Skip to content

Cache

The cache directory includes the vulnerability database, the Java index database1, misconfiguration policies2 and cache of previous scans.

Clear Caches

The --clear-cache option removes caches.

The scan is not performed.

$ trivy image --clear-cache
Result
2019-11-15T15:13:26.209+0200    INFO    Reopening vulnerability DB
2019-11-15T15:13:26.209+0200    INFO    Removing image caches...

Cache Directory

Specify where the cache is stored with --cache-dir.

$ trivy --cache-dir /tmp/trivy/ image python:3.4-alpine3.9

Cache Backend

EXPERIMENTAL

This feature might change without preserving backwards compatibility.

Trivy supports local filesystem and Redis as the cache backend. This option is useful especially for client/server mode.

Two options:

  • fs
    • the cache path can be specified by --cache-dir
  • redis://
    • redis://[HOST]:[PORT]
    • TTL can be configured via --cache-ttl
$ trivy server --cache-backend redis://localhost:6379

If you want to use TLS with Redis, you can enable it by specifying the --redis-tls flag.

$ trivy server --cache-backend redis://localhost:6379 --redis-tls

Trivy also supports for connecting to Redis with your certificates. You need to specify --redis-ca , --redis-cert , and --redis-key options.

$ trivy server --cache-backend redis://localhost:6379 \
  --redis-ca /path/to/ca-cert.pem \
  --redis-cert /path/to/cert.pem \
  --redis-key /path/to/key.pem

  1. The Java Index Database is downloaded for scanning jar/war/par/ear files. 

  2. Misconfiguration policies are downloaded for misconfiguration scanning.