From cec0b63a322fa7ebfa22a23d9fc7603aae0524b1 Mon Sep 17 00:00:00 2001
From: elchenberg <elchenberg@users.noreply.github.com>
Date: Wed, 31 Aug 2022 16:34:14 +0200
Subject: [PATCH 1/2] helm: make cache TTL configurable

Signed-off-by: elchenberg <elchenberg@users.noreply.github.com>
---
 helm/trivy/templates/configmap.yaml | 1 +
 helm/trivy/values.yaml              | 1 +
 2 files changed, 2 insertions(+)

diff --git a/helm/trivy/templates/configmap.yaml b/helm/trivy/templates/configmap.yaml
index 19f52436d93..45996208888 100644
--- a/helm/trivy/templates/configmap.yaml
+++ b/helm/trivy/templates/configmap.yaml
@@ -9,6 +9,7 @@ data:
   TRIVY_CACHE_DIR: "/home/scanner/.cache/trivy"
 {{- if .Values.trivy.cache.redis.enabled }}
   TRIVY_CACHE_BACKEND: {{ .Values.trivy.cache.redis.url | quote }}
+  TRIVY_CACHE_TTL: {{ .Values.trivy.cache.redis.ttl | quote }}
 {{- end }}
   TRIVY_DEBUG: {{ .Values.trivy.debugMode | quote }}
   TRIVY_SKIP_UPDATE: {{ .Values.trivy.skipUpdate | quote }}
diff --git a/helm/trivy/values.yaml b/helm/trivy/values.yaml
index f4063666226..2a6f9d92d9f 100644
--- a/helm/trivy/values.yaml
+++ b/helm/trivy/values.yaml
@@ -113,6 +113,7 @@ trivy:
     redis:
       enabled: false
       url: ""  # e.g. redis://redis.redis.svc:6379
+      ttl: ""  # e.g 3600s, 24h
   serviceAccount:
     annotations: {}
       # eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT_ID:role/IAM_ROLE_NAME

From 00164e29cf546f3c2c59194d1dabc395fd067ea2 Mon Sep 17 00:00:00 2001
From: elchenberg <elchenberg@users.noreply.github.com>
Date: Wed, 7 Sep 2022 10:25:04 +0200
Subject: [PATCH 2/2] add usage instructions for trivy.cache.redis.ttl to the
 README

Signed-off-by: elchenberg <elchenberg@users.noreply.github.com>
---
 helm/trivy/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/helm/trivy/README.md b/helm/trivy/README.md
index 68ad40f5bba..6ef1db5a85f 100644
--- a/helm/trivy/README.md
+++ b/helm/trivy/README.md
@@ -72,6 +72,7 @@ The following table lists the configurable parameters of the Trivy chart and the
 | `trivy.dbRepository`                  | OCI repository to retrieve the trivy vulnerability database from        | `ghcr.io/aquasecurity/trivy-db`        |
 | `trivy.cache.redis.enabled`           | Enable Redis as caching backend                                         | `false` |
 | `trivy.cache.redis.url`               | Specify redis connection url, e.g. redis://redis.redis.svc:6379         | `` |
+| `trivy.cache.redis.ttl`               | Specify redis TTL, e.g. 3600s or 24h                                    | `` |
 | `trivy.serverToken`                   | The token to authenticate Trivy client with Trivy server                | `` |
 | `trivy.existingSecret`                | existingSecret if an existing secret has been created outside the chart. Overrides gitHubToken, registryUsername, registryPassword, serverToken | `` |
 | `trivy.podAnnotations`                | Annotations for pods created by statefulset                             | `{}` |