Configuration
Internal Scanning can be be deployed with many different options.
Configuration options can be set using CLI flags:
helm install detectify-scanner detectify/internal-scanning-agent \
--namespace scanner \
--set redis.deploy=false \
--set config.redisUrl=rediss://redis.example.com:6379Or using a values.yaml file:
redis:
deploy: false
config:
redisUrl: 'rediss://redis.example.com:6379'Deployed with e.g.:
helm install detectify-scanner detectify/internal-scanning-agent \
--namespace scanner \
-f values.yamlValues
| Key | Default | Description |
|---|---|---|
registry.username |
| Username for the Detectify docker registry (required) |
registry.password |
| Password for the Detectify docker registry (required) |
namespace.name |
| Kubernetes namespace where scanner components are deployed |
replicaCount.scanScheduler |
| Replicas for the scan scheduler |
replicaCount.scanManager |
| Replicas for the scan manager |
replicaCount.chromeController |
| Replicas for the chrome controller |
resources.scanScheduler | | Resource requests and limits for the scan scheduler |
resources.scanManager | | Resource requests and limits for the scan manager |
resources.chromeController | | Resource requests and limits for the chrome controller |
resources.redis | | Resource requests and limits for Redis |
autoscaling.enabled |
| Enable Horizontal Pod Autoscaler for scanner components |
autoscaling.scanScheduler | | HPA settings for the scan scheduler |
autoscaling.scanManager | | HPA settings for the scan manager |
config.redisUrl |
| Redis connection URL |
config.redisTtlSeconds |
| Redis TTL in seconds for cached scan data (default: 7 days) |
config.licenseKey |
| Detectify license key (required) |
config.connectorApiKey |
| Detectify connector API key (required) |
config.logFormat |
| Log output format: json for log aggregation, text for human readability |
config.scheduledScansPollIntervalSeconds |
| How often (in seconds) to poll for new scans to run |
config.completedScansPollIntervalSeconds |
| How often (in seconds) to poll for completed scans |
redis.deploy |
| Deploy Redis as part of this release. Set to false to use an external Redis instance via config.redisUrl. |
redis.persistence | | Redis persistence settings |
redis.persistence.enabled |
| Enable persistent storage for Redis data |
redis.persistence.size |
| Size of the persistent volume for Redis |
redis.persistence.storageClass |
| StorageClass for the Redis persistent volume. Empty uses the cluster default |
service.type |
| Kubernetes Service type |
ingress.enabled |
| Enable ingress. Required when triggering scans from outside the cluster (e.g., CI/CD pipelines) |
ingress.className |
| Ingress class name (e.g., nginx, traefik, alb) |
ingress.annotations | | Annotations for the ingress resource |
ingress.host |
| Hostname for the scanner API |
ingress.path |
| URL path for the scanner API |
ingress.pathType |
| Path matching type |
ingress.tls | | TLS configuration for the ingress |
ingress.tls.enabled |
| Enable TLS for the ingress |
ingress.tls.secretName |
| Name of the TLS secret (create manually or use cert-manager) |
priorityClass.enabled |
| Enable PriorityClass to prevent eviction of scanner components under resource pressure |
priorityClass.value |
| Priority value assigned to the PriorityClass (higher = more important) |
probes | | Scan Scheduler Health check probe settings for liveness and readiness probes |
probes.liveness | | Liveness probe configuration |
probes.readiness | | Readiness probe configuration |
Last updated on