Skip to content

feat: add using Trivy config files#2529

Merged
simar7 merged 5 commits intoaquasecurity:mainfrom
afdesk:feat/trivy-config-file
May 30, 2025
Merged

feat: add using Trivy config files#2529
simar7 merged 5 commits intoaquasecurity:mainfrom
afdesk:feat/trivy-config-file

Conversation

@afdesk
Copy link
Copy Markdown
Contributor

@afdesk afdesk commented Apr 28, 2025
edited
Loading

Description

This PR adds support of Trivy config file. it needs because Trivy allows set up mirrors for remote container and databases only via Trivy config file.

config="registry:
  mirrors:
    index.docker.io:
     - mirror.gcr.io"

kubectl patch cm trivy-operator-trivy-config -n trivy-system \
  --type merge \
  -p "$(jq -n --arg config "$config" '{"data": {"trivy.configFile": $config}}')"

Related issues

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@afdesk afdesk force-pushed the feat/trivy-config-file branch from 2787166 to a00b15c Compare April 28, 2025 10:51
@afdesk afdesk marked this pull request as ready for review April 28, 2025 15:49
@afdesk afdesk requested a review from simar7 as a code owner April 28, 2025 15:49
@afdesk afdesk marked this pull request as draft April 28, 2025 15:50
@afdesk afdesk marked this pull request as ready for review May 12, 2025 11:48
simar7
simar7 reviewed May 23, 2025
View reviewed changes
simar7
simar7 reviewed May 23, 2025
View reviewed changes
simar7
simar7 reviewed May 23, 2025
View reviewed changes
deploy/helm/values.yaml
# - CVE-1970-0002

# -- configFile can be used to tell Trivy to use specific options available only in the config file (ex. Mirror registries).
configFile: ~
Copy link
Copy Markdown
Member

@simar7 simar7 May 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does the ~ imply anything?

Copy link
Copy Markdown
Contributor Author

@afdesk afdesk May 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tilde is one of the ways the null value can be written.
I thought it's a common style for this value.yaml:
https://github.com/aquasecurity/trivy-operator/blob/main/deploy/helm/values.yaml#L187-L188

@afdesk afdesk requested a review from simar7 May 23, 2025 06:53
@simar7 simar7 merged commit 46ad2e7 into aquasecurity:main May 30, 2025
9 checks passed
@afdesk afdesk deleted the feat/trivy-config-file branch August 12, 2025 20:59
@bh-tt bh-tt mentioned this pull request Sep 16, 2025
Closed
@bh-tt
Copy link
Copy Markdown
Contributor

bh-tt commented Sep 16, 2025

This PR failed to include the GetPodSpecForClientServerMode in the change, resulting in failing jobs when using this feature together with the trivy server.

@bh-tt bh-tt mentioned this pull request Sep 17, 2025
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simar7 simar7 simar7 approved these changes

Assignees

No one assigned

Labels

feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow to try several mirrors for a given registry

3 participants

@afdesk @bh-tt @simar7