From 42c1095216be52d86ec3b3ba4db01aef38c903e6 Mon Sep 17 00:00:00 2001
From: DQ <dengq@vmware.com>
Date: Thu, 16 Apr 2020 10:52:03 +0800
Subject: [PATCH] Fix cert issue of trivy Trivy can't access harbor from
 external if https enabled so inject cert to trivy container trust

Signed-off-by: DQ <dengq@vmware.com>
---
 .../templates/docker_compose/docker-compose.yml.jinja      | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja b/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja
index 99334a059..143c4e9e8 100644
--- a/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja
+++ b/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja
@@ -555,7 +555,12 @@ services:
       - type: bind
         source: {{data_volume}}/trivy-adapter/reports
         target: /home/scanner/.cache/reports
-{%if internal_tls.enabled %}
+{% if protocol == 'https' %}
+      - type: bind
+        source: {{data_volume}}/secret/cert/server.crt
+        target: /harbor_cust_cert/harbor_ca.crt
+{% endif %}
+{% if internal_tls.enabled %}
       - type: bind
         source: {{internal_tls.harbor_internal_ca_crt_path}}
         target: /harbor_cust_cert/harbor_internal_ca.crt