Air-Gapped Environment

    At first, you need to download the vulnerability database for use in air-gapped environments. Go to trivy-db and download in the latest release. If you download trivy-light-offline.db.tgz, you have to run Trivy with --light option.

    1. $ rsync -av -e ssh /path/to/trivy-offline.db.tgz [user]@[host]:dst

    You have to know where to put the DB file. The following command shows the default cache directory.

    1. $ cd /home/myuser/.cache/trivy/db
    2. $ mv /path/to/trivy-offline.db.tgz .

    Then, decompress it. file includes two files, trivy.db and metadata.json.

    In an air-gapped environment, specify --skip-update so that Trivy doesn’t attempt to download the latest database file.