Replies: 1 comment 1 reply
-
Hi @jrtct ! Trivy respects the localRepository from settings.xml. https://maven.apache.org/settings.html#simple-values |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
I'm working for a client that uses a lot of Java applications that are built with maven. We're noticing trivy can be quite slow when scanning a project with a lot of dependencies. A way to speed this up would be to build the project first and then scan the local repository (
~/.m2/repository
). We're already caching this directory, but the problem is trivy does not find it. This seems to be because trivy expects it to be in $HOME, which is not necessarily the case, especially in a CI context. If there would be a way to specify the location of this local repository as an option, this would greatly speed up scans in our case.Maybe I'm overlooking something and I'm just using trivy wrong, but I didn't really see any other solution
Looking forward to your reply!
Target
Filesystem
Scanner
Vulnerability
Beta Was this translation helpful? Give feedback.
All reactions