feat(trivy): Add dbRepository flag to get advisory database from OCI registry

[ksashikumar]

This PR adds --db-repository flag to trivy plugin and helm config. The flag is introduced in aquasecurity/trivy#1873

Related issue in GitLab: #350232

[CLAassistant]

All committers have signed the CLA.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[ksashikumar]

@knqyf263 Could you please review this dependent PR also? Thanks 🙂

[codecov]

Codecov Report

Merging #1064 (942fc57) into main (369589a) will decrease coverage by 0.03%.
The diff coverage is 62.50%.

@@            Coverage Diff             @@
##             main    #1064      +/-   ##
==========================================
- Coverage   58.00%   57.96%   -0.04%     
==========================================
  Files          71       71              
  Lines        9290     9305      +15     
==========================================
+ Hits         5389     5394       +5     
- Misses       3354     3361       +7     
- Partials      547      550       +3     

Impacted Files	Coverage Δ
itest/matcher/matcher.go	75.65% <ø> (ø)
pkg/plugin/trivy/plugin.go	81.02% <62.50%> (-0.29%)	⬇️
pkg/operator/controller/ciskubebenchreport.go	50.99% <0.00%> (-3.59%)	⬇️
pkg/vulnerabilityreport/controller.go	57.31% <0.00%> (+1.52%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 369589a...942fc57. Read the comment docs.

[ksashikumar]

@chen-keinan Thanks for the comments, I've addressed them 🙂 Could you please take an another look?

[chen-keinan]

@chen-keinan Thanks for the comments, I've addressed them 🙂 Could you please take an another look?

Thank you for the update; LGTM!!

[knqyf263]

Note that Trivy added --db-repository in v0.25.1, but it had a critical bug. Please use v0.25.2 or greater.

[chen-keinan]

@ksashikumar this PR should also include the trivy version change from : trivy:0.24.2 to trivy:0.25.2 (the version that support --db-repository flag) Its used in various places in the code:
example: values.yaml , starboard.yaml etc. (test files)

[ksashikumar]

@ksashikumar this PR should also include the trivy version change from : trivy:0.24.2 to trivy:0.25.2 (the version that support --db-repository flag) Its used in various places in the code: example: values.yaml , starboard.yaml etc. (test files)

@chen-keinan Thanks for that! I've updated the version in the files. Could you please take another look?

[chen-keinan]

@ksashikumar thank you for this effort;
It is also required to update trivy version on itest--> matcher.go and matcher_test.go
I think this is the cause for the Integration tests --> Run integration tests / Starboard CLI to fail

[ksashikumar]

@ksashikumar thank you for this effort; need also to update trivy version on itest--> matcher.go and matcher_test.go I think this is the cause for the Integration tests --> Run integration tests / Starboard CLI to fail

@chen-keinan Oops, I missed that. Thanks for letting me know. I've fixed that 👍

[danielpacak]

I've just run the code in my cluster, following the contributing guide, and I'm getting the following errors:

{"level":"error","ts":1649332073.3865209,"logger":"controller.replicaset","msg":"Reconciler error","reconciler group":"apps","reconciler kind":"ReplicaSet","name":"local-path-provisioner-5ddd94ff66","namespace":"local-path-storage","error":"constructing scan job: property trivy.dbRepository not set","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/Users/dpacak/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/Users/dpacak/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227"}

Please check my comments to see why it may happen. This should also fix integration tests run in the CI workflow.