How does ClientServer mode gets Vulnerability DB updates?

[sheeeng]

How does ClientServer mode gets Vulnerability DB updates?

[chen-keinan]

@sheeeng the trivy server take care of updates automatically

[chen-keinan]

are you running built-in server in trivy-operator ? or running your own trivy server ?

[sheeeng]

are you running built-in server in trivy-operator ? or running your own trivy server ?

The built-in server in trivy-operator.

I don't see any default path specified.

trivy-operator/deploy/helm/values.yaml

Lines 569 to 593 in a8b5e42

	server:
	# -- resources set trivy-server resource
	resources:
	requests:
	cpu: 200m
	memory: 512Mi
	# ephemeral-storage: "2Gi"
	limits:
	cpu: 1
	memory: 1Gi
	# ephemeral-storage: "2Gi"
	# -- podSecurityContext set trivy-server podSecurityContext
	podSecurityContext:
	runAsUser: 65534
	runAsNonRoot: true
	fsGroup: 65534
	# -- securityContext set trivy-server securityContext
	securityContext:
	privileged: false
	readOnlyRootFilesystem: true
	# -- the number of replicas of the trivy-server
	replicas: 1

[chen-keinan]

cache should be here:

[sheeeng]

Thank you again for the tip, @chen-keinan. I've located the metadata.json file.

trivy-operator/deploy/helm/templates/trivy-server/statefulset.yaml

Line 115 in a8b5e42

- mountPath: /home/scanner/.cache

$ kubectl exec --namespace trivy-system --stdin --tty pod/trivy-server-0 --container trivy-server -- /bin/sh
$
$ cat /home/scanner/.cache/trivy/db/metadata.json
{"Version":2,"NextUpdate":"2024-05-23T06:16:13.858957998Z","UpdatedAt":"2024-05-23T00:16:13.858958288Z","DownloadedAt":"2024-05-23T00:40:46.462412524Z"}