fix(trivy): handle non-root user

JasonTheDeveloper · JasonTheDeveloper · commit f491e8f1756b · 2026-02-19T16:38:38.000+11:00
diff --git a/src/trivy/devcontainer-feature.json b/src/trivy/devcontainer-feature.json
@@ -21,5 +21,8 @@
             "default": "",
             "description": "Select or enter additional plugins to install with Trivy (e.g., mcp for Model Context Protocol plugin)"
         }
+    },
+    "containerEnv": {
+        "TRIVY_HOME": "/usr/local/share/trivy"
     }
 }
diff --git a/src/trivy/install.sh b/src/trivy/install.sh
@@ -2,6 +2,7 @@
 
 TRIVY_VERSION="${VERSION:-"latest"}"
 TRIVY_PLUGINS="${PLUGINS:-""}"
+TRIVY_HOME="/usr/local/share/trivy"
 
 set -e
 
@@ -85,12 +86,21 @@ curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/inst
 # Verify installation
 trivy --version
 
+# Set up shared TRIVY_HOME so plugins are available to all users
+mkdir -p "${TRIVY_HOME}"
+export TRIVY_HOME
+
 # Install plugins if specified
 if [ -n "${TRIVY_PLUGINS}" ]; then
 	echo "Installing Trivy plugins..."
 	install_plugins "${TRIVY_PLUGINS}"
 fi
 
+# Ensure TRIVY_HOME is set for all users at runtime
+echo "export TRIVY_HOME=${TRIVY_HOME}" > /etc/profile.d/trivy.sh
+chmod +x /etc/profile.d/trivy.sh
+chmod -R a+rX "${TRIVY_HOME}"
+
 # Clean up
 rm -rf /var/lib/apt/lists/*
 

Original file line number	Diff line number	Diff line change
`@@ -21,5 +21,8 @@`
`21`	`21`	`"default": "",`
`22`	`22`	`"description": "Select or enter additional plugins to install with Trivy (e.g., mcp for Model Context Protocol plugin)"`
`23`	`23`	`}`
	`24`	`+ },`
	`25`	`+ "containerEnv": {`
	`26`	`+ "TRIVY_HOME": "/usr/local/share/trivy"`
`24`	`27`	`}`
`25`	`28`	`}`