Add configurable timeout for Trivy scans (#15796)

Signed-off-by: Rolf Ahrenberg <Rolf.Ahrenberg@saunalahti.fi>
This commit is contained in:
Rolf Ahrenberg 2021-10-22 09:36:12 +03:00 committed by GitHub
parent c814daa894
commit 5f3972f86d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 0 deletions

View File

@ -147,6 +147,12 @@ trivy:
{% else %}
ignore_unfixed: false
{% endif %}
# timeout The duration to wait for scan completion
{% if trivy.timeout is defined %}
timeout: {{ trivy.timeout }}
{% else %}
timeout: 5m0s
{% endif %}
# skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
#
# You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.

View File

@ -12,6 +12,7 @@ SCANNER_TRIVY_IGNORE_UNFIXED={{trivy_ignore_unfixed}}
SCANNER_TRIVY_SKIP_UPDATE={{trivy_skip_update}}
SCANNER_TRIVY_GITHUB_TOKEN={{trivy_github_token}}
SCANNER_TRIVY_INSECURE={{trivy_insecure}}
SCANNER_TRIVY_TIMEOUT={{trivy_timeout}}
HTTP_PROXY={{trivy_http_proxy}}
HTTPS_PROXY={{trivy_https_proxy}}
NO_PROXY={{trivy_no_proxy}}

View File

@ -221,6 +221,7 @@ def parse_yaml_config(config_file_path, with_notary, with_trivy, with_chartmuseu
config_dict['trivy_skip_update'] = trivy_configs.get("skip_update") or False
config_dict['trivy_ignore_unfixed'] = trivy_configs.get("ignore_unfixed") or False
config_dict['trivy_insecure'] = trivy_configs.get("insecure") or False
config_dict['trivy_timeout'] = trivy_configs.get("timeout") or '5m0s'
# Chart configs
chart_configs = configs.get("chart") or {}