Open adriil opened 2 years ago
This actually looks harder than I first thought, as the action.yaml
may not support this : https://github.com/orgs/community/discussions/25241
Looks like if I want to do something similar, I need to build the Dockerfile first from the mirrored image aquasecurity/trivy
and then tell the action to run my image instead of Dockerfile
...
hi @adriil - thanks for sharing this. I didn't know about this limitation of GitHub Actions. Would this help in anyway if we could adapt to use it with the Trivy Action somehow? https://aquasecurity.github.io/trivy/v0.31.3/docs/advanced/air-gap/
Hi @simar7
I think air-gap faces the same limitation as trivy
is needed to download the database and ultimately run the scan if I understood. The only way I see to achieve this is by installing trivy
on our runners (or runners hosts) directly, but then this action wouldn't be necessary anymore and we would miss the point of not having to care about the client at all.
Yeah I see your point. The best alternative I can think of is that you fork this action and modify the base image, while keeping it up to date with the upstream changes (this action repo).
As much as I wish you wouldn't have to fork this repo, I don't see a way out considering the pull is blocked and GitHub does not allow passing custom build args.
I agree, forking the repo sounds like a suitable workaround until GitHub supports --build-arg
. They clearly must add it :)
Thank you for your support.
Hi team,
I'd like to experiment this action for my company, but I'm facing the following issue :
ghcr.io
ghcr.io
domain (which I can understand)A possible solution for us would be to mirror the base image
ghcr.io/aquasecurity/trivy
to our internal registry, but we would then need the first line of the Dockerfile to be configurable to have something like this :And then adapt the action itself to support this new argument.
Would it sound like an acceptable feature ?
Thank you, Adrien