惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Forbes - Security
Forbes - Security
T
Tailwind CSS Blog
Hugging Face - Blog
Hugging Face - Blog
Blog — PlanetScale
Blog — PlanetScale
WordPress大学
WordPress大学
aimingoo的专栏
aimingoo的专栏
Y
Y Combinator Blog
U
Unit 42
I
InfoQ
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
V
Visual Studio Blog
B
Blog RSS Feed
Vercel News
Vercel News
F
Fortinet All Blogs
Know Your Adversary
Know Your Adversary
T
Troy Hunt's Blog
博客园 - 【当耐特】
MongoDB | Blog
MongoDB | Blog
大猫的无限游戏
大猫的无限游戏
A
About on SuperTechFans
Jina AI
Jina AI
小众软件
小众软件
T
Threatpost
有赞技术团队
有赞技术团队
人人都是产品经理
人人都是产品经理
The Hacker News
The Hacker News
T
The Exploit Database - CXSecurity.com
C
CXSECURITY Database RSS Feed - CXSecurity.com
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Microsoft Azure Blog
Microsoft Azure Blog
Recent Announcements
Recent Announcements
酷 壳 – CoolShell
酷 壳 – CoolShell
Scott Helme
Scott Helme
B
Blog
腾讯CDC
Last Week in AI
Last Week in AI
P
Proofpoint News Feed
S
Schneier on Security
N
News and Events Feed by Topic
Microsoft Security Blog
Microsoft Security Blog
K
Kaspersky official blog
G
Google Developers Blog
T
Tor Project blog
PCI Perspectives
PCI Perspectives
S
Secure Thoughts
Google Online Security Blog
Google Online Security Blog
Latest news
Latest news
Google DeepMind News
Google DeepMind News
MyScale Blog
MyScale Blog
罗磊的独立博客

博客园 - fengjian1585

关闭ingress 8443 端口 tomcat 设置 catalina.out 按天切割 禁用 MinIO 的 Web Console 重定向功能 堆设置了8G,java进程却占用了12G内存 k8s优化选项 pod启动后一直containerCreating状态解决 Kubernetes Cilium网络组件和CoreDNS配置 mkfs对磁盘设置标签 K8S的CoreDns配置文件添加域名解析 nginx代理两套k8s ingress 不同域名 pip 搭建源 使用 kubectl debug 创建临时调试容器 openvpn server证书过期处理 - fengjian1585 Harbor Swagger接口泄露漏洞处理 "too many open files" 文件句柄 Kafka 常见故障及解决方案 华为昇腾 910B GPU Nginx与Upstream之间产生大量TIME_WAIT连接的解决办法 debian libc.musl-x86_64.so.1 => not found
Harbor 启用 Trivy
fengjian1585 · 2025-12-16 · via 博客园 - fengjian1585
# 1. 编辑 Harbor 配置文件
vim /path/to/harbor/harbor.yml

# 2. 添加或修改 Trivy 配置
trivy:
  enabled: true
  port: 8080
  skip_update: false
offline_scan: false
insecure: false

  修改docker-compose.yaml 文件

  trivy-adapter:
    container_name: trivy-adapter
    image: goharbor/trivy-adapter-photon:v2.11.0
    restart: always
    environment:
      # 核心配置 - Harbor 2.11 中正确的变量名
      SCANNER_TRIVY_DB_REPOSITORY: ghcr.m.daocloud.io/aquasecurity/trivy-db
      SCANNER_TRIVY_JAVA_DB_REPOSITORY: ghcr.m.daocloud.io/aquasecurity/trivy-java-db
      SCANNER_TRIVY_SKIP_DB_UPDATE: true
      SCANNER_TRIVY_SKIP_JAVA_DB_UPDATE: true
      SCANNER_TRIVY_OFFLINE_SCAN: true
      TRIVY_DB_REPOSITORY: ghcr.m.daocloud.io/aquasecurity/trivy-db
      TRIVY_JAVA_DB_REPOSITORY: ghcr.m.daocloud.io/aquasecurity/trivy-java-db
    cap_drop:
      - ALL
    depends_on:
      - log
      - redis
    networks:
      - harbor
    volumes:
      - type: bind
        source: /data/usershare/harbor/trivy
        target: /home/scanner/.cache/trivy
      - type: bind
        source: /data/usershare/harbor/harbor/reports
        target: /home/scanner/.cache/reports
      - type: bind
        source: /data/usershare/harbor/harbor/trust-certificates
        target: /harbor_cust_cert
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://localhost:1514"
        tag: "trivy-adapter"
    env_file:
      ./common/config/trivy-adapter/env
networks:
  harbor:
    external: false

#4. 修改配置文件,

vim  ./common/config/trivy-adapter/env

# Trivy DB 仓库(核心:改用国内镜像源加速下载)
SCANNER_TRIVY_DB_REPOSITORY=ghcr.m.daocloud.io/aquasecurity/trivy-db
SCANNER_TRIVY_JAVA_DB_REPOSITORY=ghcr.m.daocloud.io/aquasecurity/trivy-java-db
# 扫描超时时间(核心:解决 context deadline exceeded)
SCANNER_TRIVY_SERVER_TIMEOUT=10m

# DB 更新间隔(默认值,可保留)
SCANNER_TRIVY_DB_UPDATE_INTERVAL=24h

# 仓库连接超时(默认值,可保留)
SCANNER_TRIVY_REGISTRY_TIMEOUT=1m

# 3. 重新安装 Harbor(保留数据)

docker ps -a

docker restart 271eb1fce5d0

使用二进制 trivy 下载db, mirror.gci.io不可用,指定db目录

trivy image --java-db-repository ghcr.m.daocloud.io/aquasecurity/trivy-java-db     --cache-dir   /root/.cache/trivy/   --download-java-db-only 

trivy image   --db-repository ghcr.m.daocloud.io/aquasecurity/trivy-db   --cache-dir   /root/.cache/trivy/  --download-db-only 

使用trivy 检测镜像

trivy  image   --cache-dir   /root/.cache/trivy/    172.20.1.1/test/kylin-server-platform:v11-2026xxxxx