# Trivy Operator — apply before Helm (Ansible **noble_trivy**).
# Scan jobs may use elevated capabilities; align with other operator namespaces.
apiVersion: v1
kind: Namespace
metadata:
  name: trivy-system
  labels:
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/warn: privileged