# Trivy Operator — namespace + PSA; applied with **noble_platform** bootstrap kustomize before Argo syncs the chart.
# Scan jobs may use elevated capabilities; align with other operator namespaces.
apiVersion: v1
kind: Namespace
metadata:
  name: trivy-system
  labels:
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/warn: privileged