# Bootstrap app-of-apps leaf: Trivy Operator (vulnerability + config audit reports).
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: noble-trivy-operator
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io/background
spec:
  project: default
  sources:
    - repoURL: https://aquasecurity.github.io/helm-charts/
      chart: trivy-operator
      targetRevision: 0.32.1
      helm:
        releaseName: trivy-operator
        valueFiles:
          - $values/clusters/noble/apps/trivy/values.yaml
    - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
      targetRevision: HEAD
      ref: values
  destination:
    server: https://kubernetes.default.svc
    namespace: trivy-system
  # Manual sync after **noble.yml**: install Trivy via Argo only (not Ansible). Enable automation after cutover (../README.md §5).
  syncPolicy:
    syncOptions:
      - CreateNamespace=true
      - ServerSideApply=true