Helm Values Reference

The three starter values files for the FOSSA fossa-core Helm chart, simplified (managed hosting), simplified self-hosted, and advanced.

10 min readUpdated Jul 9, 2026

Overview

FOSSA provides three starter values files to begin configuring your fossa-core Helm release. All three configure the same underlying schema, the simplified files only add YAML anchors and references to make common configuration tasks more convenient. Pick the one that matches your hosting model, then customize it as described in Configuring your Helm values.

  • Simplified (managed hosting): recommended when you use managed external hosting (Amazon S3, Amazon RDS, or equivalents) for FOSSA's dependencies.
  • Simplified (self-hosted): when you want FOSSA to self-host its dependencies in-cluster.
  • Advanced: exposes the full chart configuration directly, without anchors. Reference the comments in the chart's values.yaml when using it.

Warning

The self-hosted starter file provisions Postgres and MinIO in-cluster. fossa-core 6.x has removed in-cluster Postgres provisioning and decoupled MinIO from the chart. On current charts, configure Postgres (version 17) and S3-compatible storage as external services. See Migrating to Postgres 17 and Decoupling MinIO from fossa-core, and always check the chart's own CHANGELOG.md for breaking changes before upgrading.

YAML
---################################################################################ ## FOSSA on-premises Helm values (simplified)################################################################################ #################################################################################### Modify these values##################################################################################global:  # Environment name (used for logging).  environment: production  # The FOSSA image credentials that you were given by your account manager.  imageCredentials:    username:    password: # 64-character hexadecimal string, used to encrypt application secrets. Please# pick something more random than the default value.encryptionSecret: 0000000000000000000000000000000000000000000000000000000000000000 # The URL hostname and port that the FOSSA web server should listen on.## This hostname must be accessible to users, and you'll need to configure a DNS# record for this hostname.hostname: &core-web-hostname fossa.localport: 80 # If you want your ingress controller to serve FOSSA via HTTPS, you'll need to# configure that here. Please see your ingress controller's relevant# documentation to set the correct annotations, if required.coreIngressAnnotations: &coreIngressAnnotations {}coreIngressTLS: &coreIngressTLS [] # Set Postgres connection configuration.postgres: &postgres  # The URL of the database.  host:  # Database user credentials.  username:  password:   # Database name to use for the FOSSA web application's database.  database: fossa # Set S3-compatible object storage configuration.## Bucket name for web application file storage.storageCoreBucket: &storage-core-bucket files.fossa.local# Bucket name for analysis results storage.storageHubbleBucket: &storage-hubble-bucket analysis.fossa.local# The endpoint of the S3 service, including protocol.storageEndpoint: &storage-endpoint https://s3.us-east-2.amazonaws.com# The S3 endpoint's region.storageRegion: &storage-region# The S3 access key and secret key.storageAuth: &storage-auth  accessKey:  secretKey: # Configuration for the self-hosted job queue instances.## Password to use for self-hosted web application job queue.faktoryCorePassword: &faktory-core-password "password"# Password to use for self-hosted code analysis job queue.faktoryHubblePassword: &faktory-hubble-password "password" # Email server for FOSSA web application.email:  # The address from which FOSSA will send email.  from: support@fossa.local   # SMTP server configuration.  host: smtp.fossa.local  port: 1025  # Credentials for the SMTP server. Remove this section if no auth is required.  auth:    user: user    pass: password # Self-signed certificates configuration.trustedCertificates: # Third-party integrations.## Other providers include `google`, `slack`, and `azureRepos`. For details, see# the reference documentation in the chart's top-level `values.yaml` file.github: {}  # clientId:  # clientSecret: #################################################################################### Generated configuration values.#### DO NOT MODIFY THESE unless you know what you're doing.################################################################################## faktory:  auth:    password: *faktory-core-password storageCommonConfig: &storage  endpoint: *storage-endpoint  region: *storage-region  auth: *storage-auth storage:  <<: *storage  bucket: *storage-core-bucket hubble:  postgres: *postgres   faktory:    auth:      password: *faktory-hubble-password   storage:    <<: *storage    bucket: *storage-hubble-bucket ingress:  enabled: true  annotations: *coreIngressAnnotations  tls: *coreIngressTLS  hosts:    - *core-web-hostname enabledFeatureFlags:  # Dependency Path in Global Issues Report  - dependencyPathGlobalIssuesReport  # Release Groups  - projectGrouping  # Disable Org Alert Banner  - disableOrgAlertBanner  # License Headers In Reports  - licenseHeaderReports  # File Path in Reports  - filePathInReports  # Copyright Notices in Reports  - copyrightReports  # Show Locators in Plaintext Reports  - locatorsInPlainTextReports  # Show Depth in Plaintext Reports  - depthInPlainTextReports
© 2026 FOSSA, Inc.support@fossa.com