You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/docs/configuration/db.md
+15
Original file line number
Diff line number
Diff line change
@@ -92,6 +92,21 @@ You can reference the OCI manifest of [trivy-db].
92
92
`trivy-db-registry:latest` => `trivy-db-registry:latest`, but `trivy-db-registry` => `trivy-db-registry:2`.
93
93
94
94
95
+
### Rate limits
96
+
97
+
Trivy hosts its databases on public OCI registries that are subject to their respective rate limits. While we strive to make the databases available to every
98
+
Trivy user, there are certain recommendations that one can make in order to ensure rate limits are not hit.
99
+
100
+
#### Authenticated use of Registries
101
+
By authenticating with the registries that Trivy hosts its DBs on can significantly increase the limit for users. For Amazon ECR the details for rate limits can be found [here](https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html).
102
+
For GitHub GHCR, the rate limits can be found [here](https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28)
103
+
104
+
Please see more info on how to authenticate with ECR [here](https://aws.amazon.com/blogs/compute/authenticating-amazon-ecr-repositories-for-docker-cli-with-credential-helper/) and GHCR [here](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry)
105
+
106
+
#### Caching DBs
107
+
Trivy DB and Trivy Java DB are published every 24 hours. If you are running Trivy scans more often than this, you can significantly benefit from caching the DBs on each run and updating them as needed.
108
+
Once example of this can be seen in Trivy Action, where with caching multiple CI invocations can be performed with a single download of the DBs. More on info Trivy Action caching can be found [here](https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#cache)
109
+
95
110
## Java Index Database
96
111
The same options are also available for the Java index DB, which is used for scanning Java applications.
97
112
Skipping an update can be done by using the `--skip-java-db-update` option, while `--download-java-db-only` can be used to only download the Java index DB.
0 commit comments