Setting Up Vulnerability Database Management

1 min read Security Testing & Tools

Setting Up Vulnerability Database Management

Trivy's vulnerability database requires periodic updates to detect newly discovered vulnerabilities. By default, Trivy updates the database if it's older than 12 hours. Organizations can customize this behavior based on their security requirements and network constraints:

# Manual database update
trivy image --download-db-only

# Check database status
trivy image --db-repository ghcr.io/aquasecurity/trivy-db --download-db-only

# Use custom database repository (for air-gapped environments)
trivy image --db-repository internal.company.com/trivy-db alpine:latest

# Configure database update interval
trivy image --cache-ttl 24h alpine:latest

For air-gapped environments, Trivy supports offline database distribution. This capability ensures security scanning even in isolated networks:

# Download database on internet-connected system
trivy --cache-dir ./db image --download-db-only

# Transfer the cache directory to air-gapped system
tar -czf trivy-db.tar.gz ./db
# Copy trivy-db.tar.gz to air-gapped system

# Extract and use on air-gapped system
tar -xzf trivy-db.tar.gz
trivy --cache-dir ./db image --skip-db-update alpine:latest