Support SSL/TLS redis connection

[chris-cmsoft]

Current container only support redis:// protocol.

When connecting to redis using SSL/TLS, the rediss:// protocol is used.

Would it be worthwhile adding support for the rediss:// protocol from Trivy ?

[danielpacak]

What is your use case? Harbor itself does not currently support rediss:// connection URI.

Do you want to use different Redis instance or cluster for Harbor services (without TLS) and Trivy scanner adapter (with TLS)?

[chris-cmsoft]

Some managed services are immediately provisioned with the rediss:// URI.

My use case is specifically DigitalOcean managed Redis.

Trivy is the first place I noticed it as it was the first component I deployed, but the same would be applicable to Harbor.

More a note for consideration than a requirement.
Ultimately your choice whether it's a worthwhile addition.

[danielpacak]

Thank you for additional details @chris-cmsoft

Since this in an integral component of Harbor, if the community decides to add support for rediss:// to Harbor we'll do the same for this adapter.

[danielpacak]

Closing as a stale issue. What's more it makes sense only if the upstream Harbor does provide support for connecting to Redis with TLS

[yilmi]

Hi @danielpacak,

We have a helm chart at bitnami/charts that also uses this component and where we would like to support TLS connections to Redis as users often use external redis services.

I was looking at bitnami/charts#7691 when I realised that the components we use don't always support it.

Would you mind keeping this issue opened to help us track when this will become supported for the the harbor trivy scanner?

I believe this will become a more frequent use case, and eventually the community will add support for it. There is an issue currently opened for this - goharbor/harbor#13223

Thanks!

[danielpacak]

Since Trivy is the default scanner in Harbor, we'll update this adapter service in scope of goharbor/harbor#13223