ninjadq
commented
2 years ago why we need this option for trivy? In what scenario we must want this?
Open Vad1mo opened 2 years ago
ninjadq
commented
2 years ago why we need this option for trivy? In what scenario we must want this?
Vad1mo
commented
2 years ago the reason to not use a PVC is to have stateless Trivy setup, (less overhead, more flexible setup) it most cases it is ok to always download the DB on pod restart (the DB is currently around ~130MB)
slushysnowman
commented
1 year ago This should be relatively easy to implement and would be a big bonus - we've just swapped to using EFS in AWS to get around this, but there's no reason why Trivy can't be stateless - but because persistence is enabled at top level, not fine-grained per workload, it makes it hard to achieve this, if for example you do want persistence enabled for the jobservice
github-actions[bot]
commented
5 months ago This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
As Trivy CVS DB is relatively small, it can be downloaded on each pod start from the internet.
It would be good if this helm chart would have the option:
persistence.trivy.enabledWhen
enabledis set to false the chart should use aemptyDirinstead of an PVC.