Comment by staticassertion
3 days ago
You only need internet access to grab the image, I don't think trivy requires internet access itself. All of my image scanning tools run in isolation.
3 days ago
You only need internet access to grab the image, I don't think trivy requires internet access itself. All of my image scanning tools run in isolation.
It needs internet access for upgrading the check bundle and for full Java library resolution (pom.xml). See e.g. https://github.com/aquasecurity/trivy/discussions/9698
Nice, thanks! Yeah, so exfil is definitely still a thing to watch out for, even if you run in an unprivileged env.