feat: enable trivy server with self-signed certificates #1003
Conversation
|
|
dirien
force-pushed
the
self-signed-cert-support
branch
from
048475d to
50e0299
Compare
Codecov Report
@@ Coverage Diff @@
## main #1003 +/- ##
==========================================
- Coverage 58.78% 58.70% -0.09%
==========================================
Files 65 65
Lines 8493 8502 +9
==========================================
- Hits 4993 4991 -2
- Misses 2987 2996 +9
- Partials 513 515 +2
Continue to review full report at Codecov.
|
|
@dirien thank you for the contribution LGTM !! |
There was a problem hiding this comment.
Thank you for working on this patch @dirien Please see my comments before we marge this PR.
Signed-off-by: Engin Diri <engin.diri@mail.schwarz>
dirien
force-pushed
the
self-signed-cert-support
branch
from
a575fda to
f6fb8b4
Compare
Thanks for your feedback @danielpacak! Appreciate this very much! I changed the points and will create a PR for the version bump! Looking forward |
|
Done for version PR bump -> #1008 |
|
@dirien , could you sign our CLA agreement, which is one of required checks before we merge the PR? |
|
@danielpacak, done! I clicked again on the link!
|
Signed-off-by: Engin Diri engin.diri@mail.schwarz
fixes #1002
There are situations, where you have a self-signed certifacte for the Trivy Server. e.g. in our company, we have to use our own company wide PKI. Or when you use LE staging ACME. This will appear as
x509 certificate signed by unknown authorityWith this PR, we can set a new optional variable called
trivy.insecureServer. This sets in the background the env variableTRIVY_INSECURE. It's different to existingtrivy.insecureRegistryparameter. As we are not really talking about the registry.Looking for your feedback.