Hello everyone,

I'm currently engaged in a project that involves utilizing secureCodeBox's trivy-filesystem and trivy-image scans to analyze both my personal DockerHub images and my organization's private Bitbucket repositories.

Here's the situation: For the trivy-filesystem scan, I aimed to clone a private Bitbucket repository. To achieve this, I crafted a specialized Docker image equipped with a Bitbucket access key and incorporated it into the YAML configuration. Despite configuring DockerHub login credentials in kubernetes secrets, the image fails to be retrieved. I suspect this issue arises because the resource is a custom CRD, rendering standard Kubernetes imagePullSecrets ineffective.

My question is: What steps should I follow to successfully scan private Bitbucket repositories and Docker images using secureCodeBox?

In summary, I'm facing difficulties scanning a private Bitbucket repository with secureCodeBox's trivy-filesystem scan. Despite creating a private Docker image configured with Bitbucket access and setting up Kubernetes' generic secrets for pulling the image, I'm unable to clone the Bitbucket repository for scanning with trivy-filesystem within secureCodeBox.