From acfdb5eb253fef9dec17375ae2911a3d2ff9609e Mon Sep 17 00:00:00 2001
From: Shao Ming Tan <smtan@gitlab.com>
Date: Fri, 30 Aug 2024 01:20:10 +0000
Subject: [PATCH] Add steps to configure custom repo for OCS trivy k8s wrapper

---
 doc/user/clusters/agent/vulnerabilities.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/doc/user/clusters/agent/vulnerabilities.md b/doc/user/clusters/agent/vulnerabilities.md
index b920d6bd54036..37ec95a0e1392 100644
--- a/doc/user/clusters/agent/vulnerabilities.md
+++ b/doc/user/clusters/agent/vulnerabilities.md
@@ -146,6 +146,18 @@ When using a fractional value for CPU, format the value as a string.
 NOTE:
 Resource requirements can only be set up using the agent configuration. If you enabled `Operational Container Scanning` through `scan execution policies`, you would need to define the resource requirements within the agent configuration file.
 
+## Custom repository for Trivy K8s Wrapper
+
+During a scan, OCS deploys pods using an image from the [Trivy K8s Wrapper repository](https://gitlab.com/security-products/trivy-k8s-wrapper/container_registry/5992609), which transmits the vulnerability report generated by [Trivy Kubernetes](https://aquasecurity.github.io/trivy/v0.54/docs/target/kubernetes) to OCS.
+
+If your cluster's firewall restricts access to the Trivy K8s Wrapper repository, you can configure OCS to pull the image from a custom repository. Ensure that the custom repository mirrors the Trivy K8s Wrapper repository for compatibility.
+
+```yaml
+container_scanning:
+  trivy_k8s_wrapper_image:
+    repository: "your-custom-registry/your-image-path"
+```
+
 ## View cluster vulnerabilities
 
 To view vulnerability information in GitLab:
-- 
GitLab