Add Registry Mirrors to Trivy

[shaardie]

This patch adds the option to use mirrors for the docker registries in trivy.
This way it is possible to download the images from self-hosted mirrors instead
of e.g. index.docker.io. This has some benefits, like not being hit by download
restrictions.

I tried to also add this new Feature to the docs and I also wrote unit tests for it.

In the contributing guidelines is mentioned that for every PR there should also be a issue, but when generating a new issue of kind feature request, I am redirected to the discussion. So I skipped creating an issue for this, but I can do it afterwards, if necessary. For now I will point to the already existing discussion #260.

[codecov]

Codecov Report

Merging #673 (5c95364) into main (91e65c8) will decrease coverage by 0.46%.
The diff coverage is 79.31%.

@@            Coverage Diff             @@
##             main     #673      +/-   ##
==========================================
- Coverage   66.20%   65.73%   -0.47%     
==========================================
  Files          58       58              
  Lines        5903     6170     +267     
==========================================
+ Hits         3908     4056     +148     
- Misses       1617     1714      +97     
- Partials      378      400      +22     

Impacted Files	Coverage Δ
pkg/plugin/trivy/plugin.go	82.71% <79.31%> (+0.08%)	⬆️
pkg/kube/object.go	56.66% <0.00%> (-11.55%)	⬇️
pkg/configauditreport/scanner.go	59.74% <0.00%> (-3.90%)	⬇️
pkg/configauditreport/builder.go	81.03% <0.00%> (-3.64%)	⬇️
pkg/operator/predicate/predicate.go	87.67% <0.00%> (-3.51%)	⬇️
pkg/operator/controller/plugins_config.go	45.45% <0.00%> (-2.55%)	⬇️
pkg/kube/logs.go	35.84% <0.00%> (-2.16%)	⬇️
pkg/cmd/installer.go	46.21% <0.00%> (-1.13%)	⬇️
pkg/plugin/conftest/plugin.go	81.00% <0.00%> (-0.60%)	⬇️
pkg/kubehunter/scanner.go	75.71% <0.00%> (ø)
... and 5 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 91e65c8...5c95364. Read the comment docs.

[danielpacak]

👋 Thank you for working on this enhancement @shaardie . I believe it can be useful. Please check my comments and questions before we merge the code.

[danielpacak]

LGTM! Thank you @shaardie for reworking this PR and great contribution 🚀

[travisghansen]

Is this a client-side setting or server-side setting? How would I utilize it running outside of k8s? Thanks in advance for examples!

[chen-keinan]

@travisghansen if you'll update it on the starboard-trivy-config it will work for you with client as well

[travisghansen]

How would I configure it for basic cli usage (in a client server setup). I will add to starboard but I also run trivy in CI where I’d prefer to use local mirrors to keep the traffic down. I just don’t see cli arg that correspond for using it in that fashion so I’m trying to figure out what those helm values are really doing.

[chen-keinan]

@travisghansen you should update the configmap directly via kubctl patch command , in this case

[travisghansen]

For me when using via CI, k8s is not involved at all (neither server nor client). I’m trying to figure out what the requirements are to configure it without any k8s-isms.