|---|---|---|---|
| dbchecker.enabled | bool | true |
enable dbchecker init container |
| dbchecker.hostname | string | "secobserve-postgresql" |
enable dbchecker init container |
| dbchecker.image.pullPolicy | string | "IfNotPresent" |
Image pull policy for the dbchecker image |
| dbchecker.image.repository | string | "busybox" |
Docker image used to check Database readiness at startup |
| dbchecker.image.tag | string | "latest" |
Image tag for the dbchecker image |
| dbchecker.port | int | 5432 |
enable dbchecker init container |
| dbchecker.resources | object | {"limits":{"cpu":"20m","memory":"32Mi"},"requests":{"cpu":"20m","memory":"32Mi"}} |
Resource requests and limits for the dbchecker container |
| dbchecker.securityContext | object | {"allowPrivilegeEscalation":false,"runAsGroup":1001,"runAsNonRoot":true,"runAsUser":1001} |
SecurityContext for the dbchecker container |
| Key | Type | Default | Description |
|---|---|---|---|
| frontend.env[0] | object | {"name":"API_BASE_URL","value":"https://secobserve.dev/api"} |
Base URL for API |
| frontend.env[1] | object | {"name":"OIDC_ENABLE","value":"false"} |
enable OIDC authentication |
| frontend.env[2] | object | {"name":"OIDC_AUTHORITY","value":"https://oidc.secobserve.dev"} |
oidc metadata endpoint |
| frontend.env[3] | object | {"name":"OIDC_CLIENT_ID","value":"secobserve"} |
OIDC client ID |
| frontend.env[4] | object | {"name":"OIDC_REDIRECT_URI","value":"https://secobserve.dev/"} |
OIDC client redirect URL |
| frontend.env[5] | object | {"name":"OIDC_POST_LOGOUT_REDIRECT_URI","value":"https://secobserve.dev/"} |
URI to redirect to after logout |
| frontend.env[6] | object | {"name":"OIDC_PROMPT","value":null} |
OIDC prompt |
| frontend.image.pullPolicy | string | "IfNotPresent" |
image pull policy |
| frontend.image.registry | string | "ghcr.io" |
image registry |
| frontend.image.repository | string | "secobserve/secobserve-frontend" |
image repository |
| frontend.image.tag | string | nil |
image tag (uses appVersion value of Chart.yaml if not specified) |
| frontend.resources | object | {"limits":{"cpu":"500m","memory":"1000Mi"},"requests":{"cpu":"500m","memory":"1000Mi"}} |
resource requirements and limits |
| frontend.securityContext | object | {"allowPrivilegeEscalation":false,"enabled":true,"runAsGroup":1001,"runAsNonRoot":true,"runAsUser":1001} |
securityContext to use for frontend container |
| frontend.service.port | int | 3000 |
service port |
| Key | Type | Default | Description |
|---|---|---|---|
| ingress.annotations | object | {"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/proxy-read-timeout":"600","nginx.ingress.kubernetes.io/proxy-send-timeout":"600","nginx.ingress.kubernetes.io/ssl-redirect":"true"} |
annotations to add to ingress |
| ingress.enabled | bool | true |
If true, a Kubernetes Ingress resource will be created to the http port of the secobserve Service |
| ingress.hostname | string | "secobserve.dev" |
hostname of ingress |
| ingress.ingressClassName | string | "nginx" |
Example configuration for using an Amazon Load Balancer controller ingressClassName: alb annotations: alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]' alb.ingress.kubernetes.io/ssl-policy: 'ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04' alb.ingress.kubernetes.io/healthcheck-path: / |
| Key | Type | Default | Description |
|---|---|---|---|
| postgresql.architecture | string | "standalone" |
PostgreSQL architecture (standalone or replication) |
| postgresql.auth | object | {"database":"secobserve","existingSecret":"","password":"","postgresPassword":"","secretKeys":{"userPasswordKey":"password"},"username":"secobserve"} |
enable postgresql subchart |
| postgresql.auth.database | string | "secobserve" |
Name for a custom database to create |
| postgresql.auth.existingSecret | string | "" |
Name of existing secret to use for PostgreSQL credentials |
| postgresql.auth.password | string | "" |
Password for the custom user to create |
| postgresql.auth.postgresPassword | string | "" |
Password for the "postgres" admin user. Ignored if auth.existingSecret with key postgres-password is provided |
| postgresql.auth.secretKeys.userPasswordKey | string | "password" |
Name of key in existing secret to use for PostgreSQL credentials. Only used when auth.existingSecret is set. |
| postgresql.auth.username | string | "secobserve" |
Name for a custom user to create |
| postgresql.enabled | bool | true |
Switch to enable or disable the PostgreSQL helm chart |
| postgresql.image | object | {"repository":"bitnamilegacy/postgresql"} |
enable postgresql subchart |
| postgresql.metrics | object | {"image":{"repository":"bitnamilegacy/postgres-exporter"}} |
enable postgresql subchart |
| postgresql.volumePermissions | object | {"image":{"repository":"bitnamilegacy/os-shell"}} |
enable postgresql subchart |
| Key | Type | Default | Description |
|---|---|---|---|
| service | object | {"type":"ClusterIP"} |
defines the secobserve http service |
| service.type | string | "ClusterIP" |
Service type of service |
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {} |
Sets the affinity for the secobserve pod For more information on affinity, see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity |
| nodeSelector | object | {} |
Node labels to select for secobserve pod assignment |
| replicaCount | int | 1 |
number of replicas to deploy |
| tolerations | object | {} |
Toleration labels for pod assignment |
| Key | Type | Default | Description |
|---|---|---|---|
| backend.env[0] | object | {
"name": "ADMIN_USER",
"value": "admin"
} |
admin user name |
| backend.env[10] | object | {
"name": "CORS_ALLOWED_ORIGINS",
"value": "https://secobserve.dev"
} |
CORS allowed origins |
| backend.env[11] | object | {
"name": "DJANGO_SECRET_KEY",
"valueFrom": {
"secretKeyRef": {
"key": "django_secret_key",
"name": "secobserve-secrets"
}
}
} |
django secret key |
| backend.env[11].valueFrom.secretKeyRef | object | {
"key": "django_secret_key",
"name": "secobserve-secrets"
} |
secret name containing the django secret key |
| backend.env[12] | object | {
"name": "FIELD_ENCRYPTION_KEY",
"valueFrom": {
"secretKeyRef": {
"key": "field_encryption_key",
"name": "secobserve-secrets"
}
}
} |
encryption key for fields |
| backend.env[12].valueFrom.secretKeyRef | object | {
"key": "field_encryption_key",
"name": "secobserve-secrets"
} |
secret name containig the field encryption key |
| backend.env[13] | object | {
"name": "OIDC_AUTHORITY",
"value": "https://oidc.secobserve.dev"
} |
admin OIDC authority |
| backend.env[14] | object | {
"name": "OIDC_CLIENT_ID",
"value": "secobserve"
} |
OIDC client id |
| backend.env[15] | object | {
"name": "OIDC_USERNAME",
"value": "preferred_username"
} |
OIDC user name |
| backend.env[16] | object | {
"name": "OIDC_FIRST_NAME",
"value": "given_name"
} |
OIDC first name |
| backend.env[17] | object | {
"name": "OIDC_LAST_NAME",
"value": "family_name"
} |
OIDC last name |
| backend.env[18] | object | {
"name": "OIDC_FULL_NAME",
"value": "preferred_username"
} |
OIDC full name |
| backend.env[19] | object | {
"name": "OIDC_EMAIL",
"value": "email"
} |
OIDC email address |
| backend.env[1] | object | {
"name": "ADMIN_PASSWORD",
"valueFrom": {
"secretKeyRef": {
"key": "password",
"name": "secobserve-secrets"
}
}
} |
admin password |
| backend.env[20] | object | {
"name": "OIDC_GROUPS",
"value": "groups"
} |
OIDC groups |
| backend.env[2] | object | {
"name": "ADMIN_EMAIL",
"value": "[email protected]"
} |
admin email address |
| backend.env[3] | object | {
"name": "DATABASE_ENGINE",
"value": "django.db.backends.postgresql"
} |
database engine |
| backend.env[4] | object | {
"name": "DATABASE_HOST",
"value": "secobserve-postgresql"
} |
database host/service |
| backend.env[5] | object | {
"name": "DATABASE_PORT",
"value": "5432"
} |
database port |
| backend.env[6] | object | {
"name": "DATABASE_DB",
"value": "secobserve"
} |
database name |
| backend.env[7] | object | {
"name": "DATABASE_USER",
"value": "secobserve"
} |
database user |
| backend.env[8] | object | {
"name": "DATABASE_PASSWORD",
"valueFrom": {
"secretKeyRef": {
"key": "password",
"name": "secobserve-postgresql"
}
}
} |
database password |
| backend.env[8].valueFrom.secretKeyRef | object | {
"key": "password",
"name": "secobserve-postgresql"
} |
reference to secret containing db credentials |
| backend.env[9] | object | {
"name": "ALLOWED_HOSTS",
"value": "secobserve.dev"
} |
allowed hosts |
| backend.image | object | {
"pullPolicy": "IfNotPresent",
"registry": "ghcr.io",
"repository": "secobserve/secobserve-backend",
"tag": null
} |
image registry |
| backend.image.pullPolicy | string | "IfNotPresent" |
image pull policy |
| backend.image.repository | string | "secobserve/secobserve-backend" |
image repository |
| backend.image.tag | string | null |
image tag (uses appVersion value of Chart.yaml if not specified) |
| backend.resources | object | {
"limits": {
"cpu": "1000m",
"memory": "1500Mi"
},
"requests": {
"cpu": "1000m",
"memory": "1500Mi"
}
} |
resource requirements and limits |
| backend.securityContext | object | {
"allowPrivilegeEscalation": false,
"enabled": true,
"runAsGroup": 1001,
"runAsNonRoot": true,
"runAsUser": 1001
} |
security context to use for backend pod |
| backend.service.port | int | 5000 |
service port |
| Key | Type | Default | Description |
|---|---|---|---|
| dbchecker.enabled | bool | true |
enable dbchecker init container |
| dbchecker.hostname | string | "secobserve-postgresql" |
enable dbchecker init container |
| dbchecker.image.pullPolicy | string | "IfNotPresent" |
Image pull policy for the dbchecker image |
| dbchecker.image.repository | string | "busybox" |
Docker image used to check Database readiness at startup |
| dbchecker.image.tag | string | "latest" |
Image tag for the dbchecker image |
| dbchecker.port | int | 5432 |
enable dbchecker init container |
| dbchecker.resources | object | {
"limits": {
"cpu": "20m",
"memory": "32Mi"
},
"requests": {
"cpu": "20m",
"memory": "32Mi"
}
} |
Resource requests and limits for the dbchecker container |
| dbchecker.securityContext | object | {
"allowPrivilegeEscalation": false,
"runAsGroup": 1001,
"runAsNonRoot": true,
"runAsUser": 1001
} |
SecurityContext for the dbchecker container |
| Key | Type | Default | Description |
|---|---|---|---|
| frontend.env[0] | object | {
"name": "API_BASE_URL",
"value": "https://secobserve.dev/api"
} |
Base URL for API |
| frontend.env[1] | object | {
"name": "OIDC_ENABLE",
"value": "false"
} |
enable OIDC authentication |
| frontend.env[2] | object | {
"name": "OIDC_AUTHORITY",
"value": "https://oidc.secobserve.dev"
} |
oidc metadata endpoint |
| frontend.env[3] | object | {
"name": "OIDC_CLIENT_ID",
"value": "secobserve"
} |
OIDC client ID |
| frontend.env[4] | object | {
"name": "OIDC_REDIRECT_URI",
"value": "https://secobserve.dev/"
} |
OIDC client redirect URL |
| frontend.env[5] | object | {
"name": "OIDC_POST_LOGOUT_REDIRECT_URI",
"value": "https://secobserve.dev/"
} |
URI to redirect to after logout |
| frontend.env[6] | object | {
"name": "OIDC_PROMPT",
"value": null
} |
OIDC prompt |
| frontend.image.pullPolicy | string | "IfNotPresent" |
image pull policy |
| frontend.image.registry | string | "ghcr.io" |
image registry |
| frontend.image.repository | string | "secobserve/secobserve-frontend" |
image repository |
| frontend.image.tag | string | null |
image tag (uses appVersion value of Chart.yaml if not specified) |
| frontend.resources | object | {
"limits": {
"cpu": "500m",
"memory": "1000Mi"
},
"requests": {
"cpu": "500m",
"memory": "1000Mi"
}
} |
resource requirements and limits |
| frontend.securityContext | object | {
"allowPrivilegeEscalation": false,
"enabled": true,
"runAsGroup": 1001,
"runAsNonRoot": true,
"runAsUser": 1001
} |
securityContext to use for frontend container |
| frontend.service.port | int | 3000 |
service port |
| Key | Type | Default | Description |
|---|---|---|---|
| ingress.annotations | object | {
"kubernetes.io/ingress.class": "nginx",
"nginx.ingress.kubernetes.io/proxy-read-timeout": "600",
"nginx.ingress.kubernetes.io/proxy-send-timeout": "600",
"nginx.ingress.kubernetes.io/ssl-redirect": "true"
} |
annotations to add to ingress |
| ingress.enabled | bool | true |
If true, a Kubernetes Ingress resource will be created to the http port of the secobserve Service |
| ingress.hostname | string | "secobserve.dev" |
hostname of ingress |
| ingress.ingressClassName | string | "nginx" |
Example configuration for using an Amazon Load Balancer controller ingressClassName: alb annotations: alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]' alb.ingress.kubernetes.io/ssl-policy: 'ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04' alb.ingress.kubernetes.io/healthcheck-path: / |
| Key | Type | Default | Description |
|---|---|---|---|
| postgresql.architecture | string | "standalone" |
PostgreSQL architecture (`standalone` or `replication`) |
| postgresql.auth | object | {
"database": "secobserve",
"existingSecret": "",
"password": "",
"postgresPassword": "",
"secretKeys": {
"userPasswordKey": "password"
},
"username": "secobserve"
} |
enable postgresql subchart |
| postgresql.auth.database | string | "secobserve" |
Name for a custom database to create |
| postgresql.auth.existingSecret | string | "" |
Name of existing secret to use for PostgreSQL credentials |
| postgresql.auth.password | string | "" |
Password for the custom user to create |
| postgresql.auth.postgresPassword | string | "" |
Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided |
| postgresql.auth.secretKeys.userPasswordKey | string | "password" |
Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. |
| postgresql.auth.username | string | "secobserve" |
Name for a custom user to create |
| postgresql.enabled | bool | true |
Switch to enable or disable the PostgreSQL helm chart |
| postgresql.image | object | {
"repository": "bitnamilegacy/postgresql"
} |
enable postgresql subchart |
| postgresql.metrics | object | {
"image": {
"repository": "bitnamilegacy/postgres-exporter"
}
} |
enable postgresql subchart |
| postgresql.volumePermissions | object | {
"image": {
"repository": "bitnamilegacy/os-shell"
}
} |
enable postgresql subchart |
| Key | Type | Default | Description |
|---|---|---|---|
| service | object | {
"type": "ClusterIP"
} |
defines the secobserve http service |
| service.type | string | "ClusterIP" |
Service type of service |
Autogenerated from chart metadata using helm-docs v1.14.2