Trivy scanner still not working in latest 2.9.1 Harbor Supervisor Service release #34
Description
When deploying the latest harbor 2.9.1 supervisor service interrogation services are still malfunct. The initial download of the vulnerability database is not possible, due to "no space left on device" condition in /tmp which lives on the / volume.
...
2024-08-16T10:16:21Z [ERROR] [/pkg/scan/job.go:294]: check scan report with mime type application/vnd.security.vulnerability.report; version=1.1: running trivy wrapper: running trivy: exit status 1: 2024-08-16T10:13:04.377Z �[34mINFO�[0m Vulnerability scanning is enabled
2024-08-16T10:14:00.845Z �[34mINFO�[0m Java DB Repository: ghcr.io/aquasecurity/trivy-java-db:1
2024-08-16T10:14:00.845Z �[34mINFO�[0m Downloading the Java DB...
2024-08-16T10:16:17.614Z �[31mFATAL�[0m image scan error: scan error: scan failed: failed analysis: analyze error: pipeline error: failed to analyze layer (sha256:72db5db515fdd9ae82b759fc207fdfbcc31567c28bb87950abc94ce1d60b2d40): post analysis error: post analysis error: Unable to initialize the Java DB: Java DB update failed: DB download error: oci download error: copy error: write /tmp/trivy3218355861/javadb.tar.gz: no space left on device
: general response handler: unexpected status code: 500, expected: 200
According to the trivy docs this could be fixed by setting TMPDIR (https://aquasecurity.github.io/trivy/v0.43/docs/references/troubleshooting/).
A persitent volume is already mounted on /home/scanner/.cache by default, so this could also double as the tmp dir?
Regards, Christian