Add explanation for how to use non-system certificates #8429
Amndeep7
started this conversation in
Documentation
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
Currently the docs only explain how to avoid using certificates by using the insecure approach.
Link
https://trivy.dev/latest/docs/references/troubleshooting/#certification
Suggestions
Please put in the information specified in this other issue/discussion: #4169 #4194 https://pkg.go.dev/crypto/x509#SystemCertPool, namely using the SSL_CERT_FILE or SSL_CERT_DIR envvar to specify where your certificate is.
An example of an invocation:
podman run -v ~/mycert.crt:/usr/local/share/ca-certificates/mycert.crt -e 'SSL_CERT_FILE=/usr/local/share/ca-certificates/mycert.crt' myregistry.withcert.com/aquasec/trivy:0.59.1 --db-repository myregistry.withcert.com/aquasec/trivy-db:2 filesystem /rootNote the bindmount of the cert to a location that the envvar then points to. It'll be a bit more straightforward without the docker/podman stuff around it, but that was my usecase.
Beta Was this translation helpful? Give feedback.
All reactions