Helm Chart

Scan Helm chart, template, and values files for Docker container image and GitHub repositories to pull and scan for symbols.

Helm CLI

The scanner uses the Helm CLI to connect and show charts, so ensure the CLI is installed on your local machine or use the compiler Docker image.

Configuration

To configure the Helm chart module, Edit these settings.

Below is the default configuration from: helm/config.yaml (* Required Fields).

Edit Online

# 🔟❎ 'compile' k8s Helm scanner configuration

# Configures the k8s Helm chart symbol scanner which pulls referenced GitHub source repositories and
# Docker container images to scan for symbol values.

# To learn more see https://doc.log10x.com/compile/pull/helm

# For a reference list of common infrastructure charts, see:
#   modules/pipelines/compile/modules/pull/helm/library.yaml

# Set the 10x pipeline to 'compile'
tenx: compile

# =============================== Helm Options ===============================

helm:

  # Charts can be specified as Helm chart names OR as local chart files.

  # 'chartNames' specifies a list of remote chart names to scan for values and template files.
  chartNames: [
    # open-telemetry/opentelemetry-demo,
    # ingress-nginx/ingress-nginx,
  ]

  # 'chartFiles' specifies a list of local chart template and values.yaml files on disk.
  #  File paths may be relative to the 'includePaths' list. If canonical, enclosing folders must added to 'includePaths'.
  chartFiles: [
    # charts/opentelemetry-demo/values.yaml
  ]

  pull:

    # 'dockerImages' specifies whether to pull docker container images referenced by input charts
    #  To learn more see https://doc.log10x.com/compile/pull/docker
    dockerImages: true

    github:

      # 'repos' specifies whether to pull GitHub repos referenced by 'org.opencontainers.image.source' annotations
      #  To learn more see https://github.com/opencontainers/image-spec/blob/v1.0.1/annotations.md#pre-defined-annotation-keys
      repos: true

      # 'token' specifies the GitHub access token for pulling from referenced repos
      #  To learn more see: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens
      token: $=TenXEnv.get("GH_TOKEN")  # (❗ EnvVar REQUIRED)

Options

Specify the options below to configure the Helm chart:

Name	Description	Category
helmChartNames	List of charts to pull	General
helmChartFiles	List of charts templates and value files to scan	General
helmPullGithubRepos	Pull GitHub repos	General
helmPullGithubToken	GitHub API token for pulling repositories	General
helmPullDockerImages	Pull docker container images	General
helmCommand	Path to Helm command	Process
helmGitHubRepoPaths	YAML DOM paths for extracting GitHub repos	Process
helmDockerImagePaths	YAML DOM paths for extracting Docker repo references	Process

General

`helmChartNames`

List of charts to pull.

Type	Default	Category
List	[]	General

Specifies a list of chart names (e.g., open-telemetry/opentelemetry-demo) to pass to helmCommand.

The scanner will invoke the template and show chart commands to pull its values.yaml and chart.yaml files to scan for Docker container images and GitHub repo files.

`helmChartFiles`

List of charts templates and value files to scan.

Type	Default	Category
List	[]	General

Specifies a list of chart value and templates files to scan. These file paths may be relative to the include paths list. If file paths are canonical, their enclosing folders must be included in the includePaths argument.

`helmPullGithubRepos`

Pull GitHub repos.

Type	Default	Category
Boolean	false	General

Specifies whether to pull GitHub repos referenced by an input Helm template files.

`helmPullGithubToken`

GitHub API token for pulling repositories.

Type	Default	Category
String	""	General

Defines an access token for pulling Github repos referenced by Helm charts.

`helmPullDockerImages`

Pull docker container images.

Type	Default	Category
Boolean	true	General

Specifies whether to pull Docker images referenced by an input Helm values and template files.

Process

`helmCommand`

Path to Helm command.

Type	Default	Category
String	*NIX: /usr/local/bin/helm, Win: C:/Program Files/helm/helm.exe	Process

Defines the path to the Helm program used for querying chart templates and values. This value must be set if helmChartNames is set.

`helmGitHubRepoPaths`

YAML DOM paths for extracting GitHub repos.

Type	Default	Category
String	[metadata.repository, spec.source.git, chart.repository]	Process

specifies paths within a YAML file to treat as holders for GitHub repo names. For example, for the following section from an input chart.yaml file:

sources:
  - https://github.com/open-telemetry/opentelemetry-demo # capture this GitHub repo reference

`helmDockerImagePaths`

YAML DOM paths for extracting Docker repo references.

Type	Default	Category
String	[spec.template.spec.containers.image, values.image, spec.containers.image, sources]	Process

specifies paths within a helm YAML file to treat as holders for Docker image names. For example, for the following section from an input values.yaml file:

spec:
  serviceAccountName: opentelemetry-demo
  containers:
  - name: accountingservice 
    image: 'docker.io/grafana/grafana:11.1.0' # capture this docker image reference

This module is defined in helm/module.yaml.