Support for external backend or DB to store generated SBOM files and vulnerability reports

[LesSyner]

I want to ask for new feature to be implemented - support for external backend or DB to store generated SBOM files and vulnerability reports. The reason for this is quite general - while running trivy-operator and processing images we discovered that some images don't have vulnerability report or/and SBOM files due to k8s limits regarding object size. For PaaS k8s deployments it's hard limit which cannot be changed. So IMO the only solution to have SBOM or/and vulnerability reports for all images is to implement feature which will enable some form of backend component (native for trivy-operator or general DB like Postgres) to store all produced vulnerability reports or/and SBOM files. This architectural change will be IMO beneficial also for trivy-operator itself allowing more flexibility in implementation by delegating some functionalities to specialised components.

[chen-keinan]

@LesSyner I would suggest to use our webhook integration to leverage such solution.

[LesSyner]

Good idea @chen-keinan but as I understand to use it first operator needs to store artefact in etcd to used it later. And here is where we hit the etcd limits. :/
If I didn't get it correctly and it can be done with webhook integration could you privide example how to implement it?

[chen-keinan]

You are correct , it needed to be stored in etcd 1st. So currently no solution for etcd request limit issue