chore(trivy): Bump up trivy adapter to 0.9.0

- Vendor the latest Trivy release 0.6.0
- Configure TLS 1.2 as min version when TLS is enabled
- Add more tracing to adapter config to facilitate troubleshooting

Resolves: #11544

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>

Makefile

@@ -103,8 +103,8 @@ NOTARYVERSION=v0.6.1
 CLAIRVERSION=v2.1.1
 NOTARYMIGRATEVERSION=v3.5.4
 CLAIRADAPTERVERSION=v1.0.2
-TRIVYVERSION=v0.5.4
-TRIVYADAPTERVERSION=v0.8.0
+TRIVYVERSION=v0.6.0
+TRIVYADAPTERVERSION=v0.9.0
 
 # version of chartmuseum
 CHARTMUSEUMVERSION=v0.9.0

make/harbor.yml.tmpl

@@ -78,6 +78,9 @@ trivy:
   # If the flag is enabled you have to manually download the `trivy.db` file and mount it in the
   # /home/scanner/.cache/trivy/db/trivy.db path.
   skip_update: false
+  #
+  # insecure The flag to skip verifying registry certificate
+  insecure: false
   # github_token The GitHub access token to download Trivy DB
   #
   # Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.

make/photon/prepare/templates/trivy-adapter/env.jinja

@@ -10,6 +10,7 @@ SCANNER_TRIVY_SEVERITY=UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
 SCANNER_TRIVY_IGNORE_UNFIXED={{trivy_ignore_unfixed}}
 SCANNER_TRIVY_SKIP_UPDATE={{trivy_skip_update}}
 SCANNER_TRIVY_GITHUB_TOKEN={{trivy_github_token}}
+SCANNER_TRIVY_INSECURE={{trivy_insecure}}
 HTTP_PROXY={{trivy_http_proxy}}
 HTTPS_PROXY={{trivy_https_proxy}}
 NO_PROXY={{trivy_no_proxy}}

make/photon/prepare/utils/configs.py

@@ -245,6 +245,7 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit
     config_dict['trivy_github_token'] = trivy_configs.get("github_token") or ''
     config_dict['trivy_skip_update'] = trivy_configs.get("skip_update") or False
     config_dict['trivy_ignore_unfixed'] = trivy_configs.get("ignore_unfixed") or False
+    config_dict['trivy_insecure'] = trivy_configs.get("insecure") or False
 
     # Chart configs
     chart_configs = configs.get("chart") or {}