feat: Allow configuring GitHub token for Trivy scanner (aquasecurity#172

)

Resolves: aquasecurity#43

README.md

@@ -229,6 +229,7 @@ The following table lists available configuration parameters.
 | CONFIGMAP KEY         | DEFAULT                                                | DESCRIPTION |
 | --------------------- | ------------------------------------------------------ | ----------- |
 | `trivy.httpProxy`     | N/A                                                    | The HTTP proxy used by Trivy to download the vulnerabilities database from GitHub |
+| `trivy.githubToken`   | N/A                                                    | The GitHub personal access token used by Trivy to download the vulnerabilities database from GitHub |
 | `trivy.severity`      | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL`                     | A comma separated list of severity levels reported by Trivy |
 | `trivy.imageRef`      | `docker.io/aquasec/trivy:0.9.1`                        | Trivy image reference |
 | `polaris.config.yaml` | [Check the default value here][default-polaris-config] | Polaris configuration file |

pkg/find/vulnerabilities/trivy/scanner.go

@@ -157,6 +157,18 @@ func (s *Scanner) PrepareScanJob(_ context.Context, workload kube.Object, spec c
 						},
 					},
 				},
+				{
+					Name: "GITHUB_TOKEN",
+					ValueFrom: &core.EnvVarSource{
+						ConfigMapKeyRef: &core.ConfigMapKeySelector{
+							LocalObjectReference: core.LocalObjectReference{
+								Name: kube.ConfigMapStarboard,
+							},
+							Key:      "trivy.githubToken",
+							Optional: pointer.BoolPtr(true),
+						},
+					},
+				},
 			},
 			Command: []string{
 				"trivy",