feat: updates for vunnel integration (#74)

* feat: updates for vunnel integration

Signed-off-by: Weston Steimel <[email protected]>

* chore: bump chart version

Signed-off-by: Weston Steimel <[email protected]>

* feat: allow for config of nvd api key

Signed-off-by: Weston Steimel <[email protected]>

---------

Signed-off-by: Weston Steimel <[email protected]>

stable/anchore-engine/templates/enterprise_feeds_configmap.yaml

@@ -167,6 +167,9 @@ data:
           {{- end }}
           nvdv2:
             enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.nvdv2DriverEnabled | quote) }}
+          {{- if eq (.Values.anchoreEnterpriseFeeds.nvdv2DriverEnabled | toString) "true" }}
+            api_key: ${ANCHORE_NVD_API_KEY}
+          {{- end }}
           sles:
             enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.slesDriverEnabled | quote) }}
           msrc:
@@ -183,6 +186,11 @@ data:
           grypedb:
             enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.grypeDriverEnabled | quote) }}
             external_feeds_url: {{ $grypeProviderFeedsExternalURL }}
+            preload:
+              enabled: {{ default true (.Values.anchoreEnterpriseFeeds.grypedbPreloadEnabled) }}
+              workspace_archive_path: {{ default "/preload/grype-db-workspace.tar.gz" (.Values.anchoreEnterpriseFeeds.grypedbPreloadWorkspaceArchivePath) }}
+            persist_provider_workspaces: {{ default true (.Values.anchoreEnterpriseFeeds.grypedbPersistProviderWorkspaces) }}
+            restore_provider_workspaces: {{ default true (.Values.anchoreEnterpriseFeeds.grypedbRestoreProviderWorkspaces) }}
           anchore_match_exclusions:
             enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.anchoreMatchExclusionsEnabled | quote) }}
           wolfi:

stable/anchore-engine/templates/enterprise_feeds_secret.yaml

@@ -29,6 +29,9 @@ stringData:
   {{- with .Values.anchoreEnterpriseFeeds.githubDriverToken }}
   ANCHORE_GITHUB_TOKEN: {{ . | quote }}
   {{- end }}
+  {{- with .Values.anchoreEnterpriseFeeds.nvdDriverApiKey }}
+  ANCHORE_NVD_API_KEY: {{ . | quote }}
+  {{- end }}
   {{- if .Values.anchoreEnterpriseFeeds.gemDriverEnabled }}
   ANCHORE_GEM_DB_NAME: {{ index .Values "anchore-feeds-gem-db" "postgresDatabase" | quote }}
   ANCHORE_GEM_DB_USER: {{ index .Values "anchore-feeds-gem-db" "postgresUser" | quote }}

stable/anchore-engine/values.yaml

@@ -823,6 +823,9 @@ anchoreEnterpriseFeeds:
   # GitHub advisory feeds require a github developer personal access token with no permission scopes selected.
   githubDriverToken: null
 
+  # The NVD API allows for an API key to reduce rate limiting.  Request one from https://nvd.nist.gov/developers/request-an-api-key
+  nvdDriverApiKey: null
+
   # Enable microsoft feeds
   msrcDriverEnabled: false
   # Uncomment to add MSRC product IDs for generating their feed data, this extends the pre-defined list of product IDs