Support SSL/TLS redis connection about harbor-scanner-trivy HOT 6 CLOSED

Thank you for additional details @chris-cmsoft

Since this in an integral component of Harbor, if the community decides to add support for rediss:// to Harbor we'll do the same for this adapter.

from harbor-scanner-trivy.

What is your use case? Harbor itself does not currently support rediss:// connection URI.

Do you want to use different Redis instance or cluster for Harbor services (without TLS) and Trivy scanner adapter (with TLS)?

from harbor-scanner-trivy.

Some managed services are immediately provisioned with the rediss:// URI.

My use case is specifically DigitalOcean managed Redis.

Trivy is the first place I noticed it as it was the first component I deployed, but the same would be applicable to Harbor.

More a note for consideration than a requirement.
Ultimately your choice whether it's a worthwhile addition.

from harbor-scanner-trivy.

Closing as a stale issue. What's more it makes sense only if the upstream Harbor does provide support for connecting to Redis with TLS

from harbor-scanner-trivy.

Hi @danielpacak,

We have a helm chart at bitnami/charts that also uses this component and where we would like to support TLS connections to Redis as users often use external redis services.

I was looking at bitnami/charts#7691 when I realised that the components we use don't always support it.

Would you mind keeping this issue opened to help us track when this will become supported for the the harbor trivy scanner?

I believe this will become a more frequent use case, and eventually the community will add support for it. There is an issue currently opened for this - goharbor/harbor#13223

Thanks!

from harbor-scanner-trivy.

Since Trivy is the default scanner in Harbor, we'll update this adapter service in scope of goharbor/harbor#13223

from harbor-scanner-trivy.