gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity

ci: check CLI references (#3967)

Browse Source
This commit is contained in:
Teppei Fukuda
2023-04-03 07:57:08 +03:00
committed by GitHub
parent 70f507e1af
commit cf2f0b2d1c
27 changed files with 114 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/test.yaml vendored
View File

@@ -51,6 +51,15 @@ jobs:
with:
aqua_version: v1.25.0
- name: Check if CLI references are up-to-date
run: |
mage docs:generate
if [ -n "$(git status --porcelain)" ]; then
echo "Run 'mage docs:generate' and push it"
exit 1
fi
if: matrix.operating-system == 'ubuntu-latest'
- name: Run unit tests
run: mage test:unit

7
docs/community/contribute/pr.md
View File

@@ -51,6 +51,13 @@ $ mage test:integration
```
### Documentation
If you update CLI flags, you need to generate the CLI references.
The test will fail if they are not up-to-date.
```shell
$ mage docs:generate
```
You can build the documents as below and view it at http://localhost:8000.
```

5
docs/docs/references/cli/trivy.md
View File

@@ -29,13 +29,13 @@ trivy [global flags] command [flags] target
### Options
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
-f, --format string version format (json)
--generate-default-config write the default config to trivy-default.yaml
-h, --help help for trivy
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -57,4 +57,3 @@ trivy [global flags] command [flags] target
* [trivy version](trivy_version.md) - Print the version
* [trivy vm](trivy_vm.md) - [EXPERIMENTAL] Scan a virtual machine image
###### Auto generated by spf13/cobra on 16-Mar-2023

5
docs/docs/references/cli/trivy_aws.md
View File

@@ -100,11 +100,11 @@ trivy aws [flags]
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -114,4 +114,3 @@ trivy aws [flags]
* [trivy](trivy.md) - Unified security scanner
###### Auto generated by spf13/cobra on 16-Mar-2023

11
docs/docs/references/cli/trivy_config.md
View File

@@ -26,12 +26,15 @@ trivy config [flags] DIR
--ignorefile string specify .trivyignore file (default ".trivyignore")
--include-non-failures include successes and exceptions, available with '--scanners config'
--k8s-version string specify k8s version to validate outdated api by it (example: 1.21.0)
--module-dir string specify directory to the wasm modules that will be loaded (default "/home/shubham/.trivy/modules")
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal
@@ -39,16 +42,17 @@ trivy config [flags] DIR
-t, --template string output template
--tf-vars strings specify paths to override the Terraform tfvars files
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
```
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -58,4 +62,3 @@ trivy config [flags] DIR
* [trivy](trivy.md) - Unified security scanner
###### Auto generated by spf13/cobra on 16-Mar-2023

13
docs/docs/references/cli/trivy_filesystem.md
View File

@@ -46,17 +46,20 @@ trivy filesystem [flags] PATH
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--license-full eagerly look for licenses in source code headers and license files
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "/home/shubham/.trivy/modules")
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--reset remove all caches and database
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (rekor)
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
@@ -72,17 +75,18 @@ trivy filesystem [flags] PATH
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vuln-type string comma-separated list of vulnerability types (os,library) (default "os,library")
```
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -92,4 +96,3 @@ trivy filesystem [flags] PATH
* [trivy](trivy.md) - Unified security scanner
###### Auto generated by spf13/cobra on 16-Mar-2023

13
docs/docs/references/cli/trivy_image.md
View File

@@ -65,20 +65,23 @@ trivy image [flags] IMAGE_NAME
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--license-full eagerly look for licenses in source code headers and license files
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "/home/shubham/.trivy/modules")
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--platform string set platform in the form os/arch if image is multi-platform capable
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--removed-pkgs detect vulnerabilities of removed packages (only for Alpine)
--report string specify a format for the compliance report. (default "summary")
--reset remove all caches and database
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (rekor)
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
@@ -94,17 +97,18 @@ trivy image [flags] IMAGE_NAME
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vuln-type string comma-separated list of vulnerability types (os,library) (default "os,library")
```
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -114,4 +118,3 @@ trivy image [flags] IMAGE_NAME
* [trivy](trivy.md) - Unified security scanner
###### Auto generated by spf13/cobra on 16-Mar-2023

10
docs/docs/references/cli/trivy_kubernetes.md
View File

@@ -61,14 +61,16 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--parallel int number (between 1-20) of goroutines enabled for parallel scanning (default 5)
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--report string specify a report format for the output. (all,summary) (default "all")
--reset remove all caches and database
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (rekor)
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners string comma-separated list of what security issues to detect (vuln,config,secret,license) (default "vuln,config,secret,rbac")
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
@@ -80,6 +82,7 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
--slow scan over time with lower CPU and memory utilization
-t, --template string output template
--tf-vars strings specify paths to override the Terraform tfvars files
--tolerations strings specify node-collector job tolerations (example: key1=value1:NoExecute,key2=value2:NoSchedule)
--trace enable more verbose trace output for custom queries
--vuln-type string comma-separated list of vulnerability types (os,library) (default "os,library")
```
@@ -87,11 +90,11 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -101,4 +104,3 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
* [trivy](trivy.md) - Unified security scanner
###### Auto generated by spf13/cobra on 16-Mar-2023

7
docs/docs/references/cli/trivy_module.md
View File

@@ -7,17 +7,17 @@ Manage modules
```
--enable-modules strings [EXPERIMENTAL] module names to enable
-h, --help help for module
--module-dir string specify directory to the wasm modules that will be loaded (default "/home/shubham/.trivy/modules")
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
```
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -29,4 +29,3 @@ Manage modules
* [trivy module install](trivy_module_install.md) - Install a module
* [trivy module uninstall](trivy_module_uninstall.md) - Uninstall a module
###### Auto generated by spf13/cobra on 16-Mar-2023

7
docs/docs/references/cli/trivy_module_install.md
View File

@@ -15,13 +15,13 @@ trivy module install [flags] REPOSITORY
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--enable-modules strings [EXPERIMENTAL] module names to enable
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--module-dir string specify directory to the wasm modules that will be loaded (default "/home/shubham/.trivy/modules")
--insecure allow insecure server connections
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -31,4 +31,3 @@ trivy module install [flags] REPOSITORY
* [trivy module](trivy_module.md) - Manage modules
###### Auto generated by spf13/cobra on 16-Mar-2023

7
docs/docs/references/cli/trivy_module_uninstall.md
View File

@@ -15,13 +15,13 @@ trivy module uninstall [flags] REPOSITORY
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--enable-modules strings [EXPERIMENTAL] module names to enable
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--module-dir string specify directory to the wasm modules that will be loaded (default "/home/shubham/.trivy/modules")
--insecure allow insecure server connections
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -31,4 +31,3 @@ trivy module uninstall [flags] REPOSITORY
* [trivy module](trivy_module.md) - Manage modules
###### Auto generated by spf13/cobra on 16-Mar-2023

5
docs/docs/references/cli/trivy_plugin.md
View File

@@ -11,11 +11,11 @@ Manage plugins
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -31,4 +31,3 @@ Manage plugins
* [trivy plugin uninstall](trivy_plugin_uninstall.md) - Uninstall a plugin
* [trivy plugin update](trivy_plugin_update.md) - Update an existing plugin
###### Auto generated by spf13/cobra on 16-Mar-2023

5
docs/docs/references/cli/trivy_plugin_info.md
View File

@@ -15,11 +15,11 @@ trivy plugin info PLUGIN_NAME
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -29,4 +29,3 @@ trivy plugin info PLUGIN_NAME
* [trivy plugin](trivy_plugin.md) - Manage plugins
###### Auto generated by spf13/cobra on 16-Mar-2023

5
docs/docs/references/cli/trivy_plugin_install.md
View File

@@ -15,11 +15,11 @@ trivy plugin install URL | FILE_PATH
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -29,4 +29,3 @@ trivy plugin install URL | FILE_PATH
* [trivy plugin](trivy_plugin.md) - Manage plugins
###### Auto generated by spf13/cobra on 16-Mar-2023

5
docs/docs/references/cli/trivy_plugin_list.md
View File

@@ -15,11 +15,11 @@ trivy plugin list
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -29,4 +29,3 @@ trivy plugin list
* [trivy plugin](trivy_plugin.md) - Manage plugins
###### Auto generated by spf13/cobra on 16-Mar-2023

5
docs/docs/references/cli/trivy_plugin_run.md
View File

@@ -15,11 +15,11 @@ trivy plugin run URL | FILE_PATH
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -29,4 +29,3 @@ trivy plugin run URL | FILE_PATH
* [trivy plugin](trivy_plugin.md) - Manage plugins
###### Auto generated by spf13/cobra on 16-Mar-2023

5
docs/docs/references/cli/trivy_plugin_uninstall.md
View File

@@ -15,11 +15,11 @@ trivy plugin uninstall PLUGIN_NAME
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -29,4 +29,3 @@ trivy plugin uninstall PLUGIN_NAME
* [trivy plugin](trivy_plugin.md) - Manage plugins
###### Auto generated by spf13/cobra on 16-Mar-2023

5
docs/docs/references/cli/trivy_plugin_update.md
View File

@@ -15,11 +15,11 @@ trivy plugin update PLUGIN_NAME
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -29,4 +29,3 @@ trivy plugin update PLUGIN_NAME
* [trivy plugin](trivy_plugin.md) - Manage plugins
###### Auto generated by spf13/cobra on 16-Mar-2023

13
docs/docs/references/cli/trivy_repository.md
View File

@@ -45,17 +45,20 @@ trivy repository [flags] REPO_URL
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--license-full eagerly look for licenses in source code headers and license files
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "/home/shubham/.trivy/modules")
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--reset remove all caches and database
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (rekor)
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
@@ -72,17 +75,18 @@ trivy repository [flags] REPO_URL
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vuln-type string comma-separated list of vulnerability types (os,library) (default "os,library")
```
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -92,4 +96,3 @@ trivy repository [flags] REPO_URL
* [trivy](trivy.md) - Unified security scanner
###### Auto generated by spf13/cobra on 16-Mar-2023

13
docs/docs/references/cli/trivy_rootfs.md
View File

@@ -50,17 +50,20 @@ trivy rootfs [flags] ROOTDIR
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--license-full eagerly look for licenses in source code headers and license files
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "/home/shubham/.trivy/modules")
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--reset remove all caches and database
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (rekor)
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
@@ -76,17 +79,18 @@ trivy rootfs [flags] ROOTDIR
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vuln-type string comma-separated list of vulnerability types (os,library) (default "os,library")
```
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -96,4 +100,3 @@ trivy rootfs [flags] ROOTDIR
* [trivy](trivy.md) - Unified security scanner
###### Auto generated by spf13/cobra on 16-Mar-2023

8
docs/docs/references/cli/trivy_sbom.md
View File

@@ -47,9 +47,10 @@ trivy sbom [flags] SBOM_PATH
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--reset remove all caches and database
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (rekor)
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--server string server address in client mode
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
@@ -67,11 +68,11 @@ trivy sbom [flags] SBOM_PATH
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -81,4 +82,3 @@ trivy sbom [flags] SBOM_PATH
* [trivy](trivy.md) - Unified security scanner
###### Auto generated by spf13/cobra on 16-Mar-2023

8
docs/docs/references/cli/trivy_server.md
View File

@@ -30,11 +30,12 @@ trivy server [flags]
-h, --help help for server
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--listen string listen address in server mode (default "localhost:4954")
--module-dir string specify directory to the wasm modules that will be loaded (default "/home/shubham/.trivy/modules")
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--reset remove all caches and database
--skip-db-update skip updating vulnerability database
--skip-java-db-update skip updating Java index database
@@ -45,11 +46,11 @@ trivy server [flags]
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -59,4 +60,3 @@ trivy server [flags]
* [trivy](trivy.md) - Unified security scanner
###### Auto generated by spf13/cobra on 16-Mar-2023

5
docs/docs/references/cli/trivy_version.md
View File

@@ -16,11 +16,11 @@ trivy version [flags]
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -30,4 +30,3 @@ trivy version [flags]
* [trivy](trivy.md) - Unified security scanner
###### Auto generated by spf13/cobra on 16-Mar-2023

10
docs/docs/references/cli/trivy_vm.md
View File

@@ -48,16 +48,17 @@ trivy vm [flags] VM_IMAGE
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--license-full eagerly look for licenses in source code headers and license files
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "/home/shubham/.trivy/modules")
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--reset remove all caches and database
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (rekor)
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
@@ -77,11 +78,11 @@ trivy vm [flags] VM_IMAGE
### Options inherited from parent commands
```
--cache-dir string cache directory (default "/home/shubham/.cache/trivy")
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
--generate-default-config write the default config to trivy-default.yaml
--insecure allow insecure server connections when using TLS
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
@@ -91,4 +92,3 @@ trivy vm [flags] VM_IMAGE
* [trivy](trivy.md) - Unified security scanner
###### Auto generated by spf13/cobra on 16-Mar-2023

5
magefiles/magefile.go
View File

@@ -15,6 +15,7 @@ import (
"github.com/spf13/cobra/doc"
"github.com/aquasecurity/trivy/pkg/commands"
"github.com/aquasecurity/trivy/pkg/flag"
)
var (
@@ -363,6 +364,10 @@ func (Docs) Generate() error {
if err != nil {
return err
}
// Set a dummy path for the documents
flag.CacheDirFlag.Value = "/path/to/cache"
flag.ModuleDirFlag.Value = "$HOME/.trivy/modules"
cmd := commands.NewApp(ver)
cmd.DisableAutoGenTag = true
if err = doc.GenMarkdownTree(cmd, "./docs/docs/references/cli"); err != nil {

2
pkg/flag/global_flags.go
View File

@@ -59,7 +59,7 @@ var (
CacheDirFlag = Flag{
Name: "cache-dir",
ConfigName: "cache.dir",
Value: fsutils.DefaultCacheDir(),
Value: fsutils.CacheDir(),
Usage: "cache directory",
Persistent: true,
}

7
pkg/utils/fsutils/fs.go
View File

@@ -18,8 +18,8 @@ const (
var cacheDir string
// DefaultCacheDir returns/creates the cache-dir to be used for trivy operations
func DefaultCacheDir() string {
// defaultCacheDir returns/creates the cache-dir to be used for trivy operations
func defaultCacheDir() string {
tmpDir, err := os.UserCacheDir()
if err != nil {
tmpDir = os.TempDir()
@@ -29,6 +29,9 @@ func DefaultCacheDir() string {
// CacheDir returns the directory used for caching
func CacheDir() string {
if cacheDir == "" {
return defaultCacheDir()
}
return cacheDir
}