Skip to content


Helm, which is de facto standard package manager for Kubernetes, allows installing applications from parameterized YAML manifests called Helm charts.

To address shortcomings of static YAML manifests we provide the Helm chart to deploy the Trivy-Operator. The Helm chart supports all Install Modes.

As an example, let's install the operator in the trivy-system namespace and configure it to select all namespaces, except kube-system and trivy-system:

  1. Clone the chart directory:
    git clone --depth 1 --branch v0.11.0
    cd trivy-operator
    Or add Aqua chart repository:
    helm repo add aqua
    helm repo update
  2. Install the chart from a local directory:
    helm install trivy-operator ./deploy/helm \
      --namespace trivy-system \
      --create-namespace \
    Or install the chart from the Aqua chart repository:
    helm install trivy-operator aqua/trivy-operator \
      --namespace trivy-system \
      --create-namespace \
      --set="trivy.ignoreUnfixed=true" \
      --version 0.11.0
    There are many values in the chart that can be set to configure Trivy-Operator.
  3. Check that the trivy-operator Helm release is created in the trivy-system namespace, and it has status deployed:
    $ helm list -n trivy-system
    NAME                 NAMESPACE           REVISION    UPDATED                                 STATUS      CHART                       APP VERSION
    trivy-operator   trivy-system    1           2021-01-27 20:09:53.158961 +0100 CET    deployed    trivy-operator-0.11.0   0.11.0
    To confirm that the operator is running, check that the trivy-operator Deployment in the trivy-system namespace is available and all its containers are ready:
    $ kubectl get deployment -n trivy-system
    NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
    trivy-operator   1/1     1            1           11m
    If for some reason it's not ready yet, check the logs of the Deployment for errors:
    kubectl logs deployment/trivy-operator -n trivy-system

Install as Helm dependency

There are cases, when potential chart developers want to add the operator as dependency. An example would be the creation of an umbrella chart for an application, which depends on 3d-party charts.

In this case, It maybe not suitable to install the Trivy Operator in the same namespace as the main application. Instead, we can use the Helm value operator.namespace to define a namespace where only the operator will be installed. The Operator chart will then either create a new namespace if not existing or use the existing one.


You can uninstall the operator with the following command:

helm uninstall trivy-operator -n trivy-system

You have to manually delete custom resource definitions created by the helm install command:


Deleting custom resource definitions will also delete all security reports generated by the operator.

kubectl delete crd
kubectl delete crd
kubectl delete crd
kubectl delete crd
kubectl delete crd
kubectl delete crd
kubectl delete crd