mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-25 11:46:43 +01:00
Add support for trivy db_repository and java_db_repository
Signed-off-by: Quentin Bouteiller <quentin.bouteiller@values-associates.com>
This commit is contained in:
parent
bccfd5fb41
commit
0af2129dd9
@ -102,6 +102,11 @@ trivy:
|
|||||||
# `/home/scanner/.cache/trivy/java-db/trivy-java.db` path
|
# `/home/scanner/.cache/trivy/java-db/trivy-java.db` path
|
||||||
skip_java_db_update: false
|
skip_java_db_update: false
|
||||||
#
|
#
|
||||||
|
# OCI repository to retrieve the trivy vulnerability database from.
|
||||||
|
db_repository: ghcr.io/aquasecurity/trivy-db
|
||||||
|
# OCI repository to retrieve the Java trivy vulnerability database from.
|
||||||
|
java_db_repository: ghcr.io/aquasecurity/trivy-java-db
|
||||||
|
#
|
||||||
# The offline_scan option prevents Trivy from sending API requests to identify dependencies.
|
# The offline_scan option prevents Trivy from sending API requests to identify dependencies.
|
||||||
# Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it.
|
# Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it.
|
||||||
# For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't
|
# For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't
|
||||||
|
@ -11,6 +11,8 @@ SCANNER_TRIVY_SEVERITY=UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
|
|||||||
SCANNER_TRIVY_IGNORE_UNFIXED={{trivy_ignore_unfixed}}
|
SCANNER_TRIVY_IGNORE_UNFIXED={{trivy_ignore_unfixed}}
|
||||||
SCANNER_TRIVY_SKIP_UPDATE={{trivy_skip_update}}
|
SCANNER_TRIVY_SKIP_UPDATE={{trivy_skip_update}}
|
||||||
SCANNER_TRIVY_SKIP_JAVA_DB_UPDATE={{trivy_skip_java_db_update}}
|
SCANNER_TRIVY_SKIP_JAVA_DB_UPDATE={{trivy_skip_java_db_update}}
|
||||||
|
SCANNER_TRIVY_DB_REPOSITORY={{trivy_db_repository}}
|
||||||
|
SCANNER_TRIVY_JAVA_DB_REPOSITORY={{trivy_java_db_repository}}
|
||||||
SCANNER_TRIVY_OFFLINE_SCAN={{trivy_offline_scan}}
|
SCANNER_TRIVY_OFFLINE_SCAN={{trivy_offline_scan}}
|
||||||
SCANNER_TRIVY_SECURITY_CHECKS={{trivy_security_check}}
|
SCANNER_TRIVY_SECURITY_CHECKS={{trivy_security_check}}
|
||||||
SCANNER_TRIVY_GITHUB_TOKEN={{trivy_github_token}}
|
SCANNER_TRIVY_GITHUB_TOKEN={{trivy_github_token}}
|
||||||
|
@ -213,6 +213,8 @@ def parse_yaml_config(config_file_path, with_trivy):
|
|||||||
config_dict['trivy_github_token'] = trivy_configs.get("github_token") or ''
|
config_dict['trivy_github_token'] = trivy_configs.get("github_token") or ''
|
||||||
config_dict['trivy_skip_update'] = trivy_configs.get("skip_update") or False
|
config_dict['trivy_skip_update'] = trivy_configs.get("skip_update") or False
|
||||||
config_dict['trivy_skip_java_db_update'] = trivy_configs.get("skip_java_db_update") or False
|
config_dict['trivy_skip_java_db_update'] = trivy_configs.get("skip_java_db_update") or False
|
||||||
|
config_dict['trivy_db_repository'] = trivy_configs.get("db_repository") or 'ghcr.io/aquasecurity/trivy-db'
|
||||||
|
config_dict['trivy_java_db_repository'] = trivy_configs.get("java_db_repository") or 'ghcr.io/aquasecurity/trivy-java-db'
|
||||||
config_dict['trivy_offline_scan'] = trivy_configs.get("offline_scan") or False
|
config_dict['trivy_offline_scan'] = trivy_configs.get("offline_scan") or False
|
||||||
config_dict['trivy_security_check'] = trivy_configs.get("security_check") or 'vuln'
|
config_dict['trivy_security_check'] = trivy_configs.get("security_check") or 'vuln'
|
||||||
config_dict['trivy_ignore_unfixed'] = trivy_configs.get("ignore_unfixed") or False
|
config_dict['trivy_ignore_unfixed'] = trivy_configs.get("ignore_unfixed") or False
|
||||||
|
Loading…
Reference in New Issue
Block a user