## Description hello Gitlab Teams, Currently, Agentk use Starboard Operator to deploy and run security scans onto our deployments. The problem is that it will only use Gitlab's own trivy-db image, resulting in various errors for users running Gitlab on-premise without network connections and/or with strict network restrictions. In our case, we are unable to provide our internal Certificates Authority in order to pull the Gitlab image. ### Step to reproduce locally 1. Ensure Gitlab-EE and Kubernetes Agents are running the latest v15.2.0 2. Configure the agent ``` starboard: cadence: '*/60 * * * *' ``` 3. Current output ``` │ 2022-07-27T13:27:34.225Z INFO Need to update DB │ 2022-07-27T13:27:34.225Z INFO DB Repository: registry.gitlab.com/gitlab-org/security-products/dependencies/trivy-db-glad │ 2022-07-27T13:27:34.225Z INFO Downloading DB... │ 2022-07-27T13:27:34.932Z FATAL DB error: failed to download vulnerability DB: database download error: failed to fetch the layer: Get "https://cdn.registry.gitlab-static.net/gitlab/docker/registry/v2/blobs/sha256/ba/bab431416f1a84f174d39c9f05f0813728c8eaf230e3f561cc1ef165c783f2c3/data?Expires=1658933861&KeyName=gprd-registry-cdn&Signature=ay9u6PKnh4mu7SH-i0G1D0lxnYU=": x509: certificate signed by unknown authority │ Stream closed EOF for gitlab-agent-devops/scan-vulnerabilityreport-5fb7f59656-pkw66 (e639ec2a-0e79-4e76-a00c-ac9b1f3e509e) ``` ### Proposal It would be great to have the possibility to either provide an internal DB Repository or be able to propagate the certificate CaCert (from Gitlab-Agent Helm Chart) to Trivy. Either from the Helm chart or the configuration file. Config Sample: ``` starboard: cadence: '*/60 * * * *' trivydb: localhost:5000/trivy/db:latest ``` Please let me know if you have any questions, I did not found anything related within the Documentation, I hope I did not miss it. many thanks in advance, <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> *This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.* <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->