Open strowi opened 3 days ago
Docker Hub has very strict rate limits. I'm not sure how much Docker Hub helps address this issue. https://docs.docker.com/docker-hub/download-rate-limit/#whats-the-download-rate-limit-on-docker-hub
We're trying to use ECR Public now. Once we complete it, we'll think about Docker Hub. https://github.com/aquasecurity/trivy-db/pull/440
Thx for the info, must've missed that ECR Issue.
As for Docker-Hub, it would at least help with Harbor (other proxies?), since the HEAD-Requests don't count towards the Rate-limit.
As of Harbor v2.1.1, Harbor proxy cache fires a HEAD request to determine whether any layer of a cached image has been updated in the Docker Hub registry.
Not sure if/which other Proxies do support HEAD requests to Registries other than Docker-Hub.
Hi,
it seems ghcr.io has changed something about their rate-limits causing [some problems](https://github.com/aquasecurity/trivy-action/issues/389.
As we are using Gitlab-CI and already have a Harbor Proxy running, we tried to circumcent this via a harbor-proxy, but that doesn't seem to work successfully with ghcr.io (still running into rate-limits).
Turns out Harbor supports the HEAD-Request/Proxy-Mechanism only for docker.io.
Therefore it would be nice if this could also be published to docker.io so people NOT on github can work around this? (I checked and only found a 1y old aquasec/trivy-db ) regards, strowi