In order to be able to scan images with Java code with the Trivy Scanner, the Trivy Statefulset must be edited.
There the environment variable "SCANNER_TRIVY_OFFLINE_SCAN" must be set to "true".
After the images have been scanned with Javacode, the environment variable should be set to "false" again, otherwise the CVE database will not be updated for further scans.
The problem is fixed as of Trivy version 0.37.2+.
Please feel free to contact us for any question that is not answered yet.
We are looking forward to get in contact with you!
Hinter Stöck 17
+49 7433 93724 00