• Harbor CNF Reconfigure can be used to enable/deactivate Trivy scanning by passing following properties as part of values.yaml.

  • trivy.offlineScan: This flag when enabled indicates that Trivy should perform vulnerability scanning in offline mode. This can be useful in environments where internet access is restricted.

  • trivy.skipUpdate: This flag deactivate Trivy DB downloads from GitHub. It is suitable for AirGap environment with no internet access. If this flag is set is to true then we have to manually download the trivy.db file and mount it on the path /home/scanner/.cache/trivy/db/trivy.db.

trivy:  
   offlineScan: true  
   skipUpdate: true  
   skipJavaDBUpdate: true
Note:

To configure offline Trivy image scanning, see Updating Trivyy DB for Image scanning in Airgap environment.