fix(sbom): add options for DBs in private registries (#7660)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
2025-12-05 20:40:16 -08:00 · 2024-10-09 09:53:27 +04:00
parent 55b5a7e01b
commit 1f2e91b02b
2 changed files with 5 additions and 1 deletions
--- a/docs/docs/references/configuration/cli/trivy_sbom.md
+++ b/docs/docs/references/configuration/cli/trivy_sbom.md
@@ -47,12 +47,14 @@ trivy sbom [flags] SBOM_PATH
      --offline-scan                 do not issue API requests to identify dependencies
  -o, --output string                output file name
      --output-plugin-arg string     [EXPERIMENTAL] output plugin arguments
+      --password strings             password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
      --pkg-relationships strings    list of package relationships (unknown,root,direct,indirect) (default [unknown,root,direct,indirect])
      --pkg-types strings            list of package types (os,library) (default [os,library])
      --redis-ca string              redis ca file location, if using redis as cache backend
      --redis-cert string            redis certificate file location, if using redis as cache backend
      --redis-key string             redis key file location, if using redis as cache backend
      --redis-tls                    enable redis TLS with public certificates, if using redis as cache backend
+      --registry-token string        registry token
      --rekor-url string             [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
      --sbom-sources strings         [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
      --scanners strings             comma-separated list of what security issues to detect (vuln,license) (default [vuln])
@@ -67,6 +69,7 @@ trivy sbom [flags] SBOM_PATH
  -t, --template string              output template
      --token string                 for authentication in client/server mode
      --token-header string          specify a header name for token in client/server mode (default "Trivy-Token")
+      --username strings             username. Comma-separated usernames allowed.
      --vex strings                  [EXPERIMENTAL] VEX sources ("repo", "oci" or file path)
 ```

--- a/pkg/commands/app.go
+++ b/pkg/commands/app.go
@@ -1143,7 +1143,8 @@ func NewSBOMCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
 		CacheFlagGroup:         flag.NewCacheFlagGroup(),
 		DBFlagGroup:            flag.NewDBFlagGroup(),
 		PackageFlagGroup:       flag.NewPackageFlagGroup(),
-		RemoteFlagGroup:        flag.NewClientFlags(), // for client/server mode
+		RemoteFlagGroup:        flag.NewClientFlags(),       // for client/server mode
+		RegistryFlagGroup:      flag.NewRegistryFlagGroup(), // for DBs in private registries
 		ReportFlagGroup:        reportFlagGroup,
 		ScanFlagGroup:          scanFlagGroup,
 		VulnerabilityFlagGroup: flag.NewVulnerabilityFlagGroup(),