Allow InitContainer to pull vulnerability-db from private registry

[crtvmn]

Hello,

I'm trying to deploy the Trivy Operator in standalone mode with the provided Helm chart in an offline environment with a private registry. Credentials are required to access this registry.

Unfortunately, it is not possible to forward or add env variables (TRIVY_USER and TRIVY_PASSWORD) to allow the Trivy init-container to pull the vulnerability database from my private registry.

Moreover the dbRepositoryPassword and dbRepositoryUsername seem useless.

trivy-operator/deploy/helm/values.yaml

Lines 525 to 529 in 2cd18ea

	dbRepositoryUsername: ~
	# -- The password for dbRepository authentication
	#
	dbRepositoryPassword: ~

Can you confirm that this use case is not possible for the moment? I found this discussion #1341 but no answer and no link to the related issue. Thanks for your help!

Best regards

[github-actions]

This issue is stale because it has been labeled with inactivity.

[Heap0017]

I'm having the same issue. In my opinion it should be possible to provide the credentials for pulling trivy-db and trivy-java-db just like we can do it for trivy-checks.

@crtvmn This is the issue mentioned in the discussion: #1342

[Heap0017]

@crtvmn I just found out that you can in fact use a secret for setting dbRepositoryUsername and dbRepositoryPassword. It just isn't mentioned in the README. #2282

[afdesk]

@crtvmn @Heap0017 thanks for the comments and so sorry for long response

I checked this case with my private repo on Github with the latest version of Trivy-operator.
and it works as expected

$ kubectl get vulnerabilityreports --all-namespaces -o wide
NAMESPACE            NAME                                                       REPOSITORY                       TAG                  SCANNER   AGE     CRITICAL   HIGH   MEDIUM   LOW   UNKNOWN
kube-system          daemonset-kube-proxy-kube-proxy                            kube-proxy                       v1.30.0              Trivy     72s     3          8      22       16    0
kube-system          pod-7d98c5bddf                                             kube-controller-manager          v1.30.0              Trivy     59s     3          6      10       0     0
kube-system          pod-etcd-cve-kind-control-plane-etcd                       etcd                             3.5.12-0             Trivy     50s     9          14     53       4     1
kube-system          pod-kube-scheduler-cve-kind-control-plane-kube-scheduler   kube-scheduler                   v1.30.0              Trivy     89s     3          6      8        0     0
kube-system          replicaset-coredns-7db6d8ff4d-coredns                      coredns/coredns                  v1.11.1              Trivy     2m10s   2          8      20       1     1
local-path-storage   replicaset-dcbb8bf7b                                       kindest/local-path-provisioner   v20240202-8f1494ea   Trivy     80s     2          7      31       11    1

my settings:

  dbRegistry: "ghcr.io"
  dbRepository: "afdesk/trivy-db-private"

  # -- The username for dbRepository authentication
  #
  dbRepositoryUsername: afdesk	

  # -- The password for dbRepository authentication
  #
  dbRepositoryPassword: ghp_TOKEN

[afdesk]

it should work as expected.
if the issue is arrised, please feel free to reopen this one.