Replies: 1 comment 1 reply
-
Thanks for the detailed write up. We currently don't support this but I don't see any reason why we can't. So I'll convert this discussion into an feature request issue to work on. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
OCI image set with
--policy-bundle-repository
does not utilize authentication credentials. I have tried setting the authentication credentials via environment variablesTRIVY_USERNAME
/TRIVY_PASSWORD
as well as command line arguments--username
/--password
, but I am recieving an unauthorized error code from my private OCI container registry. I have tried with both thetrivy filesystem
.trivy image
subcommands, but the results are the same.Conversely, when setting the
--db-repository
and--java-db-repository
options, these are able to pull my private OCI container registry using the credentials set with via environment variablesTRIVY_USERNAME
/TRIVY_PASSWORD
.Notice in the output below that
${MY_OCI_REGISTRY}/aquasecurity/trivy-db
is pulled as expected, but${MY_OCI_REGISTRY}/aquasecurity/defsec:0
fails.Desired Behavior
I expect the OCI image set with
--policy-bundle-repository
to be pulled using the credentials specified via environment variablesTRIVY_USERNAME
/TRIVY_PASSWORD
, similar to the functionality supported in--db-repository
and--java-db-repository
.Actual Behavior
As shown in the command line output, the OCI image set with
--policy-bundle-repository
is not pulled using the the credentials specified via environment variablesTRIVY_USERNAME
/TRIVY_PASSWORD
.Reproduction Steps
Target
Filesystem
Scanner
vuln,misconfig,secret,license
Output Format
Table
Mode
Standalone
Debug Output
Operating System
Ubuntu 22.04.3 LTS
Version
Checklist
trivy image --reset
Beta Was this translation helpful? Give feedback.
All reactions