This topic tells you how to configure clusters for specific scanners, such as vulnerability scanning, single cluster configuration, and multicluster configuration.
You can use the scanner configuration to connect the Grype scanner or another supported scanner to SCST - Store.
For single-cluster configurations, scanners use app-tls-cert
to communicate with SCST - Store. For more information, see Install your Tanzu Application Platform profile.
For multicluster configurations, scanners use ingress-cert
of SCST - Store in the View cluster. For more information, see Multicluster setup for SCST - Store.
In a single-cluster configuration, the connection between the scanning pod and SCST - Store exists inside the cluster and does not pass through ingress. An ingress connection to SCST - Store is not needed.
The default values automatically configure the connection between a supported scanner, such as Grype, and SCST - Store. Scanners use app-tls-cert
by default from SCST - Store.
You do not need to change the grype
section of tap-values.yaml
provided in the Full profile installation. For more information, see Install your Tanzu Application Platform profile.
To view the default values, see Install SCST - Scan.
In a multicluster configuration, you must provide the scanner configured on the build cluster, with the ingress URL of SCST - Store that is deployed in the view cluster. Scanners must use ingress-cert
to communicate with SCST - Store.
To view a sample Build profile YAML file, see Build profile.
For information about how Build profile uses the configuration, see How to configure Grype in the Build profile values file.