Add configurable timeout for Trivy scans (#15796)

Signed-off-by: Rolf Ahrenberg <Rolf.Ahrenberg@saunalahti.fi>

make/photon/prepare/migrations/version_2_4_0/harbor.yml.jinja

@@ -147,6 +147,12 @@ trivy:
   {% else %}
   ignore_unfixed: false
   {% endif %}
+  # timeout The duration to wait for scan completion
+  {% if trivy.timeout is defined %}
+  timeout: {{ trivy.timeout }}
+  {% else %}
+  timeout: 5m0s
+  {% endif %}
   # skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
   #
   # You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.

make/photon/prepare/templates/trivy-adapter/env.jinja

@@ -12,6 +12,7 @@ SCANNER_TRIVY_IGNORE_UNFIXED={{trivy_ignore_unfixed}}
 SCANNER_TRIVY_SKIP_UPDATE={{trivy_skip_update}}
 SCANNER_TRIVY_GITHUB_TOKEN={{trivy_github_token}}
 SCANNER_TRIVY_INSECURE={{trivy_insecure}}
+SCANNER_TRIVY_TIMEOUT={{trivy_timeout}}
 HTTP_PROXY={{trivy_http_proxy}}
 HTTPS_PROXY={{trivy_https_proxy}}
 NO_PROXY={{trivy_no_proxy}}

make/photon/prepare/utils/configs.py

@@ -221,6 +221,7 @@ def parse_yaml_config(config_file_path, with_notary, with_trivy, with_chartmuseu
     config_dict['trivy_skip_update'] = trivy_configs.get("skip_update") or False
     config_dict['trivy_ignore_unfixed'] = trivy_configs.get("ignore_unfixed") or False
     config_dict['trivy_insecure'] = trivy_configs.get("insecure") or False
+    config_dict['trivy_timeout'] = trivy_configs.get("timeout") or '5m0s'
 
     # Chart configs
     chart_configs = configs.get("chart") or {}