

























# 1. 编辑 Harbor 配置文件 vim /path/to/harbor/harbor.yml # 2. 添加或修改 Trivy 配置 trivy: enabled: true port: 8080 skip_update: false
offline_scan: false
insecure: false
修改docker-compose.yaml 文件
trivy-adapter: container_name: trivy-adapter image: goharbor/trivy-adapter-photon:v2.11.0 restart: always environment: # 核心配置 - Harbor 2.11 中正确的变量名 SCANNER_TRIVY_DB_REPOSITORY: ghcr.m.daocloud.io/aquasecurity/trivy-db SCANNER_TRIVY_JAVA_DB_REPOSITORY: ghcr.m.daocloud.io/aquasecurity/trivy-java-db SCANNER_TRIVY_SKIP_DB_UPDATE: true SCANNER_TRIVY_SKIP_JAVA_DB_UPDATE: true SCANNER_TRIVY_OFFLINE_SCAN: true TRIVY_DB_REPOSITORY: ghcr.m.daocloud.io/aquasecurity/trivy-db TRIVY_JAVA_DB_REPOSITORY: ghcr.m.daocloud.io/aquasecurity/trivy-java-db cap_drop: - ALL depends_on: - log - redis networks: - harbor volumes: - type: bind source: /data/usershare/harbor/trivy target: /home/scanner/.cache/trivy - type: bind source: /data/usershare/harbor/harbor/reports target: /home/scanner/.cache/reports - type: bind source: /data/usershare/harbor/harbor/trust-certificates target: /harbor_cust_cert logging: driver: "syslog" options: syslog-address: "tcp://localhost:1514" tag: "trivy-adapter" env_file: ./common/config/trivy-adapter/env networks: harbor: external: false
#4. 修改配置文件,
vim ./common/config/trivy-adapter/env # Trivy DB 仓库(核心:改用国内镜像源加速下载) SCANNER_TRIVY_DB_REPOSITORY=ghcr.m.daocloud.io/aquasecurity/trivy-db SCANNER_TRIVY_JAVA_DB_REPOSITORY=ghcr.m.daocloud.io/aquasecurity/trivy-java-db # 扫描超时时间(核心:解决 context deadline exceeded) SCANNER_TRIVY_SERVER_TIMEOUT=10m # DB 更新间隔(默认值,可保留) SCANNER_TRIVY_DB_UPDATE_INTERVAL=24h # 仓库连接超时(默认值,可保留) SCANNER_TRIVY_REGISTRY_TIMEOUT=1m
# 3. 重新安装 Harbor(保留数据)
docker ps -adocker restart 271eb1fce5d0
使用二进制 trivy 下载db, mirror.gci.io不可用,指定db目录
trivy image --java-db-repository ghcr.m.daocloud.io/aquasecurity/trivy-java-db --cache-dir /root/.cache/trivy/ --download-java-db-only
trivy image --db-repository ghcr.m.daocloud.io/aquasecurity/trivy-db --cache-dir /root/.cache/trivy/ --download-db-only
使用trivy 检测镜像
trivy image --cache-dir /root/.cache/trivy/ 172.20.1.1/test/kylin-server-platform:v11-2026xxxxx
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。