8d0ae1f5de
Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
2.0 KiB
Cache
The cache directory includes
- Vulnerability Database1
- Java Index Database2
- Misconfiguration Checks3
- Cache of previous scans.
The cache option is common to all scanners.
Clear Caches
trivy clean subcommand removes caches.
$ trivy clean --scan-cache
Result
2024-06-21T21:58:21+04:00 INFO Removing scan cache...
If you want to delete cached vulnerability databases, use --vuln-db.
You can also delete all caches with --all.
See trivy clean --help for details.
Cache Directory
Specify where the cache is stored with --cache-dir.
$ trivy --cache-dir /tmp/trivy/ image python:3.4-alpine3.9
Cache Backend
!!! warning "EXPERIMENTAL" This feature might change without preserving backwards compatibility.
Trivy supports local filesystem and Redis as the cache backend. This option is useful especially for client/server mode.
Two options:
fs- the cache path can be specified by
--cache-dir
- the cache path can be specified by
redis://redis://[HOST]:[PORT]- TTL can be configured via
--cache-ttl
$ trivy server --cache-backend redis://localhost:6379
If you want to use TLS with Redis, you can enable it by specifying the --redis-tls flag.
$ trivy server --cache-backend redis://localhost:6379 --redis-tls
Trivy also supports for connecting to Redis with your certificates.
You need to specify --redis-ca , --redis-cert , and --redis-key options.
$ trivy server --cache-backend redis://localhost:6379 \
--redis-ca /path/to/ca-cert.pem \
--redis-cert /path/to/cert.pem \
--redis-key /path/to/key.pem