mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-22 23:26:39 -08:00
refactor: add allowed values for CLI flags (#4800)
* refactor: rename Value to Default * refactor: support allowed values for CLI flags * docs: auto-generate * test: fix * test: add tests for flags
This commit is contained in:
Teppei Fukuda
@@ -67,13 +67,13 @@ trivy aws [flags]
|
||||
```
|
||||
--account string The AWS account to scan. It's useful to specify this when reviewing cached results for multiple accounts.
|
||||
--arn string The AWS ARN to show results for. Useful to filter results once a scan is cached.
|
||||
--compliance string compliance report to generate (aws-cis-1.2, aws-cis-1.4)
|
||||
--compliance string compliance report to generate (aws-cis-1.2,aws-cis-1.4)
|
||||
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
|
||||
--config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
|
||||
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
|
||||
--endpoint string AWS Endpoint override
|
||||
--exit-code int specify exit code when any security issues are found
|
||||
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
|
||||
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
|
||||
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
|
||||
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
@@ -87,10 +87,10 @@ trivy aws [flags]
|
||||
-o, --output string output file name
|
||||
--policy-namespaces strings Rego namespaces
|
||||
--region string AWS Region to scan
|
||||
--report string specify a report format for the output. (all,summary) (default "all")
|
||||
--report string specify a report format for the output (all,summary) (default "all")
|
||||
--reset-policy-bundle remove policy bundle
|
||||
--service strings Only scan AWS Service(s) specified with this flag. Can specify multiple services using --service A --service B etc.
|
||||
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
|
||||
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
|
||||
--skip-policy-update skip fetching rego policy updates
|
||||
--skip-service strings Skip selected AWS Service(s) specified with this flag. Can specify multiple services using --skip-service A --skip-service B etc.
|
||||
-t, --template string output template
|
||||
|
||||
@@ -18,7 +18,7 @@ trivy config [flags] DIR
|
||||
--enable-modules strings [EXPERIMENTAL] module names to enable
|
||||
--exit-code int specify exit code when any security issues are found
|
||||
--file-patterns strings specify config file patterns
|
||||
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
|
||||
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
|
||||
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
|
||||
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
@@ -36,9 +36,9 @@ trivy config [flags] DIR
|
||||
--redis-key string redis key file location, if using redis as cache backend
|
||||
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
|
||||
--registry-token string registry token
|
||||
--report string specify a compliance report format for the output. (all,summary) (default "all")
|
||||
--report string specify a compliance report format for the output (all,summary) (default "all")
|
||||
--reset-policy-bundle remove policy bundle
|
||||
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
|
||||
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
|
||||
--skip-dirs strings specify the directories where the traversal is skipped
|
||||
--skip-files strings specify the file paths to skip traversal
|
||||
--skip-policy-update skip fetching rego policy updates
|
||||
|
||||
@@ -22,14 +22,14 @@ trivy convert [flags] RESULT_JSON
|
||||
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
|
||||
--exit-code int specify exit code when any security issues are found
|
||||
--exit-on-eol int exit with the specified code when the OS reaches end of service/life
|
||||
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
|
||||
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
|
||||
-h, --help help for convert
|
||||
--ignore-policy string specify the Rego file path to evaluate each vulnerability
|
||||
--ignorefile string specify .trivyignore file (default ".trivyignore")
|
||||
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
|
||||
-o, --output string output file name
|
||||
--report string specify a report format for the output. (all,summary) (default "all")
|
||||
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
|
||||
--report string specify a report format for the output (all,summary) (default "all")
|
||||
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
|
||||
-t, --template string output template
|
||||
```
|
||||
|
||||
|
||||
@@ -33,7 +33,7 @@ trivy filesystem [flags] PATH
|
||||
--enable-modules strings [EXPERIMENTAL] module names to enable
|
||||
--exit-code int specify exit code when any security issues are found
|
||||
--file-patterns strings specify config file patterns
|
||||
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
|
||||
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
|
||||
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
|
||||
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
@@ -61,14 +61,14 @@ trivy filesystem [flags] PATH
|
||||
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
|
||||
--registry-token string registry token
|
||||
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
|
||||
--report string specify a compliance report format for the output. (all,summary) (default "all")
|
||||
--report string specify a compliance report format for the output (all,summary) (default "all")
|
||||
--reset remove all caches and database
|
||||
--reset-policy-bundle remove policy bundle
|
||||
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
|
||||
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
|
||||
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
|
||||
--server string server address in client mode
|
||||
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
|
||||
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
|
||||
--skip-db-update skip updating vulnerability database
|
||||
--skip-dirs strings specify the directories where the traversal is skipped
|
||||
--skip-files strings specify the file paths to skip traversal
|
||||
|
||||
@@ -50,7 +50,7 @@ trivy image [flags] IMAGE_NAME
|
||||
--exit-code int specify exit code when any security issues are found
|
||||
--exit-on-eol int exit with the specified code when the OS reaches end of service/life
|
||||
--file-patterns strings specify config file patterns
|
||||
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
|
||||
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
|
||||
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
|
||||
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
@@ -60,7 +60,7 @@ trivy image [flags] IMAGE_NAME
|
||||
--ignore-unfixed display only fixed vulnerabilities
|
||||
--ignored-licenses strings specify a list of license to ignore
|
||||
--ignorefile string specify .trivyignore file (default ".trivyignore")
|
||||
--image-config-scanners string comma-separated list of what security issues to detect on container image configurations (config,secret)
|
||||
--image-config-scanners strings comma-separated list of what security issues to detect on container image configurations (config,secret)
|
||||
--image-src strings image source(s) to use, in priority order (docker,containerd,podman,remote) (default [docker,containerd,podman,remote])
|
||||
--include-non-failures include successes and exceptions, available with '--scanners config'
|
||||
--input string input file path instead of image name
|
||||
@@ -82,14 +82,14 @@ trivy image [flags] IMAGE_NAME
|
||||
--registry-token string registry token
|
||||
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
|
||||
--removed-pkgs detect vulnerabilities of removed packages (only for Alpine)
|
||||
--report string specify a format for the compliance report. (default "summary")
|
||||
--report string specify a format for the compliance report. (all,summary) (default "summary")
|
||||
--reset remove all caches and database
|
||||
--reset-policy-bundle remove policy bundle
|
||||
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
|
||||
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
|
||||
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
|
||||
--server string server address in client mode
|
||||
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
|
||||
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
|
||||
--skip-db-update skip updating vulnerability database
|
||||
--skip-dirs strings specify the directories where the traversal is skipped
|
||||
--skip-files strings specify the file paths to skip traversal
|
||||
|
||||
@@ -31,8 +31,8 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
|
||||
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
|
||||
--cache-ttl duration cache TTL when using redis as cache backend
|
||||
--clear-cache clear image caches without scanning
|
||||
--compliance string compliance report to generate (k8s-nsa,k8s-cis, k8s-pss-baseline, k8s-pss-restricted)
|
||||
--components strings specify which components to scan (default [workload,infra])
|
||||
--compliance string compliance report to generate (k8s-nsa,k8s-cis,k8s-pss-baseline,k8s-pss-restricted)
|
||||
--components strings specify which components to scan (workload,infra) (default [workload,infra])
|
||||
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
|
||||
--config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
|
||||
--context string specify a context to scan
|
||||
@@ -43,7 +43,7 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
|
||||
--exclude-nodes strings indicate the node labels that the node-collector job should exclude from scanning (example: kubernetes.io/arch:arm64,team:dev)
|
||||
--exit-code int specify exit code when any security issues are found
|
||||
--file-patterns strings specify config file patterns
|
||||
-f, --format string format (table, json, cyclonedx) (default "table")
|
||||
-f, --format string format (table,json,cyclonedx) (default "table")
|
||||
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
|
||||
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
@@ -72,13 +72,13 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
|
||||
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
|
||||
--registry-token string registry token
|
||||
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
|
||||
--report string specify a report format for the output. (all,summary) (default "all")
|
||||
--report string specify a report format for the output (all,summary) (default "all")
|
||||
--reset remove all caches and database
|
||||
--reset-policy-bundle remove policy bundle
|
||||
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
|
||||
--scanners string comma-separated list of what security issues to detect (vuln,config,secret,license) (default "vuln,config,secret,rbac")
|
||||
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
|
||||
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
|
||||
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
|
||||
--skip-db-update skip updating vulnerability database
|
||||
--skip-dirs strings specify the directories where the traversal is skipped
|
||||
--skip-files strings specify the file paths to skip traversal
|
||||
|
||||
@@ -31,7 +31,7 @@ trivy repository [flags] REPO_URL
|
||||
--enable-modules strings [EXPERIMENTAL] module names to enable
|
||||
--exit-code int specify exit code when any security issues are found
|
||||
--file-patterns strings specify config file patterns
|
||||
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
|
||||
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
|
||||
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
|
||||
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
@@ -64,7 +64,7 @@ trivy repository [flags] REPO_URL
|
||||
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
|
||||
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
|
||||
--server string server address in client mode
|
||||
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
|
||||
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
|
||||
--skip-db-update skip updating vulnerability database
|
||||
--skip-dirs strings specify the directories where the traversal is skipped
|
||||
--skip-files strings specify the file paths to skip traversal
|
||||
|
||||
@@ -36,7 +36,7 @@ trivy rootfs [flags] ROOTDIR
|
||||
--exit-code int specify exit code when any security issues are found
|
||||
--exit-on-eol int exit with the specified code when the OS reaches end of service/life
|
||||
--file-patterns strings specify config file patterns
|
||||
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
|
||||
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
|
||||
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
|
||||
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
@@ -69,7 +69,7 @@ trivy rootfs [flags] ROOTDIR
|
||||
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
|
||||
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
|
||||
--server string server address in client mode
|
||||
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
|
||||
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
|
||||
--skip-db-update skip updating vulnerability database
|
||||
--skip-dirs strings specify the directories where the traversal is skipped
|
||||
--skip-files strings specify the file paths to skip traversal
|
||||
|
||||
@@ -31,7 +31,7 @@ trivy sbom [flags] SBOM_PATH
|
||||
--exit-code int specify exit code when any security issues are found
|
||||
--exit-on-eol int exit with the specified code when the OS reaches end of service/life
|
||||
--file-patterns strings specify config file patterns
|
||||
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
|
||||
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
|
||||
-h, --help help for sbom
|
||||
--ignore-policy string specify the Rego file path to evaluate each vulnerability
|
||||
--ignore-unfixed display only fixed vulnerabilities
|
||||
@@ -49,7 +49,7 @@ trivy sbom [flags] SBOM_PATH
|
||||
--reset remove all caches and database
|
||||
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
|
||||
--server string server address in client mode
|
||||
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
|
||||
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
|
||||
--skip-db-update skip updating vulnerability database
|
||||
--skip-dirs strings specify the directories where the traversal is skipped
|
||||
--skip-files strings specify the file paths to skip traversal
|
||||
|
||||
@@ -34,7 +34,7 @@ trivy vm [flags] VM_IMAGE
|
||||
--exit-code int specify exit code when any security issues are found
|
||||
--exit-on-eol int exit with the specified code when the OS reaches end of service/life
|
||||
--file-patterns strings specify config file patterns
|
||||
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
|
||||
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
|
||||
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
|
||||
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
|
||||
@@ -61,7 +61,7 @@ trivy vm [flags] VM_IMAGE
|
||||
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
|
||||
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
|
||||
--server string server address in client mode
|
||||
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
|
||||
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
|
||||
--skip-db-update skip updating vulnerability database
|
||||
--skip-dirs strings specify the directories where the traversal is skipped
|
||||
--skip-files strings specify the file paths to skip traversal
|
||||
|
||||
Reference in New Issue
Block a user