Setting up Trivy for AirGap Approach within CI/CD
OpenShift | Kubernetes | CI/CD | Tekton
I recently had some connectivity issue using the Trivy image from inside a very restrictive environment. The Trivy image would not communicate to the DB. I saw some documentation about an AirGap exchange of the database. This article is to explain how to set this up and run it.
Assumptions:
- That you have an OpenShift Cluster or Kubernetes Cluster with Tekton
- Assume that you have privileges to run Tekton Tasks and Task Runs.
- Have access to Quay.io
Pulling Down the Trivy Database
The first process of this is to pull down the Trivy Database. In order to do this I used wget instead of curl. I also used a specific image that contained Ubuntu Operating System and then installed wget on it. I make it into its own image so i can use it on the Tekton steps.
Why do we need to do this?
Well when the Trivy scanner first starts it will request a need for an initial CVE database. Yes, there is a skip-update argument however you cannot use this argument when the trivy scanner first starts up. So how do we get by this? Well we can get by this by first downloading the database fromβ¦
