gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-23 07:29:00 -08:00
Code Issues Packages Projects Releases Wiki Activity

feat: config and fs compliance support (#4097)

Browse Source
This commit is contained in:
chenk
2023-04-24 11:49:19 +03:00
committed by GitHub
parent 9181bc1f70
commit 43b6496274
3 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/docs/references/configuration/cli/trivy_config.md
View File

@@ -12,6 +12,7 @@ trivy config [flags] DIR
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs") --cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend --cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning --clear-cache clear image caches without scanning
--compliance string compliance report to generate
--config-data strings specify paths from which data for the Rego policies will be recursively loaded --config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify paths to the Rego policy files directory, applying config files --config-policy strings specify paths to the Rego policy files directory, applying config files
--enable-modules strings [EXPERIMENTAL] module names to enable --enable-modules strings [EXPERIMENTAL] module names to enable
@@ -35,6 +36,7 @@ trivy config [flags] DIR
--redis-key string redis key file location, if using redis as cache backend --redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend --redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token --registry-token string registry token
--report string specify a compliance report format for the output. (all,summary) (default "all")
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL") -s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
--skip-dirs strings specify the directories where the traversal is skipped --skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal --skip-files strings specify the file paths to skip traversal

2
docs/docs/references/configuration/cli/trivy_filesystem.md
View File

@@ -22,6 +22,7 @@ trivy filesystem [flags] PATH
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs") --cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend --cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning --clear-cache clear image caches without scanning
--compliance string compliance report to generate
--config-data strings specify paths from which data for the Rego policies will be recursively loaded --config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify paths to the Rego policy files directory, applying config files --config-policy strings specify paths to the Rego policy files directory, applying config files
--custom-headers strings custom headers in client mode --custom-headers strings custom headers in client mode
@@ -58,6 +59,7 @@ trivy filesystem [flags] PATH
--redis-tls enable redis TLS with public certificates, if using redis as cache backend --redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token --registry-token string registry token
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev") --rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--report string specify a compliance report format for the output. (all,summary) (default "all")
--reset remove all caches and database --reset remove all caches and database
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor) --sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret]) --scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])

10
pkg/commands/app.go
View File

@@ -294,8 +294,9 @@ func NewImageCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
func NewFilesystemCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command { func NewFilesystemCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
reportFlagGroup := flag.NewReportFlagGroup() reportFlagGroup := flag.NewReportFlagGroup()
reportFlagGroup.ReportFormat = nil // TODO: support --report summary reportFormat := flag.ReportFormatFlag
reportFlagGroup.Compliance = nil // disable '--compliance' reportFormat.Usage = "specify a compliance report format for the output. (all,summary)" //@TODO: support --report summary for non compliance reports
reportFlagGroup.ReportFormat = &reportFormat
reportFlagGroup.ExitOnEOL = nil // disable '--exit-on-eol' reportFlagGroup.ExitOnEOL = nil // disable '--exit-on-eol'
fsFlags := &flag.Flags{ fsFlags := &flag.Flags{
@@ -561,9 +562,10 @@ func NewConfigCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
reportFlagGroup.DependencyTree = nil // disable '--dependency-tree' reportFlagGroup.DependencyTree = nil // disable '--dependency-tree'
reportFlagGroup.IgnorePolicy = nil // disable '--ignore-policy' reportFlagGroup.IgnorePolicy = nil // disable '--ignore-policy'
reportFlagGroup.ListAllPkgs = nil // disable '--list-all-pkgs' reportFlagGroup.ListAllPkgs = nil // disable '--list-all-pkgs'
reportFlagGroup.ReportFormat = nil // TODO: support --report summary
reportFlagGroup.Compliance = nil // disable '--compliance'
reportFlagGroup.ExitOnEOL = nil // disable '--exit-on-eol' reportFlagGroup.ExitOnEOL = nil // disable '--exit-on-eol'
reportFormat := flag.ReportFormatFlag
reportFormat.Usage = "specify a compliance report format for the output. (all,summary)" //@TODO: support --report summary for non compliance reports
reportFlagGroup.ReportFormat = &reportFormat
scanFlags := &flag.ScanFlagGroup{ scanFlags := &flag.ScanFlagGroup{
// Enable only '--skip-dirs' and '--skip-files' and disable other flags // Enable only '--skip-dirs' and '--skip-files' and disable other flags