trivy icon indicating copy to clipboard operation
trivy copied to clipboard
Published 4 weeks ago verified publisher icon aquasecurity

Make JavaDB repository configurable

Open candrews opened this issue 2 years ago • 0 comments

Currently, the Java DB repository is hardcoded to ghcr.io/aquasecurity/trivy-java-db: https://github.com/aquasecurity/trivy/blob/v0.37.1/pkg/javadb/client.go#L23

It would be nice to have a way to configure that value (such as via an environment variable and/or command line argument). There is a TODO noting these need at https://github.com/aquasecurity/trivy/blob/v0.37.1/pkg/javadb/client.go#L83

In addition to making the repository configurable, there should also be a way to provide credentials to use to access that repository. For example, private mirrors often require username/password authentication. The ability to provide credentials to access the vulnerability DB repository was requested in https://github.com/aquasecurity/trivy/issues/3544 so ideally very similar approaches would be used for both the Java DB and Vulnerability DB repositories.

candrews avatar Feb 01 '23 18:02 candrews