Comment by mkesper
3 days ago
It needs internet access for upgrading the check bundle and for full Java library resolution (pom.xml). See e.g. https://github.com/aquasecurity/trivy/discussions/9698
3 days ago
It needs internet access for upgrading the check bundle and for full Java library resolution (pom.xml). See e.g. https://github.com/aquasecurity/trivy/discussions/9698
Nice, thanks! Yeah, so exfil is definitely still a thing to watch out for, even if you run in an unprivileged env.