HTTPS Proxy¶
If your network environment requires the use of a proxy, you must ensure proper configuration of the httpsProxy
parameter when running helm upgrade --install
command.
# omitted "helm upgrade --install" command and parameters
--set httpsProxy="https://secure.proxy.tld"
Additionally, you can specify URLs that should bypass the proxy, by setting the noProxy
parameter in comma-separated
list format. Note that this parameter already has a default value: kubernetes.default.svc.*,127.0.0.1,localhost
.
Configuring proxy settings enables trivy
plugin, zora-operator
and zora-tokenrefresh
to use the proxy for external requests.
Zora OSS installations integrated with Zora Dashboard communicate with the addresses below:
https://zora-dashboard.undistro.io
for sending scan resultshttps://login.undistro.io/oauth/token
for refreshing authentication token
While Trivy downloads vulnerability databases during scans from the following external sources:
ghcr.io/aquasecurity/trivy-db
ghcr.io/aquasecurity/trivy-java-db
mirror.gcr.io/aquasec/trivy-db
mirror.gcr.io/aquasec/trivy-java-db
Note
A custom vulnerability database repository can be specified using the parameters scan.plugins.trivy.dbRepository
and scan.plugins.trivy.javaDbRepository
.
You can use skopeo to copy the official database to your
own OCI-compliant registry with the command below.
Keep in mind that the original database is continuously updated with new vulnerabilities,
so it's important to regularly synchronize your copy if you choose to host it yourself.
skopeo copy docker://ghcr.io/aquasecurity/trivy-db:2 docker://registry.example.com/trivy-db:2