Skip to content

Commit f491e8f

Browse files
fix(trivy): handle non-root user
1 parent 1f7b33f commit f491e8f

2 files changed

Lines changed: 13 additions & 0 deletions

File tree

src/trivy/devcontainer-feature.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,5 +21,8 @@
2121
"default": "",
2222
"description": "Select or enter additional plugins to install with Trivy (e.g., mcp for Model Context Protocol plugin)"
2323
}
24+
},
25+
"containerEnv": {
26+
"TRIVY_HOME": "/usr/local/share/trivy"
2427
}
2528
}

src/trivy/install.sh

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
TRIVY_VERSION="${VERSION:-"latest"}"
44
TRIVY_PLUGINS="${PLUGINS:-""}"
5+
TRIVY_HOME="/usr/local/share/trivy"
56

67
set -e
78

@@ -85,12 +86,21 @@ curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/inst
8586
# Verify installation
8687
trivy --version
8788

89+
# Set up shared TRIVY_HOME so plugins are available to all users
90+
mkdir -p "${TRIVY_HOME}"
91+
export TRIVY_HOME
92+
8893
# Install plugins if specified
8994
if [ -n "${TRIVY_PLUGINS}" ]; then
9095
echo "Installing Trivy plugins..."
9196
install_plugins "${TRIVY_PLUGINS}"
9297
fi
9398

99+
# Ensure TRIVY_HOME is set for all users at runtime
100+
echo "export TRIVY_HOME=${TRIVY_HOME}" > /etc/profile.d/trivy.sh
101+
chmod +x /etc/profile.d/trivy.sh
102+
chmod -R a+rX "${TRIVY_HOME}"
103+
94104
# Clean up
95105
rm -rf /var/lib/apt/lists/*
96106

0 commit comments

Comments
 (0)