Add connection string support for container scanning vulnerabilities db
Problem to solve
When using klar in the pipeline, it would great to allow the use of an external vulnerabilities database. As of now, there is a possibility to specify the host of the database, but not the name of the database, user and its password, etc. So current implementation forces users to use defaults that are not suitable for production databases.
More configuration options for the external vulnerabilities database will allow the usage of existing external databases (SaaS solutions, etc.).
An ideal place to start would be a modification of the clicommand to receive additional flags for the vulnerabilities database. These flags should be then passed to the clair where the config file replacements take place. During the replacement, additional flags should be replaced in the config template.
Permissions and Security
CLAIR_VULNERABILITIES_DB_URLfrom container scanning docs
Availability & Testing
- Unit test changes
- Integration test changes
What does success look like, and how can we measure that?
Klar and its component Clair are able to use an external vulnerabilities database with connection details different from the defaults.
What is the type of buyer?