docs(oci): Add a note About the expected Media Type for the Trivy-DB …

…OCI Artifact (#7449)
aquasecurity · Sep 11, 2024 · d589856 · d589856
1 parent 7ff9aff
commit d589856
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/docs/docs/configuration/db.md b/docs/docs/configuration/db.md
@@ -53,12 +53,16 @@ $ trivy image --download-db-only
 ```
 $ trivy image --db-repository registry.gitlab.com/gitlab-org/security-products/dependencies/trivy-db
 ```
-
 !!!note
     Trivy automatically adds the `trivy-db` schema version as a tag if the tag is not used:
 
     `trivy-db-registry:latest` => `trivy-db-registry:latest`, but `trivy-db-registry` => `trivy-db-registry:2`.
 
+!!!note
+    Trivy expects the OCI Artifacts to have a Specific media type:
+    - Vulnerability DB `application/vnd.aquasec.trivy.db.layer.v1.tar+gzip` 
+    - Java DB `application/vnd.aquasec.trivy.javadb.layer.v1.tar+gzip`
+
 ## Java Index Database
 The same options are also available for the Java index DB, which is used for scanning Java applications.
 Skipping an update can be done by using the `--skip-java-db-update` option, while `--download-java-db-only` can be used to only download the Java index DB.
@@ -84,4 +88,4 @@ $ trivy image --java-db-repository registry.gitlab.com/gitlab-org/security-produ
 $ trivy clean --vuln-db --java-db
 2024-06-24T11:42:31+06:00       INFO    Removing vulnerability database...
 2024-06-24T11:42:31+06:00       INFO    Removing Java database...
-```
+```