Download binary

[andreac82me]

I installed trivy on azure builder agent using:

dnf install -y https://github.com/aquasecurity/trivy/releases/download/v0.52.0/trivy_0.52.0_Linux-64bit.rpm

sh-4.4$ trivy -v Version: 0.52.0 Vulnerability DB: Version: 2 UpdatedAt: 2024-06-07 06:11:22.699349734 +0000 UTC NextUpdate: 2024-06-07 12:11:22.699349173 +0000 UTC DownloadedAt: 2024-06-07 08:44:09.02993983 +0000 UTC Java DB: Version: 1 UpdatedAt: 2024-06-07 01:02:34.188908636 +0000 UTC NextUpdate: 2024-06-10 01:02:34.188908516 +0000 UTC DownloadedAt: 2024-06-07 08:44:30.469425256 +0000 UTC

sh-4.4$ which trivy /usr/bin/trivy

but azure devops task is trying again to download extension, but is not permitted to go on internet.

Preparing output location... Run requested using local Trivy binary... Finding correct Trivy version to install... Required Trivy version is v0.52.0 Downloading Trivy... Downloading: https://github.com/aquasecurity/trivy/releases/download/v0.52.0/trivy_0.52.0_Linux-64bit.tar.gz

how can I resolve?

tnx

[deblaci]

I have same issue. Would be nice to have option to give proxy repo for download. Or define binary existing location.

[TonyPaterson]

We are also facing the same issue. You would think it should be a simple change For a security company to force us to download binary from GitHub is a bit unexpected.