clair/trivy offline for Private Clouds

[spwangxp]

由于Clair 在使用过程中需要不断更新数据库，而私有云缺乏联网条件，所以需要提供手动导入等服务。

1，获取漏洞信息 2，加载到数据库

https://github.com/quay/clair/tree/master/Documentation

[spwangxp]

指导手册：https://github.com/goharbor/harbor/blob/release-2.0.0/docs/administration/vulnerability-scanning/pluggable-scanners.md https://github.com/goharbor/harbor/blob/release-2.0.0/docs/administration/vulnerability-scanning/import-vulnerability-data.md

notice: "clair-db" means postgresql in our harbor instance

[spwangxp]

If you set the value of the SCANNER_TRIVY_SKIP_UPDATE to true, make sure that you download the Trivy DB from GitHub and mount it in the /home/scanner/.cache/trivy/db/trivy.db path.

https://github.com/aquasecurity/harbor-scanner-trivy#troubleshooting