Upstream
/
harbor
mirror of https://github.com/goharbor/harbor.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #11134 from danielpacak/feat/issue_11090/trivy_skip_update_flag 

feat(trivy): Configure Trivy to skip database updates
This commit is contained in:
Steven Zou 2020-03-19 18:13:08 +08:00 committed by GitHub
parent 3de8175d1b 7325105714
commit 2859cd8b69
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -104,7 +104,7 @@ CLAIRVERSION=v2.1.1
NOTARYMIGRATEVERSION=v3.5.4
CLAIRADAPTERVERSION=v1.0.1
TRIVYVERSION=v0.5.2
TRIVYADAPTERVERSION=v0.4.0
TRIVYADAPTERVERSION=v0.5.0
# version of chartmuseum
CHARTMUSEUMVERSION=v0.9.0

8
make/harbor.yml.tmpl
View File

@ -70,6 +70,14 @@ clair:
# Trivy configuration
trivy:
# ignoreUnfixed The flag to display only fixed vulnerabilities
ignore_unfixed: false
# skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
#
# You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.
# If the flag is enabled you have to manually download the `trivy.db` file and mount it in the
# /home/scanner/.cache/trivy/db/trivy.db path.
skip_update: false
# github_token The GitHub access token to download Trivy DB
#
# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.

3
make/photon/prepare/templates/trivy-adapter/env.jinja
View File

@ -7,7 +7,8 @@ SCANNER_TRIVY_CACHE_DIR=/home/scanner/.cache/trivy
SCANNER_TRIVY_REPORTS_DIR=/home/scanner/.cache/reports
SCANNER_TRIVY_VULN_TYPE=os,library
SCANNER_TRIVY_SEVERITY=UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
SCANNER_TRIVY_IGNORE_UNFIXED=false
SCANNER_TRIVY_IGNORE_UNFIXED={{trivy_ignore_unfixed}}
SCANNER_TRIVY_SKIP_UPDATE={{trivy_skip_update}}
SCANNER_TRIVY_GITHUB_TOKEN={{trivy_github_token}}
HTTP_PROXY={{trivy_http_proxy}}
HTTPS_PROXY={{trivy_https_proxy}}

5
make/photon/prepare/utils/configs.py
View File

@ -242,8 +242,9 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit
# Trivy configs, optional
trivy_configs = configs.get("trivy") or {}
trivy_github_token = trivy_configs.get("github_token") or ''
config_dict['trivy_github_token'] = trivy_github_token
config_dict['trivy_github_token'] = trivy_configs.get("github_token") or ''
config_dict['trivy_skip_update'] = trivy_configs.get("skip_update") or False
config_dict['trivy_ignore_unfixed'] = trivy_configs.get("ignore_unfixed") or False
# Chart configs
chart_configs = configs.get("chart") or {}