badgerspoke
badgerspoke
I've had a crack at a PR which appears to be working in my clusters.
I think it's being reviewed but ironically they're being rate limited pulling the checks db from GH.. I've seen over 20 build attempts
Wow. When did that start, and what is being done about it?
we're in the same boat - we have the vulnerability DBs in ECR (per [this doc](https://github.com/aquasecurity/trivy/blob/main/docs/docs/advanced/air-gap.md)) and that's working fine (care of the operator's service account having an associated IAM...
Still an issue with chart `v0.25.0`: ``` 2025-03-17T02:54:42Z ERROR policyLoader.Get misconfig bundle policies failed to load policies {"error": "failed to download policies: failed to download built-in policies: download error: oci...
Hey @afdesk - so we only have `trivy-checks:0` in our ECR right now - we will mirror the latest 'tag' (it's not clear to me what your cadence for changing...
I can and have now mirrored that tag, but that cannot affect the underlying permission denied issue - the pod was requesting a valid image that does exist even if...
Oh OK sure I'll retry with `1` and get back to you. Thanks
Ok yesterday I mirrored `trivy-checks:1` (with `oras` as we do for the other DBs) and set the operator to use it via the CM via `policies.bundle.oci.ref` as before; the deployment...
This log is from the trivy operator pod. The token will expire, this is normal and expected behaviour for IRSA in AWS. The token is mounted into the pod automatically...