feat(helm): add support for kubeVersion

[nikpivkin]

https://helm.sh/docs/helm/helm_template/

Discussed in #5919

^{Originally posted by a-devops-guy January 11, 2024}

Description

Trivy is detecting 0 files when performing scan if tpllib is used to generate set of resources like deployment, services etc
yaml renders works just fine as well as helm install

happy to provide more example or our full helm library on request.

Desired Behavior

trivy should scan helm chart even when chart is highly templated. scanning the templated yaml file using helm template works fine

Actual Behavior

trivy should scan detects 0 files when helm chart is highly templated.

Reproduction Steps

1. create a helm chart helm create test
2. remove all files in template folder
3. add file _helper.tpl

{{- define "deployment" -}}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "tpl.resource.name" . }}
  labels: {{- include "tpl.labels" . | nindent 4 }}
{{- end -}}

3. add file deployment.yaml

{{- include "deployment" . }}
spec:
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
    spec:
      containers:
      - name: myapp
        image: test:latest
        resources:
          limits:
            memory: "128Mi"
            cpu: "500m"
        ports:
        - containerPort: 80

4. perform trivy scan trivy config . --debug

2024-01-11T12:03:01.878+0530    DEBUG   Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-01-11T12:03:01.961+0530    DEBUG   cache dir:  /Users/kiran/Library/Caches/trivy
2024-01-11T12:03:01.961+0530    INFO    Misconfiguration scanning is enabled
2024-01-11T12:03:01.961+0530    DEBUG   Failed to open the policy metadata: open /Users/kiran/Library/Caches/trivy/policy/metadata.json: no such file or directory
2024-01-11T12:03:01.961+0530    INFO    Need to update the built-in policies
2024-01-11T12:03:01.961+0530    INFO    Downloading the built-in policies...
2024-01-11T12:03:01.961+0530    DEBUG   Using URL: ghcr.io/aquasecurity/trivy-policies:0 to load policy bundle
44.78 KiB / 44.78 KiB [--------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% ? p/s 100ms
2024-01-11T12:03:04.637+0530    DEBUG   Digest of the built-in policies: sha256:8bfc31f3e4301ef758b6793a07e0b12b4306e0b54d03a640efb2ff5e5ef29b9e
2024-01-11T12:03:04.637+0530    DEBUG   Policies successfully loaded from disk
2024-01-11T12:03:04.637+0530    DEBUG   Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan]
2024-01-11T12:03:04.678+0530    DEBUG   The nuget packages directory couldn't be found. License search disabled
2024-01-11T12:03:04.678+0530    DEBUG   Walk the file tree rooted at '.' in series
2024-01-11T12:03:04.686+0530    DEBUG   Scanning Helm files for misconfigurations...
2024-01-11T12:03:04.772+0530    DEBUG   OS is not detected.
2024-01-11T12:03:04.772+0530    INFO    Detected config files: 0

Target

None

Scanner

None

Output Format

None

Mode

None

Debug Output

Operating System

Mac sonoma, Redhat ubi9 container image

Version

0.48.2

Checklist

• Run trivy image --reset
• Read the troubleshooting