Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Support custom URLs for builtin policies #4672

Closed
simar7 opened this issue Jun 19, 2023 Discussed in #4651 · 0 comments · Fixed by #4834
Closed

feat: Support custom URLs for builtin policies #4672

simar7 opened this issue Jun 19, 2023 Discussed in #4651 · 0 comments · Fixed by #4834
Assignees
Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning

Comments

@simar7
Copy link
Member

simar7 commented Jun 19, 2023

As with Trivy DB, we can add support for custom URLs for users to download the misconfiguration policy bundle from.

Discussed in #4651

Originally posted by danieljantosovic-ext54837 June 16, 2023

Question

Hello,
in our company we use Artifactory remote repositories as proxy to access registries on internet.
I'm able to configure our artifactory as DB_REPOSITORY , DOWNLOAD_URL and DOWNLOAD_BASE_URL and i can successfully scan for example filesystem , but when I try scan configuration trivy starts downloading updates of policies through ghcr.io directly.
Is there a way to redirect these updates to our artifactory too?
Thank you.

Target

Filesystem

Scanner

Misconfiguration

Output Format

Template

Mode

Standalone

Operating System

Ubunut 22.04

Version

0.42.1
@simar7 simar7 added kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning labels Jun 19, 2023
@simar7 simar7 self-assigned this Jul 17, 2023
simar7 added a commit that referenced this issue Jul 17, 2023
This PR adds support for custom policy bundles to be specified
with a flag `--policy-bundle-url` as an option to Trivy.

Fixes: #4672

Signed-off-by: Simar <simar@linux.com>
simar7 added a commit that referenced this issue Jul 20, 2023
This PR adds support for custom policy bundles to be specified
with a flag `--policy-bundle-url` as an option to Trivy.

Fixes: #4672

Signed-off-by: Simar <simar@linux.com>
simar7 added a commit that referenced this issue Jul 24, 2023
This PR adds support for custom policy bundles to be specified
with a flag `--policy-bundle-url` as an option to Trivy.

Fixes: #4672

Signed-off-by: Simar <simar@linux.com>
github-merge-queue bot pushed a commit that referenced this issue Jul 26, 2023
* feat(misconf): Support custom URLs for policy bundle

This PR adds support for custom policy bundles to be specified
with a flag `--policy-bundle-url` as an option to Trivy.

Fixes: #4672

Signed-off-by: Simar <simar@linux.com>

* update docs

Signed-off-by: Simar <simar@linux.com>

* rename flag to `--policy-bundle-repository`

Signed-off-by: Simar <simar@linux.com>

* fix field

* rebase and update docs

Signed-off-by: Simar <simar@linux.com>

* set policyBundleRepo on client

Signed-off-by: Simar <simar@linux.com>

---------

Signed-off-by: Simar <simar@linux.com>
AnaisUrlichs pushed a commit to AnaisUrlichs/trivy that referenced this issue Aug 10, 2023
* feat(misconf): Support custom URLs for policy bundle

This PR adds support for custom policy bundles to be specified
with a flag `--policy-bundle-url` as an option to Trivy.

Fixes: aquasecurity#4672

Signed-off-by: Simar <simar@linux.com>

* update docs

Signed-off-by: Simar <simar@linux.com>

* rename flag to `--policy-bundle-repository`

Signed-off-by: Simar <simar@linux.com>

* fix field

* rebase and update docs

Signed-off-by: Simar <simar@linux.com>

* set policyBundleRepo on client

Signed-off-by: Simar <simar@linux.com>

---------

Signed-off-by: Simar <simar@linux.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant