chore(deps): bump the docker group across 1 directory with 2 updates

Bumps the docker group with 2 updates in the / directory: [github.com/docker/cli](https://github.com/docker/cli) and [github.com/moby/buildkit](https://github.com/moby/buildkit).


Updates `github.com/docker/cli` from 29.1.1+incompatible to 29.1.3+incompatible
- [Commits](https://github.com/docker/cli/compare/v29.1.1...v29.1.3)

Updates `github.com/moby/buildkit` from 0.26.2 to 0.26.3
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](https://github.com/moby/buildkit/compare/v0.26.2...v0.26.3)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-version: 29.1.3+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: docker
- dependency-name: github.com/moby/buildkit
  dependency-version: 0.26.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: docker
...

Signed-off-by: dependabot[bot] <support@github.com>

docs/guide/references/configuration/config-file.md

@@ -3,7 +3,7 @@
 Trivy can be customized by tweaking a `trivy.yaml` file.
 The config path can be overridden by the `--config` flag.
 
-An example is [here][example] and a [JSON Schema][schema] is also available.
+An example is [here][example].
 
 These samples contain default values for flags.
 ## Global options
@@ -668,5 +668,4 @@ vulnerability:
   vex: []
 
 ```
-[example]: https://github.com/aquasecurity/trivy/blob/{{ git.tag }}/examples/trivy-conf/trivy.yaml
-[schema]: https://github.com/aquasecurity/trivy/blob/{{ git.tag }}/schema/trivy-config.json
+[example]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/examples/trivy-conf/trivy.yaml

go.mod

@@ -41,7 +41,7 @@ require (
 	github.com/containerd/containerd/v2 v2.2.0
 	github.com/containerd/platforms v1.0.0-rc.2
 	github.com/distribution/reference v0.6.0
-	github.com/docker/cli v29.1.1+incompatible
+	github.com/docker/cli v29.1.3+incompatible
 	github.com/docker/docker v28.5.2+incompatible
 	github.com/docker/go-connections v0.6.0
 	github.com/docker/go-units v0.5.0
@@ -81,7 +81,7 @@ require (
 	github.com/mattn/go-shellwords v1.0.12
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/mitchellh/hashstructure/v2 v2.0.2
-	github.com/moby/buildkit v0.26.2
+	github.com/moby/buildkit v0.26.3
 	github.com/moby/docker-image-spec v1.3.1
 	github.com/moby/moby/client v0.2.1 // indirect
 	github.com/open-policy-agent/opa v1.11.0
@@ -135,7 +135,6 @@ require (
 
 require (
 	github.com/go-ini/ini v1.67.0
-	github.com/invopop/jsonschema v0.13.0
 	github.com/nikolalohinski/gonja/v2 v2.4.2
 )
 
@@ -204,7 +203,6 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sso v1.30.4 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.8 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.41.1 // indirect
-	github.com/bahlo/generic-list-go v0.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
@@ -213,7 +211,6 @@ require (
 	github.com/bufbuild/buf v1.56.0 // indirect
 	github.com/bufbuild/protocompile v0.14.1 // indirect
 	github.com/bufbuild/protoplugin v0.0.0-20250218205857-750e09ce93e1 // indirect
-	github.com/buger/jsonparser v1.1.1 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
@@ -344,7 +341,6 @@ require (
 	github.com/lufia/plan9stats v0.0.0-20240226150601-1dcf7310316a // indirect
 	github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40 // indirect
 	github.com/magiconair/properties v1.8.10 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.16 // indirect
@@ -436,7 +432,6 @@ require (
 	github.com/vektah/gqlparser/v2 v2.5.31 // indirect
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
-	github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect

go.sum

@@ -286,8 +286,6 @@ github.com/aws/smithy-go v1.23.2 h1:Crv0eatJUQhaManss33hS5r40CG3ZFH+21XSkqMrIUM=
 github.com/aws/smithy-go v1.23.2/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0=
 github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M=
 github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8/go.mod h1:2JF49jcDOrLStIXN/j/K1EKRq8a8R2qRnlZA6/o/c7c=
-github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk=
-github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas=
@@ -312,8 +310,6 @@ github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/
 github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c=
 github.com/bufbuild/protoplugin v0.0.0-20250218205857-750e09ce93e1 h1:V1xulAoqLqVg44rY97xOR+mQpD2N+GzhMHVwJ030WEU=
 github.com/bufbuild/protoplugin v0.0.0-20250218205857-750e09ce93e1/go.mod h1:c5D8gWRIZ2HLWO3gXYTtUfw/hbJyD8xikv2ooPxnklQ=
-github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
-github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/buildkite/agent/v3 v3.62.0 h1:yvzSjI8Lgifw883I8m9u8/L/Thxt4cLFd5aWPn3gg70=
 github.com/buildkite/agent/v3 v3.62.0/go.mod h1:jN6SokGXrVNNIpI0BGQ+j5aWeI3gin8F+3zwA5Q6gqM=
 github.com/buildkite/go-pipeline v0.3.2 h1:SW4EaXNwfjow7xDRPGgX0Rcx+dPj5C1kV9LKCLjWGtM=
@@ -428,8 +424,8 @@ github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5
 github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
 github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI=
 github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
-github.com/docker/cli v29.1.1+incompatible h1:gGQk5qx62yPKRm3bUdKBzmDBSQzp17hlSLbV1F7jjys=
-github.com/docker/cli v29.1.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v29.1.3+incompatible h1:+kz9uDWgs+mAaIZojWfFt4d53/jv0ZUOOoSh5ZnH36c=
+github.com/docker/cli v29.1.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
@@ -770,8 +766,6 @@ github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/invopop/jsonschema v0.13.0 h1:KvpoAJWEjR3uD9Kbm2HWJmqsEaHt8lBUpd0qHcIi21E=
-github.com/invopop/jsonschema v0.13.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jdx/go-netrc v1.0.0 h1:QbLMLyCZGj0NA8glAhxUpf1zDg6cxnWgMBbjq40W0gQ=
@@ -792,7 +786,6 @@ github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
 github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
 github.com/josephburnett/jd/v2 v2.3.0 h1:AyNT0zSStJ2j28zutWDO4fkc95JoICryWQRmDTRzPTQ=
 github.com/josephburnett/jd/v2 v2.3.0/go.mod h1:0I5+gbo7y8diuajJjm79AF44eqTheSJy1K7DSbIUFAQ=
-github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
@@ -863,8 +856,6 @@ github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg=
 github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
 github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE=
 github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
-github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
-github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/masahiro331/go-disk v0.0.0-20240625071113-56c933208fee h1:cgm8mE25x5XXX2oyvJDlyJ72K+rDu/4ZCYce2worNb8=
 github.com/masahiro331/go-disk v0.0.0-20240625071113-56c933208fee/go.mod h1:rojbW5tVhH1cuVYFKZS+QX+VGXK45JVsRO+jW92kkKM=
 github.com/masahiro331/go-ebs-file v0.0.0-20240917043618-e6d2bea5c32e h1:nCgF1JEYIS8KNuJtIeUrmjjhktIMKWNmASZqwK2ynu0=
@@ -911,8 +902,8 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/moby/buildkit v0.26.2 h1:EIh5j0gzRsCZmQzvgNNWzSDbuKqwUIiBH7ssqLv8RU8=
-github.com/moby/buildkit v0.26.2/go.mod h1:ylDa7IqzVJgLdi/wO7H1qLREFQpmhFbw2fbn4yoTw40=
+github.com/moby/buildkit v0.26.3 h1:D+ruZVAk/3ipRq5XRxBH9/DIFpRjSlTtMbghT5gQP9g=
+github.com/moby/buildkit v0.26.3/go.mod h1:4T4wJzQS4kYWIfFRjsbJry4QoxDBjK+UGOEOs1izL7w=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
 github.com/moby/go-archive v0.1.0 h1:Kk/5rdW/g+H8NHdJW2gsXyZ7UnzvJNOy6VKJqueWdcQ=
@@ -1247,8 +1238,6 @@ github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21
 github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
 github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
 github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
-github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc=
-github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xanzy/go-gitlab v0.102.0 h1:ExHuJ1OTQ2yt25zBMMj0G96ChBirGYv8U7HyUiYkZ+4=

magefiles/config_schema.go

@@ -1,148 +0,0 @@
-//go:build mage_docs
-
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-	"strings"
-	"time"
-
-	"github.com/invopop/jsonschema"
-
-	"github.com/aquasecurity/trivy/pkg/flag"
-)
-
-// JSON Schema type constants
-const (
-	schemaTypeString  = "string"
-	schemaTypeBoolean = "boolean"
-	schemaTypeInteger = "integer"
-	schemaTypeNumber  = "number"
-	schemaTypeArray   = "array"
-	schemaTypeObject  = "object"
-)
-
-const configSchemaPath = "schema/trivy-config.json"
-
-// generateConfigSchema generates a JSON schema for trivy.yaml configuration file.
-func generateConfigSchema(outputPath string, allFlagGroups []flag.FlagGroup) error {
-	root := &jsonschema.Schema{
-		Version:     jsonschema.Version,
-		Type:        schemaTypeObject,
-		Title:       "Trivy Configuration",
-		Description: "Configuration file for Trivy security scanner (trivy.yaml)",
-		Properties:  jsonschema.NewProperties(),
-	}
-
-	for _, group := range allFlagGroups {
-		for _, f := range group.Flags() {
-			configName := f.GetConfigName()
-			if configName == "" || f.Hidden() {
-				continue
-			}
-			if err := addFlagToSchema(root, f); err != nil {
-				return err
-			}
-		}
-	}
-
-	data, err := json.MarshalIndent(root, "", "  ")
-	if err != nil {
-		return err
-	}
-
-	// Ensure directory exists
-	if err := os.MkdirAll("schema", 0755); err != nil {
-		return err
-	}
-
-	return os.WriteFile(outputPath, data, 0644)
-}
-
-// addFlagToSchema adds a flag to the schema, creating nested objects as needed.
-func addFlagToSchema(root *jsonschema.Schema, f flag.Flagger) error {
-	configName := f.GetConfigName()
-	parts := strings.Split(configName, ".")
-
-	// Split into parent path and leaf name
-	parentParts, leafName := parts[:len(parts)-1], parts[len(parts)-1]
-
-	// Navigate/create intermediate objects
-	current := root
-	for _, part := range parentParts {
-		if existing, ok := current.Properties.Get(part); ok {
-			current = existing
-		} else {
-			newSchema := &jsonschema.Schema{
-				Type:       schemaTypeObject,
-				Properties: jsonschema.NewProperties(),
-			}
-			current.Properties.Set(part, newSchema)
-			current = newSchema
-		}
-	}
-
-	// Add the leaf property
-	schema, err := schemaFromFlag(f)
-	if err != nil {
-		return err
-	}
-	current.Properties.Set(leafName, schema)
-	return nil
-}
-
-// schemaFromFlag creates a JSON schema based on the flag's type, description, and allowed values.
-func schemaFromFlag(f flag.Flagger) (*jsonschema.Schema, error) {
-	schema, err := schemaFromFlagValue(f.GetDefaultValue())
-	if err != nil {
-		return nil, fmt.Errorf("flag %q: %w", f.GetConfigName(), err)
-	}
-
-	// Add description from Usage
-	if usage := f.GetUsage(); usage != "" {
-		schema.Description = usage
-	}
-
-	// Add enum if Values is set
-	if values := f.GetValues(); len(values) > 0 {
-		schema.Enum = make([]any, len(values))
-		for i, v := range values {
-			schema.Enum[i] = v
-		}
-	}
-
-	return schema, nil
-}
-
-// schemaFromFlagValue creates a JSON schema based on the flag's default value type.
-func schemaFromFlagValue(val any) (*jsonschema.Schema, error) {
-	switch val.(type) {
-	case string:
-		return &jsonschema.Schema{Type: schemaTypeString}, nil
-	case bool:
-		return &jsonschema.Schema{Type: schemaTypeBoolean}, nil
-	case int:
-		return &jsonschema.Schema{Type: schemaTypeInteger}, nil
-	case float64:
-		return &jsonschema.Schema{Type: schemaTypeNumber}, nil
-	case []string:
-		return &jsonschema.Schema{
-			Type:  schemaTypeArray,
-			Items: &jsonschema.Schema{Type: schemaTypeString},
-		}, nil
-	case time.Duration:
-		return &jsonschema.Schema{Type: schemaTypeString}, nil
-	case map[string][]string:
-		return &jsonschema.Schema{
-			Type: schemaTypeObject,
-			AdditionalProperties: &jsonschema.Schema{
-				Type:  schemaTypeArray,
-				Items: &jsonschema.Schema{Type: schemaTypeString},
-			},
-		}, nil
-	default:
-		return nil, fmt.Errorf("unknown type %T, please update schemaFromFlagValue()", val)
-	}
-}

magefiles/docs.go

@@ -20,10 +20,9 @@ const (
 	title       = "Config file"
 	description = "Trivy can be customized by tweaking a `trivy.yaml` file.\n" +
 		"The config path can be overridden by the `--config` flag.\n\n" +
-		"An example is [here][example] and a [JSON Schema][schema] is also available.\n\n" +
+		"An example is [here][example].\n\n" +
 		"These samples contain default values for flags."
-	footer = "[example]: https://github.com/aquasecurity/trivy/blob/{{ git.tag }}/examples/trivy-conf/trivy.yaml\n" +
-		"[schema]: https://github.com/aquasecurity/trivy/blob/{{ git.tag }}/schema/trivy-config.json"
+	footer = "[example]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/examples/trivy-conf/trivy.yaml"
 )
 
 // Generate CLI references
@@ -48,9 +47,6 @@ func main() {
 	if err := generateTelemetryFlagDocs("./docs/guide/advanced/telemetry-flags.md", allFlagGroups); err != nil {
 		log.Fatal("Fatal error in telemetry docs generation", log.Err(err))
 	}
-	if err := generateConfigSchema(configSchemaPath, allFlagGroups); err != nil {
-		log.Fatal("Fatal error in config schema generation", log.Err(err))
-	}
 }
 
 // generateTelemetryFlagDocs updates the telemetry section in the documentation file

pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go

@@ -1,27 +1,31 @@
 package dpkg
 
 import (
+	"os"
+	"path/filepath"
 	"sort"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/aquasecurity/trivy/internal/testutil"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
+	"github.com/aquasecurity/trivy/pkg/mapfs"
 )
 
 func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 	tests := []struct {
-		name    string
-		txtar   string
-		want    *analyzer.AnalysisResult
-		wantErr bool
+		name string
+		// testFiles contains path in testdata and path in OS
+		// e.g. tar.md5sums => var/lib/dpkg/info/tar.md5sums
+		testFiles map[string]string
+		want      *analyzer.AnalysisResult
+		wantErr   bool
 	}{
 		{
-			name:  "valid",
-			txtar: "testdata/valid.txtar",
+			name:      "valid",
+			testFiles: map[string]string{"./testdata/dpkg": "var/lib/dpkg/status"},
 			want: &analyzer.AnalysisResult{
 				PackageInfos: []types.PackageInfo{
 					{
@@ -1391,8 +1395,8 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 			},
 		},
 		{
-			name:  "corrupsed",
-			txtar: "testdata/corrupsed.txtar",
+			name:      "corrupsed",
+			testFiles: map[string]string{"./testdata/corrupsed": "var/lib/dpkg/status"},
 			want: &analyzer.AnalysisResult{
 				PackageInfos: []types.PackageInfo{
 					{
@@ -1453,8 +1457,8 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 			},
 		},
 		{
-			name:  "only apt",
-			txtar: "testdata/only-apt.txtar",
+			name:      "only apt",
+			testFiles: map[string]string{"./testdata/dpkg_apt": "var/lib/dpkg/status"},
 			want: &analyzer.AnalysisResult{
 				PackageInfos: []types.PackageInfo{
 					{
@@ -1472,8 +1476,11 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 			},
 		},
 		{
-			name:  "happy path with digests",
-			txtar: "testdata/digest.txtar",
+			name: "happy path with digests",
+			testFiles: map[string]string{
+				"./testdata/digest-status":    "var/lib/dpkg/status",
+				"./testdata/digest-available": "var/lib/dpkg/available",
+			},
 			want: &analyzer.AnalysisResult{
 				PackageInfos: []types.PackageInfo{
 					{
@@ -1510,8 +1517,11 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 			},
 		},
 		{
-			name:  "md5sums",
-			txtar: "testdata/md5sums.txtar",
+			name: "md5sums",
+			testFiles: map[string]string{
+				"./testdata/tar-status":  "var/lib/dpkg/status",
+				"./testdata/tar.md5sums": "var/lib/dpkg/info/tar.md5sums",
+			},
 			want: &analyzer.AnalysisResult{
 				PackageInfos: []types.PackageInfo{
 					{
@@ -1565,8 +1575,8 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 			},
 		},
 		{
-			name:  "third-party package",
-			txtar: "testdata/third-party.txtar",
+			name:      "third-party package",
+			testFiles: map[string]string{"./testdata/dpkg-third-party": "var/lib/dpkg/status"},
 			want: &analyzer.AnalysisResult{
 				PackageInfos: []types.PackageInfo{
 					{
@@ -1606,10 +1616,18 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			a, err := newDpkgAnalyzer(analyzer.AnalyzerOptions{})
 			require.NoError(t, err)
+			ctx := t.Context()
 
-			fsys := testutil.TxtarToFS(t, tt.txtar)
-			got, err := a.PostAnalyze(t.Context(), analyzer.PostAnalysisInput{
-				FS: fsys,
+			mfs := mapfs.New()
+			for testPath, osPath := range tt.testFiles {
+				err = mfs.MkdirAll(filepath.Dir(osPath), os.ModePerm)
+				require.NoError(t, err)
+				err = mfs.WriteFile(osPath, testPath)
+				require.NoError(t, err)
+			}
+
+			got, err := a.PostAnalyze(ctx, analyzer.PostAnalysisInput{
+				FS: mfs,
 			})
 			require.NoError(t, err)
 

pkg/fanal/analyzer/pkg/dpkg/testdata/corrupsed

@@ -1,6 +1,3 @@
-Test data for corrupted dpkg status file parsing.
-
--- var/lib/dpkg/status --
 Package: libpam-runtime
 Status: install ok installed
 Priority: required

pkg/fanal/analyzer/pkg/dpkg/testdata/digest-available

@@ -1,49 +1,3 @@
-Test data for dpkg status with digests from available file.
-
--- var/lib/dpkg/status --
-Package: sed
-Essential: yes
-Status: install ok installed
-Priority: required
-Section: utils
-Installed-Size: 320
-Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
-Architecture: amd64
-Multi-Arch: foreign
-Version: 4.4-2
-Pre-Depends: libc6 (>= 2.14), libselinux1 (>= 1.32)
-Description: GNU stream editor for filtering/transforming text
- sed reads the specified files or the standard input if no
- files are specified, makes editing changes according to a
- list of commands, and writes the results to the standard
- output.
-Original-Maintainer: Clint Adams <clint@debian.org>
-Homepage: https://www.gnu.org/software/sed/
-
-Package: tar
-Essential: yes
-Status: install ok installed
-Priority: required
-Section: utils
-Installed-Size: 3152
-Maintainer: Janos Lenart <ocsi@debian.org>
-Architecture: amd64
-Multi-Arch: foreign
-Version: 1.34+dfsg-1
-Replaces: cpio (<< 2.4.2-39)
-Pre-Depends: libacl1 (>= 2.2.23), libc6 (>= 2.28), libselinux1 (>= 3.1~)
-Suggests: bzip2, ncompress, xz-utils, tar-scripts, tar-doc
-Breaks: dpkg-dev (<< 1.14.26)
-Conflicts: cpio (<= 2.4.2-38)
-Description: GNU version of the tar archiving utility
- Tar is a program for packaging a set of files as a single archive in tar
- format.  The function it performs is conceptually similar to cpio, and to
- things like PKZIP in the DOS world.  It is heavily used by the Debian package
- management system, and is useful for performing system backups and exchanging
- sets of files with others.
-Homepage: https://www.gnu.org/software/tar/
-
--- var/lib/dpkg/available --
 Package: tar
 Version: 1.34+dfsg-1
 Essential: yes

pkg/fanal/analyzer/pkg/dpkg/testdata/digest-status

@@ -0,0 +1,41 @@
+Package: sed
+Essential: yes
+Status: install ok installed
+Priority: required
+Section: utils
+Installed-Size: 320
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+Architecture: amd64
+Multi-Arch: foreign
+Version: 4.4-2
+Pre-Depends: libc6 (>= 2.14), libselinux1 (>= 1.32)
+Description: GNU stream editor for filtering/transforming text
+ sed reads the specified files or the standard input if no
+ files are specified, makes editing changes according to a
+ list of commands, and writes the results to the standard
+ output.
+Original-Maintainer: Clint Adams <clint@debian.org>
+Homepage: https://www.gnu.org/software/sed/
+
+Package: tar
+Essential: yes
+Status: install ok installed
+Priority: required
+Section: utils
+Installed-Size: 3152
+Maintainer: Janos Lenart <ocsi@debian.org>
+Architecture: amd64
+Multi-Arch: foreign
+Version: 1.34+dfsg-1
+Replaces: cpio (<< 2.4.2-39)
+Pre-Depends: libacl1 (>= 2.2.23), libc6 (>= 2.28), libselinux1 (>= 3.1~)
+Suggests: bzip2, ncompress, xz-utils, tar-scripts, tar-doc
+Breaks: dpkg-dev (<< 1.14.26)
+Conflicts: cpio (<= 2.4.2-38)
+Description: GNU version of the tar archiving utility
+ Tar is a program for packaging a set of files as a single archive in tar
+ format.  The function it performs is conceptually similar to cpio, and to
+ things like PKZIP in the DOS world.  It is heavily used by the Debian package
+ management system, and is useful for performing system backups and exchanging
+ sets of files with others.
+Homepage: https://www.gnu.org/software/tar/

pkg/fanal/analyzer/pkg/dpkg/testdata/dpkg

@@ -1,6 +1,3 @@
-Test data for valid dpkg status file parsing.
-
--- var/lib/dpkg/status --
 Package: fdisk
 Status: install ok installed
 Priority: important

pkg/fanal/analyzer/pkg/dpkg/testdata/dpkg-third-party

@@ -1,6 +1,3 @@
-Test data for third-party package detection.
-
--- var/lib/dpkg/status --
 Package: docker-ce
 Status: install ok installed
 Priority: optional

pkg/fanal/analyzer/pkg/dpkg/testdata/dpkg_apt

@@ -1,6 +1,3 @@
-Test data for single apt package.
-
--- var/lib/dpkg/status --
 Package: apt
 Status: install ok installed
 Priority: important

pkg/fanal/analyzer/pkg/dpkg/testdata/tar-status

@@ -0,0 +1,17 @@
+Package: tar
+Essential: yes
+Status: install ok installed
+Priority: required
+Section: utils
+Installed-Size: 864
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+Architecture: amd64
+Multi-Arch: foreign
+Version: 1.29b-2
+Replaces: cpio (<< 2.4.2-39)
+Pre-Depends: libacl1 (>= 2.2.51-8), libc6 (>= 2.17), libselinux1 (>= 1.32)
+Suggests: bzip2, ncompress, xz-utils, tar-scripts, tar-doc
+Breaks: dpkg-dev (<< 1.14.26)
+Conflicts: cpio (<= 2.4.2-38)
+Description: GNU version of the tar archiving utility
+

pkg/fanal/analyzer/pkg/dpkg/testdata/tar.md5sums

@@ -1,24 +1,3 @@
-Test data for dpkg with md5sums file.
-
--- var/lib/dpkg/status --
-Package: tar
-Essential: yes
-Status: install ok installed
-Priority: required
-Section: utils
-Installed-Size: 864
-Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
-Architecture: amd64
-Multi-Arch: foreign
-Version: 1.29b-2
-Replaces: cpio (<< 2.4.2-39)
-Pre-Depends: libacl1 (>= 2.2.51-8), libc6 (>= 2.17), libselinux1 (>= 1.32)
-Suggests: bzip2, ncompress, xz-utils, tar-scripts, tar-doc
-Breaks: dpkg-dev (<< 1.14.26)
-Conflicts: cpio (<= 2.4.2-38)
-Description: GNU version of the tar archiving utility
-
--- var/lib/dpkg/info/tar.md5sums --
 25de5fcdc3c8ebd9c9f599fb7a899b40  usr/bin/tar
 5bf0e62990e0b668830ceb2c8615b497  usr/lib/mime/packages/tar
 de1096fbccdc14324196fc6829324ebc  usr/sbin/rmt-tar

pkg/flag/options.go

@@ -233,14 +233,6 @@ func (f *Flag[T]) GetAliases() []Alias {
 	return f.Aliases
 }
 
-func (f *Flag[T]) GetUsage() string {
-	return f.Usage
-}
-
-func (f *Flag[T]) GetValues() []string {
-	return f.Values
-}
-
 func (f *Flag[T]) IsTelemetrySafe() bool {
 	return f.TelemetrySafe
 }
@@ -385,8 +377,6 @@ type Flagger interface {
 	GetConfigName() string
 	GetDefaultValue() any
 	GetAliases() []Alias
-	GetUsage() string
-	GetValues() []string
 	Hidden() bool
 	IsTelemetrySafe() bool
 	IsSet() bool

schema/trivy-config.json

@@ -1,933 +0,0 @@
-{
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "properties": {
-    "quiet": {
-      "type": "boolean",
-      "description": "suppress progress bar and log output"
-    },
-    "debug": {
-      "type": "boolean",
-      "description": "debug mode"
-    },
-    "insecure": {
-      "type": "boolean",
-      "description": "allow insecure server connections"
-    },
-    "cacert": {
-      "type": "string",
-      "description": "Path to PEM-encoded CA certificate file"
-    },
-    "timeout": {
-      "type": "string",
-      "description": "timeout"
-    },
-    "cache": {
-      "properties": {
-        "dir": {
-          "type": "string",
-          "description": "cache directory"
-        },
-        "backend": {
-          "type": "string",
-          "description": "[EXPERIMENTAL] cache backend (e.g. redis://localhost:6379)"
-        },
-        "ttl": {
-          "type": "string",
-          "description": "cache TTL when using redis as cache backend"
-        },
-        "redis": {
-          "properties": {
-            "tls": {
-              "type": "boolean",
-              "description": "enable redis TLS with public certificates, if using redis as cache backend"
-            },
-            "ca": {
-              "type": "string",
-              "description": "redis ca file location, if using redis as cache backend"
-            },
-            "cert": {
-              "type": "string",
-              "description": "redis certificate file location, if using redis as cache backend"
-            },
-            "key": {
-              "type": "string",
-              "description": "redis key file location, if using redis as cache backend"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "clean": {
-      "properties": {
-        "all": {
-          "type": "boolean",
-          "description": "remove all caches"
-        },
-        "scan-cache": {
-          "type": "boolean",
-          "description": "remove scan cache (container and VM image analysis results)"
-        },
-        "vuln-db": {
-          "type": "boolean",
-          "description": "remove vulnerability database"
-        },
-        "java-db": {
-          "type": "boolean",
-          "description": "remove Java database"
-        },
-        "checks-bundle": {
-          "type": "boolean",
-          "description": "remove checks bundle"
-        },
-        "vex-repo": {
-          "type": "boolean",
-          "description": "remove VEX repositories"
-        }
-      },
-      "type": "object"
-    },
-    "server": {
-      "properties": {
-        "token": {
-          "type": "string",
-          "description": "for authentication in client/server mode"
-        },
-        "token-header": {
-          "type": "string",
-          "description": "specify a header name for token in client/server mode"
-        },
-        "addr": {
-          "type": "string",
-          "description": "server address in client mode"
-        },
-        "custom-headers": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "custom headers in client mode"
-        },
-        "listen": {
-          "type": "string",
-          "description": "listen address in server mode"
-        }
-      },
-      "type": "object"
-    },
-    "db": {
-      "properties": {
-        "download-only": {
-          "type": "boolean",
-          "description": "download/update vulnerability database but don't run a scan"
-        },
-        "skip-update": {
-          "type": "boolean",
-          "description": "skip updating vulnerability database"
-        },
-        "download-java-only": {
-          "type": "boolean",
-          "description": "download/update Java index database but don't run a scan"
-        },
-        "java-skip-update": {
-          "type": "boolean",
-          "description": "skip updating Java index database"
-        },
-        "no-progress": {
-          "type": "boolean",
-          "description": "suppress progress bar"
-        },
-        "repository": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "OCI repository(ies) to retrieve trivy-db in order of priority"
-        },
-        "java-repository": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "OCI repository(ies) to retrieve trivy-java-db in order of priority"
-        }
-      },
-      "type": "object"
-    },
-    "image": {
-      "properties": {
-        "input": {
-          "type": "string",
-          "description": "input file path instead of image name"
-        },
-        "image-config-scanners": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "enum": [
-            "misconfig",
-            "secret"
-          ],
-          "description": "comma-separated list of what security issues to detect on container image configurations"
-        },
-        "removed-pkgs": {
-          "type": "boolean",
-          "description": "detect vulnerabilities of removed packages (only for Alpine)"
-        },
-        "platform": {
-          "type": "string",
-          "description": "set platform in the form os/arch if image is multi-platform capable"
-        },
-        "docker": {
-          "properties": {
-            "host": {
-              "type": "string",
-              "description": "unix domain socket path to use for docker scanning"
-            }
-          },
-          "type": "object"
-        },
-        "podman": {
-          "properties": {
-            "host": {
-              "type": "string",
-              "description": "unix podman socket path to use for podman scanning"
-            }
-          },
-          "type": "object"
-        },
-        "source": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "enum": [
-            "docker",
-            "containerd",
-            "podman",
-            "remote"
-          ],
-          "description": "image source(s) to use, in priority order"
-        },
-        "max-size": {
-          "type": "string",
-          "description": "[EXPERIMENTAL] maximum image size to process, specified in a human-readable format (e.g., '44kB', '17MB'); an error will be returned if the image exceeds this size"
-        }
-      },
-      "type": "object"
-    },
-    "kubernetes": {
-      "properties": {
-        "kubeconfig": {
-          "type": "string",
-          "description": "specify the kubeconfig file path to use"
-        },
-        "k8s-version": {
-          "type": "string",
-          "description": "specify k8s version to validate outdated api by it (example: 1.21.0)"
-        },
-        "disableNodeCollector": {
-          "type": "boolean",
-          "description": "When the flag is activated, the node-collector job will not be executed, thus skipping misconfiguration findings on the node."
-        },
-        "tolerations": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "specify node-collector job tolerations (example: key1=value1:NoExecute,key2=value2:NoSchedule)"
-        },
-        "node-collector": {
-          "properties": {
-            "namespace": {
-              "type": "string",
-              "description": "specify the namespace in which the node-collector job should be deployed"
-            },
-            "imageref": {
-              "type": "string",
-              "description": "indicate the image reference for the node-collector scan job"
-            }
-          },
-          "type": "object"
-        },
-        "exclude": {
-          "properties": {
-            "owned": {
-              "type": "boolean",
-              "description": "exclude resources that have an owner reference"
-            },
-            "nodes": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array",
-              "description": "indicate the node labels that the node-collector job should exclude from scanning (example: kubernetes.io/arch:arm64,team:dev)"
-            }
-          },
-          "type": "object"
-        },
-        "excludeKinds": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "indicate the kinds exclude from scanning (example: node)"
-        },
-        "includeKinds": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "indicate the kinds included in scanning (example: node)"
-        },
-        "excludeNamespaces": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "indicate the namespaces excluded from scanning (example: kube-system)"
-        },
-        "includeNamespaces": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "indicate the namespaces included in scanning (example: kube-system)"
-        },
-        "qps": {
-          "type": "number",
-          "description": "specify the maximum QPS to the master from this client"
-        },
-        "skipImages": {
-          "type": "boolean",
-          "description": "skip the downloading and scanning of images (vulnerabilities and secrets) in the cluster resources"
-        },
-        "burst": {
-          "type": "integer",
-          "description": "specify the maximum burst for throttle"
-        }
-      },
-      "type": "object"
-    },
-    "license": {
-      "properties": {
-        "full": {
-          "type": "boolean",
-          "description": "eagerly look for licenses in source code headers and license files"
-        },
-        "ignored": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "specify a list of license to ignore"
-        },
-        "forbidden": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "forbidden licenses"
-        },
-        "restricted": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "restricted licenses"
-        },
-        "reciprocal": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "reciprocal licenses"
-        },
-        "notice": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "notice licenses"
-        },
-        "permissive": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "permissive licenses"
-        },
-        "unencumbered": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "unencumbered licenses"
-        },
-        "confidenceLevel": {
-          "type": "number",
-          "description": "specify license classifier's confidence level"
-        }
-      },
-      "type": "object"
-    },
-    "misconfiguration": {
-      "properties": {
-        "include-non-failures": {
-          "type": "boolean",
-          "description": "include successes, available with '--scanners misconfig'"
-        },
-        "checks-bundle-repository": {
-          "type": "string",
-          "description": "OCI registry URL to retrieve checks bundle from"
-        },
-        "helm": {
-          "properties": {
-            "set": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array",
-              "description": "specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)"
-            },
-            "values": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array",
-              "description": "specify paths to override the Helm values.yaml files"
-            },
-            "set-file": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array",
-              "description": "specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)"
-            },
-            "set-string": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array",
-              "description": "specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)"
-            },
-            "api-versions": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array",
-              "description": "Available API versions used for Capabilities.APIVersions. This flag is the same as the api-versions flag of the helm template command. (can specify multiple or separate values with commas: policy/v1/PodDisruptionBudget,apps/v1/Deployment)"
-            },
-            "kube-version": {
-              "type": "string",
-              "description": "Kubernetes version used for Capabilities.KubeVersion. This flag is the same as the kube-version flag of the helm template command."
-            }
-          },
-          "type": "object"
-        },
-        "terraform": {
-          "properties": {
-            "vars": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array",
-              "description": "specify paths to override the Terraform tfvars files"
-            },
-            "exclude-downloaded-modules": {
-              "type": "boolean",
-              "description": "exclude misconfigurations for downloaded terraform modules"
-            }
-          },
-          "type": "object"
-        },
-        "cloudformation": {
-          "properties": {
-            "params": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array",
-              "description": "specify paths to override the CloudFormation parameters files"
-            }
-          },
-          "type": "object"
-        },
-        "scanners": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "comma-separated list of misconfig scanners to use for misconfiguration scanning"
-        },
-        "config-file-schemas": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking"
-        },
-        "render-cause": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "enum": [
-            "terraform",
-            "ansible"
-          ],
-          "description": "specify configuration types for which the rendered causes will be shown in the table report"
-        },
-        "raw-config-scanners": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "enum": [
-            "terraform"
-          ],
-          "description": "specify the types of scanners that will also scan raw configurations. For example, scanners will scan a non-adapted configuration into a shared state"
-        }
-      },
-      "type": "object"
-    },
-    "ansible": {
-      "properties": {
-        "playbooks": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "specify playbook file path(s) to scan"
-        },
-        "inventories": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "specify inventory host path or comma separated host list"
-        },
-        "extra-vars": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "set additional variables as key=value or @file (YAML/JSON)"
-        }
-      },
-      "type": "object"
-    },
-    "module": {
-      "properties": {
-        "dir": {
-          "type": "string",
-          "description": "specify directory to the wasm modules that will be loaded"
-        },
-        "enable-modules": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "[EXPERIMENTAL] module names to enable"
-        }
-      },
-      "type": "object"
-    },
-    "pkg": {
-      "properties": {
-        "include-dev-deps": {
-          "type": "boolean",
-          "description": "include development dependencies in the report (supported: npm, yarn, gradle)"
-        },
-        "types": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "enum": [
-            "os",
-            "library"
-          ],
-          "description": "list of package types"
-        },
-        "relationships": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "enum": [
-            "unknown",
-            "root",
-            "workspace",
-            "direct",
-            "indirect"
-          ],
-          "description": "list of package relationships"
-        }
-      },
-      "type": "object"
-    },
-    "registry": {
-      "properties": {
-        "username": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "username. Comma-separated usernames allowed."
-        },
-        "password": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons."
-        },
-        "password-stdin": {
-          "type": "boolean",
-          "description": "password from stdin. Comma-separated passwords are not supported."
-        },
-        "token": {
-          "type": "string",
-          "description": "registry token"
-        },
-        "mirrors": {
-          "additionalProperties": {
-            "items": {
-              "type": "string"
-            },
-            "type": "array"
-          },
-          "type": "object",
-          "description": "map of hosts and registries for them."
-        }
-      },
-      "type": "object"
-    },
-    "rego": {
-      "properties": {
-        "include-deprecated-checks": {
-          "type": "boolean",
-          "description": "include deprecated checks"
-        },
-        "skip-check-update": {
-          "type": "boolean",
-          "description": "skip fetching rego check updates"
-        },
-        "trace": {
-          "type": "boolean",
-          "description": "enable more verbose trace output for custom queries"
-        },
-        "check": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "specify the paths to the Rego check files or to the directories containing them, applying config files"
-        },
-        "data": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "specify paths from which data for the Rego checks will be recursively loaded"
-        },
-        "namespaces": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "Rego namespaces"
-        },
-        "error-limit": {
-          "type": "integer",
-          "description": "maximum number of compile errors allowed during Rego policy evaluation"
-        }
-      },
-      "type": "object"
-    },
-    "format": {
-      "type": "string",
-      "enum": [
-        "table",
-        "json",
-        "template",
-        "sarif",
-        "cyclonedx",
-        "spdx",
-        "spdx-json",
-        "github",
-        "cosign-vuln"
-      ],
-      "description": "format"
-    },
-    "report": {
-      "type": "string",
-      "enum": [
-        "all",
-        "summary"
-      ],
-      "description": "specify a report format for the output"
-    },
-    "template": {
-      "type": "string",
-      "description": "output template"
-    },
-    "dependency-tree": {
-      "type": "boolean",
-      "description": "[EXPERIMENTAL] show dependency origin tree of vulnerable packages"
-    },
-    "list-all-pkgs": {
-      "type": "boolean",
-      "description": "output all packages in the JSON report regardless of vulnerability"
-    },
-    "ignorefile": {
-      "type": "string",
-      "description": "specify .trivyignore file"
-    },
-    "ignore-policy": {
-      "type": "string",
-      "description": "specify the Rego file path to evaluate each vulnerability"
-    },
-    "exit-code": {
-      "type": "integer",
-      "description": "specify exit code when any security issues are found"
-    },
-    "exit-on-eol": {
-      "type": "integer",
-      "description": "exit with the specified code when the OS reaches end of service/life"
-    },
-    "output": {
-      "type": "string",
-      "description": "output file name"
-    },
-    "output-plugin-arg": {
-      "type": "string",
-      "description": "[EXPERIMENTAL] output plugin arguments"
-    },
-    "severity": {
-      "items": {
-        "type": "string"
-      },
-      "type": "array",
-      "enum": [
-        "UNKNOWN",
-        "LOW",
-        "MEDIUM",
-        "HIGH",
-        "CRITICAL"
-      ],
-      "description": "severities of security issues to be displayed"
-    },
-    "scan": {
-      "properties": {
-        "compliance": {
-          "type": "string",
-          "description": "compliance report to generate"
-        },
-        "show-suppressed": {
-          "type": "boolean",
-          "description": "[EXPERIMENTAL] show suppressed vulnerabilities"
-        },
-        "skip-dirs": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "specify the directories or glob patterns to skip"
-        },
-        "skip-files": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "specify the files or glob patterns to skip"
-        },
-        "offline": {
-          "type": "boolean",
-          "description": "do not issue API requests to identify dependencies"
-        },
-        "scanners": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "enum": [
-            "vuln",
-            "misconfig",
-            "secret",
-            "license"
-          ],
-          "description": "comma-separated list of what security issues to detect"
-        },
-        "file-patterns": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "specify config file patterns"
-        },
-        "parallel": {
-          "type": "integer",
-          "description": "number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism"
-        },
-        "sbom-sources": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "enum": [
-            "oci",
-            "rekor"
-          ],
-          "description": "[EXPERIMENTAL] try to retrieve SBOM from the specified sources"
-        },
-        "rekor-url": {
-          "type": "string",
-          "description": "[EXPERIMENTAL] address of rekor STL server"
-        },
-        "detection-priority": {
-          "type": "string",
-          "enum": [
-            "precise",
-            "comprehensive"
-          ],
-          "description": "specify the detection priority:\n  - \"precise\": Prioritizes precise by minimizing false positives.\n  - \"comprehensive\": Aims to detect more security findings at the cost of potential false positives.\n"
-        },
-        "distro": {
-          "type": "string",
-          "description": "[EXPERIMENTAL] specify a distribution, \u003cfamily\u003e/\u003cversion\u003e"
-        },
-        "skip-version-check": {
-          "type": "boolean",
-          "description": "suppress notices about version updates and Trivy announcements"
-        },
-        "disable-telemetry": {
-          "type": "boolean",
-          "description": "disable sending anonymous usage data to Aqua"
-        }
-      },
-      "type": "object"
-    },
-    "table-mode": {
-      "items": {
-        "type": "string"
-      },
-      "type": "array",
-      "enum": [
-        "summary",
-        "detailed"
-      ],
-      "description": "[EXPERIMENTAL] tables that will be displayed in 'table' format"
-    },
-    "repository": {
-      "properties": {
-        "branch": {
-          "type": "string",
-          "description": "pass the branch name to be scanned"
-        },
-        "commit": {
-          "type": "string",
-          "description": "pass the commit hash to be scanned"
-        },
-        "tag": {
-          "type": "string",
-          "description": "pass the tag name to be scanned"
-        }
-      },
-      "type": "object"
-    },
-    "secret": {
-      "properties": {
-        "config": {
-          "type": "string",
-          "description": "specify a path to config file for secret scanning"
-        }
-      },
-      "type": "object"
-    },
-    "vulnerability": {
-      "properties": {
-        "ignore-unfixed": {
-          "type": "boolean",
-          "description": "display only fixed vulnerabilities"
-        },
-        "ignore-status": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "enum": [
-            "unknown",
-            "not_affected",
-            "affected",
-            "fixed",
-            "under_investigation",
-            "will_not_fix",
-            "fix_deferred",
-            "end_of_life"
-          ],
-          "description": "comma-separated list of vulnerability status to ignore"
-        },
-        "vex": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "description": "[EXPERIMENTAL] VEX sources (\"repo\", \"oci\" or file path)"
-        },
-        "skip-vex-repo-update": {
-          "type": "boolean",
-          "description": "[EXPERIMENTAL] Skip VEX Repository update"
-        },
-        "severity-source": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array",
-          "enum": [
-            "nvd",
-            "redhat",
-            "redhat-oval",
-            "debian",
-            "ubuntu",
-            "alpine",
-            "amazon",
-            "oracle-oval",
-            "suse-cvrf",
-            "photon",
-            "arch-linux",
-            "alma",
-            "rocky",
-            "cbl-mariner",
-            "azure",
-            "ruby-advisory-db",
-            "php-security-advisories",
-            "nodejs-security-wg",
-            "ghsa",
-            "glad",
-            "aqua",
-            "osv",
-            "k8s",
-            "wolfi",
-            "chainguard",
-            "bitnami",
-            "govulndb",
-            "julia",
-            "echo",
-            "minimos",
-            "rootio",
-            "auto"
-          ],
-          "description": "order of data sources for selecting vulnerability severity level"
-        }
-      },
-      "type": "object"
-    }
-  },
-  "type": "object",
-  "title": "Trivy Configuration",
-  "description": "Configuration file for Trivy security scanner (trivy.yaml)"
-}