default security-checks flag to vuln and allow it to be tuned via env var

[dkulchinsky]

--security-check flag will default to vuln to avoid scanning for secrets

can be tuned via SCANNER_TRIVY_SECURITY_CHECKS env variable

fixes goharbor/harbor#17525

[CLAassistant]

All committers have signed the CLA.

[dkulchinsky]

is anyone interested to take a look at this? @danielpacak?

[chen-keinan]

@dkulchinsky I'm looking at it , could you please fix the rest_api_test.go in mean while:

• Add SecurityChecks: "vuln" in L49
• Add Property "env.SCANNER_TRIVY_SECURITY_CHECKS": "vuln" , L215

update config doc

[chen-keinan]

is anyone interested to take a look at this? @danielpacak?

@dkulchinsky do you mind if I'll take over this PR and do the change myself ?

[dkulchinsky]

Hey @chen-keinan, apologies for the delay in my response, was in training for few days and missed the notification.

let me get this sorted 👍🏼

[dkulchinsky]

@chen-keinan pushed the changes as requested, hopefully that does the trick 😄

[chen-keinan]

@chen-keinan pushed the changes as requested, hopefully that does the trick 😄

Great , tests are passing now.

• I'll have to get another PR to fix vulnerabilities (as vulnerabilities found on this image , therefore it failing)
• I'll ping you once it done and you could rebase your PR and then we will get another release.

[chen-keinan]

@dkulchinsky since the harbor-scanner-trivy image is based in trivy image then we need to wait for this PR to be merged at trivy , I will push it ASAP.

[dkulchinsky]

thanks for the update @chen-keinan!

[chen-keinan]

@dkulchinsky vulnerability issue has ben fixed , can you please rebase you branch with upstream.

[dkulchinsky]

Hey @chen-keinan 👋🏼 everything seem to be in order now 👍🏼 thanks for the help!

[chen-keinan]

LGTM 🚀