Authentication and Registry Configuration

Scanning private images requires configuring authentication for container registries. Trivy supports multiple authentication methods to accommodate different registry types:

# Docker Hub authentication
export TRIVY_USERNAME=myusername
export TRIVY_PASSWORD=mypassword
trivy image myrepo/myimage:latest

# AWS ECR authentication
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789.dkr.ecr.us-east-1.amazonaws.com
trivy image 123456789.dkr.ecr.us-east-1.amazonaws.com/myimage:latest

# Google Container Registry
gcloud auth configure-docker
trivy image gcr.io/my-project/myimage:latest

# Using Docker config
trivy image --docker-config ~/.docker/config.json private.registry.com/myimage:latest

For registries with self-signed certificates, additional configuration ensures secure connections:

# Trust custom CA certificate
export TRIVY_INSECURE=false
export SSL_CERT_FILE=/path/to/ca-cert.pem
trivy image private.registry.com/myimage:latest

# Skip TLS verification (not recommended for production)
export TRIVY_INSECURE=true
trivy image private.registry.com/myimage:latest