-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add auth support for downloading OCI artifacts (#3915)
- Loading branch information
Showing
22 changed files
with
280 additions
and
215 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# Database | ||
Trivy uses two types of databases for vulnerability detection: | ||
|
||
- Vulnerability Database | ||
- Java Index Database | ||
|
||
This page provides detailed information about these databases. | ||
|
||
## Vulnerability Database | ||
Trivy utilizes a database containing vulnerability information. | ||
This database is built every six hours on [GitHub](https://github.com/aquasecurity/trivy-db) and is distributed via [GitHub Container registry (GHCR)](https://ghcr.io/aquasecurity/trivy-db). | ||
The database is cached and updated as needed. | ||
As Trivy updates the database automatically during execution, users don't need to be concerned about it. | ||
|
||
For CLI flags related to the database, please refer to [this page](./examples/db.md). | ||
|
||
### Private Hosting | ||
If you host the database on your own OCI registry, you can specify a different repository with the `--db-repository` flag. | ||
The default is `ghcr.io/aquasecurity/trivy-db`. | ||
|
||
```shell | ||
$ trivy image --db-repository YOUR_REPO YOUR_IMAGE | ||
``` | ||
|
||
If authentication is required, it can be configured in the same way as for private images. | ||
Please refer to [the documentation](../advanced/private-registries/index.md) for more details. | ||
|
||
## Java Index Database | ||
This database is only downloaded when scanning JAR files so that Trivy can identify the groupId, artifactId, and version of JAR files. | ||
It is built once a day on [GitHub](https://github.com/aquasecurity/trivy-java-db) and distributed via [GitHub Container registry (GHCR)](https://ghcr.io/aquasecurity/trivy-java-db). | ||
Like the vulnerability database, it is automatically downloaded and updated when needed, so users don't need to worry about it. | ||
|
||
### Private Hosting | ||
If you host the database on your own OCI registry, you can specify a different repository with the `--java-db-repository` flag. | ||
The default is `ghcr.io/aquasecurity/trivy-java-db`. | ||
|
||
If authentication is required, you need to run `docker login YOUR_REGISTRY`. | ||
Currently, specifying a username and password is not supported. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.