mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-12 15:50:15 -08:00
fix(misconf): Disable deprecated checks by default (#7632)
This commit is contained in:
simar7
@@ -31,7 +31,7 @@ trivy config [flags] DIR
|
||||
-h, --help help for config
|
||||
--ignore-policy string specify the Rego file path to evaluate each vulnerability
|
||||
--ignorefile string specify .trivyignore file (default ".trivyignore")
|
||||
--include-deprecated-checks include deprecated checks (default true)
|
||||
--include-deprecated-checks include deprecated checks
|
||||
--include-non-failures include successes and exceptions, available with '--scanners misconfig'
|
||||
--k8s-version string specify k8s version to validate outdated api by it (example: 1.21.0)
|
||||
--misconfig-scanners strings comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot])
|
||||
|
||||
@@ -53,7 +53,7 @@ trivy filesystem [flags] PATH
|
||||
--ignore-unfixed display only fixed vulnerabilities
|
||||
--ignored-licenses strings specify a list of license to ignore
|
||||
--ignorefile string specify .trivyignore file (default ".trivyignore")
|
||||
--include-deprecated-checks include deprecated checks (default true)
|
||||
--include-deprecated-checks include deprecated checks
|
||||
--include-dev-deps include development dependencies in the report (supported: npm, yarn)
|
||||
--include-non-failures include successes and exceptions, available with '--scanners misconfig'
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
|
||||
@@ -71,7 +71,7 @@ trivy image [flags] IMAGE_NAME
|
||||
--ignorefile string specify .trivyignore file (default ".trivyignore")
|
||||
--image-config-scanners strings comma-separated list of what security issues to detect on container image configurations (misconfig,secret)
|
||||
--image-src strings image source(s) to use, in priority order (docker,containerd,podman,remote) (default [docker,containerd,podman,remote])
|
||||
--include-deprecated-checks include deprecated checks (default true)
|
||||
--include-deprecated-checks include deprecated checks
|
||||
--include-non-failures include successes and exceptions, available with '--scanners misconfig'
|
||||
--input string input file path instead of image name
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
|
||||
@@ -66,7 +66,7 @@ trivy kubernetes [flags] [CONTEXT]
|
||||
--ignore-unfixed display only fixed vulnerabilities
|
||||
--ignorefile string specify .trivyignore file (default ".trivyignore")
|
||||
--image-src strings image source(s) to use, in priority order (docker,containerd,podman,remote) (default [docker,containerd,podman,remote])
|
||||
--include-deprecated-checks include deprecated checks (default true)
|
||||
--include-deprecated-checks include deprecated checks
|
||||
--include-kinds strings indicate the kinds included in scanning (example: node)
|
||||
--include-namespaces strings indicate the namespaces included in scanning (example: kube-system)
|
||||
--include-non-failures include successes and exceptions, available with '--scanners misconfig'
|
||||
|
||||
@@ -53,7 +53,7 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
|
||||
--ignore-unfixed display only fixed vulnerabilities
|
||||
--ignored-licenses strings specify a list of license to ignore
|
||||
--ignorefile string specify .trivyignore file (default ".trivyignore")
|
||||
--include-deprecated-checks include deprecated checks (default true)
|
||||
--include-deprecated-checks include deprecated checks
|
||||
--include-dev-deps include development dependencies in the report (supported: npm, yarn)
|
||||
--include-non-failures include successes and exceptions, available with '--scanners misconfig'
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
|
||||
@@ -56,7 +56,7 @@ trivy rootfs [flags] ROOTDIR
|
||||
--ignore-unfixed display only fixed vulnerabilities
|
||||
--ignored-licenses strings specify a list of license to ignore
|
||||
--ignorefile string specify .trivyignore file (default ".trivyignore")
|
||||
--include-deprecated-checks include deprecated checks (default true)
|
||||
--include-deprecated-checks include deprecated checks
|
||||
--include-non-failures include successes and exceptions, available with '--scanners misconfig'
|
||||
--java-db-repository strings OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
|
||||
--license-confidence-level float specify license classifier's confidence level (default 0.9)
|
||||
|
||||
@@ -479,7 +479,7 @@ rego:
|
||||
data: []
|
||||
|
||||
# Same as '--include-deprecated-checks'
|
||||
include-deprecated-checks: true
|
||||
include-deprecated-checks: false
|
||||
|
||||
# Same as '--check-namespaces'
|
||||
namespaces: []
|
||||
|
||||
@@ -11,7 +11,6 @@ var (
|
||||
Name: "include-deprecated-checks",
|
||||
ConfigName: "rego.include-deprecated-checks",
|
||||
Usage: "include deprecated checks",
|
||||
Default: true,
|
||||
}
|
||||
SkipCheckUpdateFlag = Flag[bool]{
|
||||
Name: "skip-check-update",
|
||||
|
||||
Reference in New Issue
Block a user