mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-10 23:00:48 -08:00
Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
b7947b37ee | ||
|
|
cd0d1281bf | ||
|
|
7dd70dcf3e | ||
|
|
3d537b908b |
@@ -1 +1 @@
|
||||
{".":"0.57.0"}
|
||||
{".":"0.57.1"}
|
||||
|
||||
@@ -1,5 +1,12 @@
|
||||
# Changelog
|
||||
|
||||
## [0.57.1](https://github.com/aquasecurity/trivy/compare/v0.57.0...v0.57.1) (2024-11-18)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Update registry fallbacks [backport: release/v0.57] ([#7944](https://github.com/aquasecurity/trivy/issues/7944)) ([cd0d128](https://github.com/aquasecurity/trivy/commit/cd0d1281bfd1e2804c2305fafde7831d3ec571df))
|
||||
* **redhat:** don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files [backport: release/v0.57] ([#7939](https://github.com/aquasecurity/trivy/issues/7939)) ([7dd70dc](https://github.com/aquasecurity/trivy/commit/7dd70dcf3e3b0b49af7f375d1ca20777ef6e28e2))
|
||||
|
||||
## [0.57.0](https://github.com/aquasecurity/trivy/compare/v0.56.0...v0.57.0) (2024-10-31)
|
||||
|
||||
|
||||
|
||||
@@ -92,6 +92,19 @@ You can reference the OCI manifest of [trivy-db].
|
||||
`trivy-db-registry:latest` => `trivy-db-registry:latest`, but `trivy-db-registry` => `trivy-db-registry:2`.
|
||||
|
||||
|
||||
### Rate limits
|
||||
Trivy hosts its databases on public OCI registries that are subject to their respective rate limits. While we strive to make the databases available to every
|
||||
Trivy user, there are certain recommendations that one can make in order to ensure rate limits are not hit.
|
||||
|
||||
#### Authenticated use of Registries
|
||||
By authenticating with the registries that Trivy hosts its DBs on can significantly increase the limit for users. For Amazon ECR, the details for rate limits can be found [ecr-limits].
|
||||
|
||||
Please see more info on how to authenticate with ECR [auth-ecr].
|
||||
|
||||
#### Caching DBs
|
||||
Trivy DB and Trivy Java DB are published every 6 hours and 24 hours, respectively. If you are running Trivy scans more often than this, you can significantly benefit from caching the DBs on each run and updating them as needed.
|
||||
Once example of this can be seen in Trivy Action, where with caching multiple CI invocations can be performed with a single download of the DBs. More on info Trivy Action caching can be found [trivy-action-cache].
|
||||
|
||||
## Java Index Database
|
||||
The same options are also available for the Java index DB, which is used for scanning Java applications.
|
||||
Skipping an update can be done by using the `--skip-java-db-update` option, while `--download-java-db-only` can be used to only download the Java index DB.
|
||||
@@ -123,4 +136,7 @@ $ trivy clean --vuln-db --java-db
|
||||
```
|
||||
|
||||
[trivy-db]: https://github.com/aquasecurity/trivy-db/pkgs/container/trivy-db
|
||||
[trivy-java-db]: https://github.com/aquasecurity/trivy-java-db/pkgs/container/trivy-java-db
|
||||
[trivy-java-db]: https://github.com/aquasecurity/trivy-java-db/pkgs/container/trivy-java-db
|
||||
[ecr-limits]: https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html
|
||||
[auth-ecr]: https://aws.amazon.com/blogs/compute/authenticating-amazon-ecr-repositories-for-docker-cli-with-credential-helper/
|
||||
[trivy-action-cache]: https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#cache
|
||||
@@ -29,7 +29,7 @@ trivy filesystem [flags] PATH
|
||||
--config-data strings specify paths from which data for the Rego checks will be recursively loaded
|
||||
--config-file-schemas strings specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking
|
||||
--custom-headers strings custom headers in client mode
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
|
||||
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
|
||||
--detection-priority string specify the detection priority:
|
||||
- "precise": Prioritizes precise by minimizing false positives.
|
||||
@@ -56,7 +56,7 @@ trivy filesystem [flags] PATH
|
||||
--include-deprecated-checks include deprecated checks
|
||||
--include-dev-deps include development dependencies in the report (supported: npm, yarn)
|
||||
--include-non-failures include successes, available with '--scanners misconfig'
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--license-confidence-level float specify license classifier's confidence level (default 0.9)
|
||||
--license-full eagerly look for licenses in source code headers and license files
|
||||
--list-all-pkgs output all packages in the JSON report regardless of vulnerability
|
||||
|
||||
@@ -43,7 +43,7 @@ trivy image [flags] IMAGE_NAME
|
||||
--config-data strings specify paths from which data for the Rego checks will be recursively loaded
|
||||
--config-file-schemas strings specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking
|
||||
--custom-headers strings custom headers in client mode
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
|
||||
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
|
||||
--detection-priority string specify the detection priority:
|
||||
- "precise": Prioritizes precise by minimizing false positives.
|
||||
@@ -74,7 +74,7 @@ trivy image [flags] IMAGE_NAME
|
||||
--include-deprecated-checks include deprecated checks
|
||||
--include-non-failures include successes, available with '--scanners misconfig'
|
||||
--input string input file path instead of image name
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--license-confidence-level float specify license classifier's confidence level (default 0.9)
|
||||
--license-full eagerly look for licenses in source code headers and license files
|
||||
--list-all-pkgs output all packages in the JSON report regardless of vulnerability
|
||||
|
||||
@@ -38,7 +38,7 @@ trivy kubernetes [flags] [CONTEXT]
|
||||
--config-check strings specify the paths to the Rego check files or to the directories containing them, applying config files
|
||||
--config-data strings specify paths from which data for the Rego checks will be recursively loaded
|
||||
--config-file-schemas strings specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
|
||||
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
|
||||
--detection-priority string specify the detection priority:
|
||||
- "precise": Prioritizes precise by minimizing false positives.
|
||||
@@ -70,7 +70,7 @@ trivy kubernetes [flags] [CONTEXT]
|
||||
--include-kinds strings indicate the kinds included in scanning (example: node)
|
||||
--include-namespaces strings indicate the namespaces included in scanning (example: kube-system)
|
||||
--include-non-failures include successes, available with '--scanners misconfig'
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--k8s-version string specify k8s version to validate outdated api by it (example: 1.21.0)
|
||||
--kubeconfig string specify the kubeconfig file path to use
|
||||
--list-all-pkgs output all packages in the JSON report regardless of vulnerability
|
||||
|
||||
@@ -29,7 +29,7 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
|
||||
--config-data strings specify paths from which data for the Rego checks will be recursively loaded
|
||||
--config-file-schemas strings specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking
|
||||
--custom-headers strings custom headers in client mode
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
|
||||
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
|
||||
--detection-priority string specify the detection priority:
|
||||
- "precise": Prioritizes precise by minimizing false positives.
|
||||
@@ -56,7 +56,7 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
|
||||
--include-deprecated-checks include deprecated checks
|
||||
--include-dev-deps include development dependencies in the report (supported: npm, yarn)
|
||||
--include-non-failures include successes, available with '--scanners misconfig'
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--license-confidence-level float specify license classifier's confidence level (default 0.9)
|
||||
--license-full eagerly look for licenses in source code headers and license files
|
||||
--list-all-pkgs output all packages in the JSON report regardless of vulnerability
|
||||
|
||||
@@ -31,7 +31,7 @@ trivy rootfs [flags] ROOTDIR
|
||||
--config-data strings specify paths from which data for the Rego checks will be recursively loaded
|
||||
--config-file-schemas strings specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking
|
||||
--custom-headers strings custom headers in client mode
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
|
||||
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
|
||||
--detection-priority string specify the detection priority:
|
||||
- "precise": Prioritizes precise by minimizing false positives.
|
||||
@@ -58,7 +58,7 @@ trivy rootfs [flags] ROOTDIR
|
||||
--ignorefile string specify .trivyignore file (default ".trivyignore")
|
||||
--include-deprecated-checks include deprecated checks
|
||||
--include-non-failures include successes, available with '--scanners misconfig'
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--license-confidence-level float specify license classifier's confidence level (default 0.9)
|
||||
--license-full eagerly look for licenses in source code headers and license files
|
||||
--list-all-pkgs output all packages in the JSON report regardless of vulnerability
|
||||
|
||||
@@ -24,7 +24,7 @@ trivy sbom [flags] SBOM_PATH
|
||||
--cache-ttl duration cache TTL when using redis as cache backend
|
||||
--compliance string compliance report to generate
|
||||
--custom-headers strings custom headers in client mode
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
|
||||
--detection-priority string specify the detection priority:
|
||||
- "precise": Prioritizes precise by minimizing false positives.
|
||||
- "comprehensive": Aims to detect more security findings at the cost of potential false positives.
|
||||
@@ -41,7 +41,7 @@ trivy sbom [flags] SBOM_PATH
|
||||
--ignore-unfixed display only fixed vulnerabilities
|
||||
--ignored-licenses strings specify a list of license to ignore
|
||||
--ignorefile string specify .trivyignore file (default ".trivyignore")
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--list-all-pkgs output all packages in the JSON report regardless of vulnerability
|
||||
--no-progress suppress progress bar
|
||||
--offline-scan do not issue API requests to identify dependencies
|
||||
|
||||
@@ -22,7 +22,7 @@ trivy server [flags]
|
||||
```
|
||||
--cache-backend string [EXPERIMENTAL] cache backend (e.g. redis://localhost:6379) (default "fs")
|
||||
--cache-ttl duration cache TTL when using redis as cache backend
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
|
||||
--download-db-only download/update vulnerability database but don't run a scan
|
||||
--enable-modules strings [EXPERIMENTAL] module names to enable
|
||||
-h, --help help for server
|
||||
|
||||
@@ -27,7 +27,7 @@ trivy vm [flags] VM_IMAGE
|
||||
--compliance string compliance report to generate
|
||||
--config-file-schemas strings specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking
|
||||
--custom-headers strings custom headers in client mode
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
|
||||
--db-repository strings OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
|
||||
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
|
||||
--detection-priority string specify the detection priority:
|
||||
- "precise": Prioritizes precise by minimizing false positives.
|
||||
@@ -52,7 +52,7 @@ trivy vm [flags] VM_IMAGE
|
||||
--ignore-unfixed display only fixed vulnerabilities
|
||||
--ignorefile string specify .trivyignore file (default ".trivyignore")
|
||||
--include-non-failures include successes, available with '--scanners misconfig'
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--list-all-pkgs output all packages in the JSON report regardless of vulnerability
|
||||
--misconfig-scanners strings comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot])
|
||||
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
|
||||
|
||||
@@ -105,6 +105,7 @@ db:
|
||||
|
||||
# Same as '--java-db-repository'
|
||||
java-repository:
|
||||
- mirror.gcr.io/aquasec/trivy-java-db:1
|
||||
- ghcr.io/aquasecurity/trivy-java-db:1
|
||||
|
||||
# Same as '--skip-java-db-update'
|
||||
@@ -115,6 +116,7 @@ db:
|
||||
|
||||
# Same as '--db-repository'
|
||||
repository:
|
||||
- mirror.gcr.io/aquasec/trivy-db:2
|
||||
- ghcr.io/aquasecurity/trivy-db:2
|
||||
|
||||
# Same as '--skip-db-update'
|
||||
|
||||
@@ -41,7 +41,7 @@ import (
|
||||
|
||||
var update = flag.Bool("update", false, "update golden files")
|
||||
|
||||
const SPDXSchema = "https://raw.githubusercontent.com/spdx/spdx-spec/development/v%s/schemas/spdx-schema.json"
|
||||
const SPDXSchema = "https://raw.githubusercontent.com/spdx/spdx-spec/support/v%s/schemas/spdx-schema.json"
|
||||
|
||||
func initDB(t *testing.T) string {
|
||||
fixtureDir := filepath.Join("testdata", "fixtures", "db")
|
||||
|
||||
@@ -29,6 +29,10 @@ var (
|
||||
DefaultGHCRRepository = fmt.Sprintf("%s:%d", "ghcr.io/aquasecurity/trivy-db", db.SchemaVersion)
|
||||
defaultGHCRRepository = lo.Must(name.NewTag(DefaultGHCRRepository))
|
||||
|
||||
// GCR mirror
|
||||
DefaultGCRRepository = fmt.Sprintf("%s:%d", "mirror.gcr.io/aquasec/trivy-db", db.SchemaVersion)
|
||||
defaultGCRRepository = lo.Must(name.NewTag(DefaultGCRRepository))
|
||||
|
||||
Init = db.Init
|
||||
Close = db.Close
|
||||
Path = db.Path
|
||||
@@ -73,6 +77,7 @@ func Dir(cacheDir string) string {
|
||||
func NewClient(dbDir string, quiet bool, opts ...Option) *Client {
|
||||
o := &options{
|
||||
dbRepositories: []name.Reference{
|
||||
defaultGCRRepository,
|
||||
defaultGHCRRepository,
|
||||
},
|
||||
}
|
||||
|
||||
@@ -31,6 +31,10 @@ func (a contentManifestAnalyzer) Analyze(_ context.Context, target analyzer.Anal
|
||||
return nil, xerrors.Errorf("invalid content manifest: %w", err)
|
||||
}
|
||||
|
||||
if len(manifest.ContentSets) == 0 {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
return &analyzer.AnalysisResult{
|
||||
BuildInfo: &types.BuildInfo{
|
||||
ContentSets: manifest.ContentSets,
|
||||
|
||||
@@ -31,6 +31,11 @@ func Test_contentManifestAnalyzer_Analyze(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "happy path for non-contentSets file",
|
||||
input: "testdata/content_manifests/sbom-purl.json",
|
||||
want: nil,
|
||||
},
|
||||
{
|
||||
name: "broken json",
|
||||
input: "testdata/content_manifests/broken.json",
|
||||
|
||||
9
pkg/fanal/analyzer/buildinfo/testdata/content_manifests/sbom-purl.json
vendored
Normal file
9
pkg/fanal/analyzer/buildinfo/testdata/content_manifests/sbom-purl.json
vendored
Normal file
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"image_contents": {
|
||||
"dependencies": [
|
||||
{
|
||||
"purl": "pkg:rpm/redhat/zstd@1.5.1-2.el9?arch=src&checksum=sha256:f1ddea14d19746b867e69b48d128dd9c2d3e8cc021a5ea7b0674b48356ad3341&repository_id=rhel-9-base-source"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@@ -28,7 +28,15 @@ const gcrURLSuffix = ".gcr.io"
|
||||
// Google artifact registry
|
||||
const garURLSuffix = "-docker.pkg.dev"
|
||||
|
||||
// Google mirror registry
|
||||
const gmrURLDomain = "mirror.gcr.io"
|
||||
|
||||
func (g *Registry) CheckOptions(domain string, option types.RegistryOptions) (intf.RegistryClient, error) {
|
||||
// We assume there is no chance that `mirror.gcr.io` will require authentication.
|
||||
// So we need to skip `mirror.gcr.io` to avoid errors confusing users when downloading DB's.
|
||||
if domain == gmrURLDomain {
|
||||
return nil, xerrors.Errorf("mirror.gcr.io doesn't require authentication")
|
||||
}
|
||||
if domain != gcrURLDomain && !strings.HasSuffix(domain, gcrURLSuffix) && !strings.HasSuffix(domain, garURLSuffix) {
|
||||
return nil, xerrors.Errorf("Google registry: %w", types.InvalidURLPattern)
|
||||
}
|
||||
|
||||
@@ -53,13 +53,13 @@ var (
|
||||
DBRepositoryFlag = Flag[[]string]{
|
||||
Name: "db-repository",
|
||||
ConfigName: "db.repository",
|
||||
Default: []string{db.DefaultGHCRRepository},
|
||||
Default: []string{db.DefaultGCRRepository, db.DefaultGHCRRepository},
|
||||
Usage: "OCI repository(ies) to retrieve trivy-db in order of priority",
|
||||
}
|
||||
JavaDBRepositoryFlag = Flag[[]string]{
|
||||
Name: "java-db-repository",
|
||||
ConfigName: "db.java-repository",
|
||||
Default: []string{javadb.DefaultGHCRRepository},
|
||||
Default: []string{javadb.DefaultGCRRepository, javadb.DefaultGHCRRepository},
|
||||
Usage: "OCI repository(ies) to retrieve trivy-java-db in order of priority",
|
||||
}
|
||||
LightFlag = Flag[bool]{
|
||||
|
||||
@@ -66,10 +66,16 @@ func TestDBFlagGroup_ToOptions(t *testing.T) {
|
||||
{
|
||||
name: "multiple repos",
|
||||
fields: fields{
|
||||
SkipDBUpdate: true,
|
||||
DownloadDBOnly: false,
|
||||
DBRepository: []string{"ghcr.io/aquasecurity/trivy-db:2", "gallery.ecr.aws/aquasecurity/trivy-db:2"},
|
||||
JavaDBRepository: []string{"ghcr.io/aquasecurity/trivy-java-db:1", "gallery.ecr.aws/aquasecurity/trivy-java-db:1"},
|
||||
SkipDBUpdate: true,
|
||||
DownloadDBOnly: false,
|
||||
DBRepository: []string{
|
||||
"mirror.gcr.io/aquasec/trivy-db:2",
|
||||
"ghcr.io/aquasecurity/trivy-db:2",
|
||||
},
|
||||
JavaDBRepository: []string{
|
||||
"mirror.gcr.io/aquasec/trivy-java-db:1",
|
||||
"ghcr.io/aquasecurity/trivy-java-db:1",
|
||||
},
|
||||
},
|
||||
want: flag.DBOptions{
|
||||
SkipDBUpdate: true,
|
||||
|
||||
@@ -29,6 +29,9 @@ const (
|
||||
var (
|
||||
// GitHub Container Registry
|
||||
DefaultGHCRRepository = fmt.Sprintf("%s:%d", "ghcr.io/aquasecurity/trivy-java-db", SchemaVersion)
|
||||
|
||||
// GCR mirrors
|
||||
DefaultGCRRepository = fmt.Sprintf("%s:%d", "mirror.gcr.io/aquasec/trivy-java-db", SchemaVersion)
|
||||
)
|
||||
|
||||
var updater *Updater
|
||||
|
||||
Reference in New Issue
Block a user