Closed evgkrsk closed 2 years ago
@evgkrsk please check the conflicts with this commit: https://github.com/devopstales/trivy-operator/commit/a79a7ed7a623ca823651132b9ee55ac0a00a0e5f
I see no sense in https://github.com/devopstales/trivy-operator/commit/a79a7ed7a623ca823651132b9ee55ac0a00a0e5f as long as TRIVY_SKIP_DB_UPDATE in this PR is already makes trivy skip DB update.
I vote to revert a79a7ed7a623ca823651132b9ee55ac0a00a0e5f . What do you think?
@evgkrsk If you read the link I give you at the commit https://github.com/devopstales/trivy-operator/commit/a79a7ed7a623ca823651132b9ee55ac0a00a0e5f, you can see, that you need to disable update db not just in the start but every image scan. In my commit I created an example for you, you can add an option for the scan based on an environment variable. Use this example to add the --skip-update
option for the scans.
There is no need to do this: https://aquasecurity.github.io/trivy/v0.31.3/docs/references/customization/envs/
TRIVY_SKIP_DB_UPDATE in this PR already must be translated to "--skip-db-update" by trivy binary.
@stensonb OK I don't know that. But I didn't want to revert the change I made in the commit, because it allow me to easily add other options like filtering. https://aquasecurity.github.io/trivy/v0.31.3/docs/vulnerability/examples/filter/
Ok, I will rewrite PR over this commit...
See: https://github.com/devopstales/trivy-operator/issues/28