chore(trunk): update versions of linters and

adjust linter settings - Increment Linter versions for checkov, osv-scanner, trivy, trufflehog, renovate, markdownlint, prettier, gitleaks, and yamllint - Add linter exceptions for `'charts/**'` path in checkov - Add a comment to bypass invalid flagged secret exposure warning in `dsvInjectorCredentialsSecretName` in `charts/dsv-syncer/values.yaml`
DelineaXPM · Feb 12, 2024 · 695a295 · 695a295
1 parent 2f7023d
commit 695a295
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 11 deletions.
diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
@@ -48,25 +48,25 @@ lint:
     - cspell
     - gofmt
   enabled:
-    - checkov@3.1.69
+    - checkov@3.2.19
     - gokart@0.5.1
-    - osv-scanner@1.6.1
+    - osv-scanner@1.6.2
     - terrascan@1.18.11
-    - trivy@0.48.3
-    - trufflehog@3.63.11
+    - trivy@0.49.1
+    - trufflehog@3.67.5
     - gofumpt@0.5.0
-    - renovate@37.146.0
+    - renovate@37.180.0
     - golangci-lint@SYSTEM
     - git-diff-check
     - taplo@0.8.1
-    - markdownlint@0.38.0
-    - prettier@3.2.4
+    - markdownlint@0.39.0
+    - prettier@3.2.5
     - actionlint@1.6.26
     - hadolint@2.12.0
-    - gitleaks@8.18.1
+    - gitleaks@8.18.2
     - shellcheck@0.9.0
     - shfmt@3.6.0
-    - yamllint@1.33.0
+    - yamllint@1.34.0
     - svgo@3.2.0
     - prettier@2.8.3
     - git-diff-check
@@ -75,7 +75,7 @@ lint:
     - actionlint@1.6.26
     - gitleaks@8.15.3
     - hadolint@2.12.0
-    - markdownlint@0.38.0
+    - markdownlint@0.39.0
     - shellcheck@0.9.0
     - shfmt@3.6.0
 
@@ -94,3 +94,7 @@ lint:
         - 'charts/*/templates/*'
     # - linters: [prettier, yamllint]
     #   paths:
+    - linters: [checkov]
+      paths:
+        - '**'
+        - '!charts/**'
diff --git a/charts/dsv-syncer/values.yaml b/charts/dsv-syncer/values.yaml
@@ -84,7 +84,7 @@ resources:
   #   memory: 128Mi
 
 # -- dsvInjectorCredentialsSecretName is the name of thecredentialsJson secret from the dsv-injector
-dsvInjectorCredentialsSecretName: dsv-injector-credentials
+dsvInjectorCredentialsSecretName: dsv-injector-credentials #checkov:skip=CKV_SECRET_6: this is a secret name and not an embedded secret
 
 # -- cronJobSchedule controls when the syncer runs; five asterisks means "every minute".
 # See [cronjob](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#cron-schedule-syntax)