Skip to content

Commit

Permalink
feat: add trivy.skipJavaDBUpdate for configuring SCANNER_TRIVY_SKIP_J…
Browse files Browse the repository at this point in the history 
…AVA_DB_UPDATE

Signed-off-by: Shengwen Yu <[email protected]>
  • Loading branch information
Shengwen Yu committed Feb 26, 2024
1 parent d95b244 commit 1d46295
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -297,6 +297,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `trivy.ignoreUnfixed` | The flag to display only fixed vulnerabilities | `false` |
| `trivy.insecure` | The flag to skip verifying registry certificate | `false` |
| `trivy.skipUpdate` | The flag to disable [Trivy DB][trivy-db] downloads from GitHub | `false` |
| `trivy.skipJavaDBUpdate` | If the flag is enabled you have to manually download the `trivy-java.db` file [Trivy Java DB][trivy-java-db] and mount it in the `/home/scanner/.cache/trivy/java-db/trivy-java.db` path | `false` |
| `trivy.offlineScan` | The flag prevents Trivy from sending API requests to identify dependencies. | `false` |
| `trivy.securityCheck` | Comma-separated list of what security issues to detect. Possible values are `vuln`, `config` and `secret`. | `vuln` |
| `trivy.timeout` | The duration to wait for scan completion | `5m0s` |
Expand Down Expand Up @@ -406,4 +407,5 @@ The following table lists the configurable parameters of the Harbor chart and th
[resources]: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
[trivy]: https://github.com/aquasecurity/trivy
[trivy-db]: https://github.com/aquasecurity/trivy-db
[trivy-java-db]: https://github.com/aquasecurity/trivy-java-db
[trivy-rate-limiting]: https://github.com/aquasecurity/trivy#github-rate-limiting
2 changes: 2 additions & 0 deletions templates/trivy/trivy-sts.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,8 @@ spec:
value: {{ .Values.trivy.ignoreUnfixed | default false | quote }}
- name: "SCANNER_TRIVY_SKIP_UPDATE"
value: {{ .Values.trivy.skipUpdate | default false | quote }}
- name: "SCANNER_TRIVY_SKIP_JAVA_DB_UPDATE"
value: {{ .Values.trivy.skipJavaDBUpdate | default false | quote }}
- name: "SCANNER_TRIVY_OFFLINE_SCAN"
value: {{ .Values.trivy.offlineScan | default false | quote }}
- name: "SCANNER_TRIVY_SECURITY_CHECKS"
Expand Down
4 changes: 4 additions & 0 deletions values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -709,6 +709,10 @@ trivy:
# If the value is set to `true` you have to manually download the `trivy.db` file and mount it in the
# `/home/scanner/.cache/trivy/db/trivy.db` path.
skipUpdate: false
# skipJavaDBUpdate If the flag is enabled you have to manually download the `trivy-java.db` file and mount it in the
# `/home/scanner/.cache/trivy/java-db/trivy-java.db` path
#
skipJavaDBUpdate: false
# The offlineScan option prevents Trivy from sending API requests to identify dependencies.
#
# Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it.
Expand Down

0 comments on commit 1d46295

Please sign in to comment.