gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity

feat(plugin): specify plugin version (#6683)

Browse Source 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
This commit is contained in:
Teppei Fukuda
2024-05-17 13:29:19 +04:00
committed by GitHub
parent a944f0e4c5
commit d6dc56732b
26 changed files with 368 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/docs/plugin/developer-guide.md
View File

@@ -130,6 +130,16 @@ The following rules will apply in deciding which platform to select:
After determining platform, Trivy will download the execution file from `uri` and store it in the plugin cache.
When the plugin is called via Trivy CLI, `bin` command will be executed.
#### Tagging plugin repositories
If you are hosting your plugin in a Git repository, it is strongly recommended to tag your releases with a version number.
By tagging your releases, Trivy can install specific versions of your plugin.
```bash
$ trivy plugin install referrer@v0.3.0
```
When tagging versions, you must follow [the Semantic Versioning][semver] and prefix the tag with `v`, like `v1.2.3`.
#### Plugin arguments/flags
The plugin is responsible for handling flags and arguments.
Any arguments are passed to the plugin from the `trivy` command.

11
docs/docs/plugin/user-guide.md
View File

@@ -40,6 +40,8 @@ $ trivy plugin install referrer
This command will download the plugin and install it in the plugin cache.
Trivy adheres to the XDG specification, so the location depends on whether XDG_DATA_HOME is set.
Trivy will now search XDG_DATA_HOME for the location of the Trivy plugins cache.
The preference order is as follows:
@@ -56,6 +58,15 @@ $ trivy plugin install github.com/aquasecurity/trivy-plugin-kubectl
$ trivy plugin install myplugin.tar.gz
```
If the plugin's Git repository is [properly tagged](./developer-guide.md#tagging-plugin-repositories), you can specify the version to install like this:
```bash
$ trivy plugin install referrer@v0.3.0
```
!!! note
The leading `v` in the version is required. Also, the version must follow the [Semantic Versioning](https://semver.org/).
Under the hood Trivy leverages [go-getter][go-getter] to download plugins.
This means the following protocols are supported for downloading plugins:

13
docs/docs/references/configuration/cli/trivy_plugin_install.md
View File

@@ -6,6 +6,19 @@ Install a plugin
trivy plugin install NAME | URL | FILE_PATH
```
### Examples
```
# Install a plugin from the plugin index
$ trivy plugin install referrer
# Specify the version of the plugin to install
$ trivy plugin install referrer@v0.3.0
# Install a plugin from a URL
$ trivy plugin install github.com/aquasecurity/trivy-plugin-referrer
```
### Options
```