Documentation ¶
Index ¶
- Constants
- Variables
- type CacheFlagGroup
- type CacheOptions
- type DBFlagGroup
- type DBOptions
- type Flag
- type FlagGroup
- type Flags
- type GlobalFlagGroup
- type GlobalOptions
- type ImageFlagGroup
- type ImageOptions
- type K8sFlagGroup
- type K8sOptions
- type LicenseFlagGroup
- type LicenseOptions
- type MisconfFlagGroup
- type MisconfOptions
- type Options
- type RedisOptions
- type RemoteFlagGroup
- type RemoteOptions
- type RepoFlagGroup
- type RepoOptions
- type ReportFlagGroup
- type ReportOptions
- type SBOMFlagGroup
- type SBOMOptions
- type ScanFlagGroup
- type ScanOptions
- type SecretFlagGroup
- type SecretOptions
- type VulnerabilityFlagGroup
- type VulnerabilityOptions
Constants ¶
const (
DefaultTokenHeader = "Trivy-Token"
)
Variables ¶
var ( ClearCacheFlag = Flag{ Name: "clear-cache", ConfigName: "cache.clear", Value: false, Usage: "clear image caches without scanning", } CacheBackendFlag = Flag{ Name: "cache-backend", ConfigName: "cache.backend", Value: "fs", Usage: "cache backend (e.g. redis://localhost:6379)", } CacheTTLFlag = Flag{ Name: "cache-ttl", ConfigName: "cache.ttl", Value: time.Duration(0), Usage: "cache TTL when using redis as cache backend", } RedisCACertFlag = Flag{ Name: "redis-ca", ConfigName: "cache.redis.ca", Value: "", Usage: "redis ca file location, if using redis as cache backend", } RedisCertFlag = Flag{ Name: "redis-cert", ConfigName: "cache.redis.cert", Value: "", Usage: "redis certificate file location, if using redis as cache backend", } RedisKeyFlag = Flag{ Name: "redis-key", ConfigName: "cache.redis.key", Value: "", Usage: "redis key file location, if using redis as cache backend", } )
e.g. config yaml cache:
clear: true backend: "redis://localhost:6379" redis: ca: ca-cert.pem cert: cert.pem key: key.pem
var ( ResetFlag = Flag{ Name: "reset", ConfigName: "reset", Value: false, Usage: "remove all caches and database", } DownloadDBOnlyFlag = Flag{ Name: "download-db-only", ConfigName: "db.download-only", Value: false, Usage: "download/update vulnerability database but don't run a scan", } SkipDBUpdateFlag = Flag{ Name: "skip-db-update", ConfigName: "db.skip-update", Value: false, Usage: "skip updating vulnerability database", } NoProgressFlag = Flag{ Name: "no-progress", ConfigName: "db.no-progress", Value: false, Usage: "suppress progress bar", } DBRepositoryFlag = Flag{ Name: "db-repository", ConfigName: "db.repository", Value: defaultDBRepository, Usage: "OCI repository to retrieve trivy-db from\"", } LightFlag = Flag{ Name: "light", ConfigName: "db.light", Value: false, Usage: "deprecated", Deprecated: true, } )
var ( ConfigFileFlag = Flag{ Name: "config", ConfigName: "config", Shorthand: "c", Value: "trivy.yaml", Usage: "config path", Persistent: true, } ShowVersionFlag = Flag{ Name: "version", ConfigName: "version", Shorthand: "v", Value: false, Usage: "show version", Persistent: true, } QuietFlag = Flag{ Name: "quiet", ConfigName: "quiet", Shorthand: "q", Value: false, Usage: "suppress progress bar and log output", Persistent: true, } DebugFlag = Flag{ Name: "debug", ConfigName: "debug", Shorthand: "d", Value: false, Usage: "debug mode", Persistent: true, } InsecureFlag = Flag{ Name: "insecure", ConfigName: "insecure", Value: false, Usage: "allow insecure server connections when using TLS", Persistent: true, } TimeoutFlag = Flag{ Name: "timeout", ConfigName: "timeout", Value: time.Second * 300, Usage: "timeout", Persistent: true, } CacheDirFlag = Flag{ Name: "cache-dir", ConfigName: "cache.dir", Value: utils.DefaultCacheDir(), Usage: "cache directory", Persistent: true, } GenerateDefaultConfigFlag = Flag{ Name: "generate-default-config", ConfigName: "generate-default-config", Value: false, Usage: "write the default config to trivy-default.yaml", Persistent: true, } )
var ( ScanRemovedPkgsFlag = Flag{ Name: "removed-pkgs", ConfigName: "image.removed-pkgs", Value: false, Usage: "detect vulnerabilities of removed packages (only for Alpine)", } InputFlag = Flag{ Name: "input", ConfigName: "image.input", Value: "", Usage: "input file path instead of image name", } )
var ( ClusterContextFlag = Flag{ Name: "context", ConfigName: "kubernetes.context", Value: "", Usage: "specify a context to scan", } K8sNamespaceFlag = Flag{ Name: "namespace", ConfigName: "kubernetes.namespace", Shorthand: "n", Value: "", Usage: "specify a namespace to scan", } )
var ( LicenseFull = Flag{ Name: "license-full", ConfigName: "license.full", Value: false, Usage: "eagerly look for licenses in source code headers and license files", } IgnoredLicenses = Flag{ Name: "ignored-licenses", ConfigName: "license.ignored", Value: []string{}, Usage: "specify a list of license to ignore", } // LicenseForbidden is an option only in a config file LicenseForbidden = Flag{ ConfigName: "license.forbidden", Value: licensing.ForbiddenLicenses, Usage: "forbidden licenses", } // LicenseRestricted is an option only in a config file LicenseRestricted = Flag{ ConfigName: "license.restricted", Value: licensing.RestrictedLicenses, Usage: "restricted licenses", } // LicenseReciprocal is an option only in a config file LicenseReciprocal = Flag{ ConfigName: "license.reciprocal", Value: licensing.ReciprocalLicenses, Usage: "reciprocal licenses", } // LicenseNotice is an option only in a config file LicenseNotice = Flag{ ConfigName: "license.notice", Value: licensing.NoticeLicenses, Usage: "notice licenses", } // LicensePermissive is an option only in a config file LicensePermissive = Flag{ ConfigName: "license.permissive", Value: licensing.PermissiveLicenses, Usage: "permissive licenses", } // LicenseUnencumbered is an option only in a config file LicenseUnencumbered = Flag{ ConfigName: "license.unencumbered", Value: licensing.UnencumberedLicenses, Usage: "unencumbered licenses", } )
var ( FilePatternsFlag = Flag{ Name: "file-patterns", ConfigName: "misconfiguration.file-patterns", Value: []string{}, Usage: "specify config file patterns, available with '--security-checks config'", } IncludeNonFailuresFlag = Flag{ Name: "include-non-failures", ConfigName: "misconfiguration.include-non-failures", Value: false, Usage: "include successes and exceptions, available with '--security-checks config'", } SkipPolicyUpdateFlag = Flag{ Name: "skip-policy-update", ConfigName: "misconfiguration.skip-policy-update", Value: false, Usage: "deprecated", Deprecated: true, } TraceFlag = Flag{ Name: "trace", ConfigName: "misconfiguration.trace", Value: false, Usage: "enable more verbose trace output for custom queries", } ConfigPolicyFlag = Flag{ Name: "config-policy", ConfigName: "misconfiguration.policy", Value: []string{}, Usage: "specify paths to the Rego policy files directory, applying config files", } ConfigDataFlag = Flag{ Name: "config-data", ConfigName: "misconfiguration.data", Value: []string{}, Usage: "specify paths from which data for the Rego policies will be recursively loaded", } PolicyNamespaceFlag = Flag{ Name: "policy-namespaces", ConfigName: "misconfiguration.namespaces", Value: []string{}, Usage: "Rego namespaces", } )
e.g. config yaml misconfiguration:
trace: true config-policy: "custom-policy/policy" policy-namespaces: "user"
var ( ServerTokenFlag = Flag{ Name: "token", ConfigName: "server.token", Value: "", Usage: "for authentication in client/server mode", } ServerTokenHeaderFlag = Flag{ Name: "token-header", ConfigName: "server.token-header", Value: DefaultTokenHeader, Usage: "specify a header name for token in client/server mode", } ServerAddrFlag = Flag{ Name: "server", ConfigName: "server.addr", Value: "", Usage: "server address in client mode", } ServerCustomHeadersFlag = Flag{ Name: "custom-headers", ConfigName: "server.custom-headers", Value: []string{}, Usage: "custom headers in client mode", } ServerListenFlag = Flag{ Name: "listen", ConfigName: "server.listen", Value: "localhost:4954", Usage: "listen address in server mode", } )
var ( FetchBranchFlag = Flag{ Name: "branch", ConfigName: "repository.branch", Value: "", Usage: "pass the branch name to be scanned", } FetchCommitFlag = Flag{ Name: "commit", ConfigName: "repository.commit", Value: "", Usage: "pass the commit hash to be scanned", } FetchTagFlag = Flag{ Name: "tag", ConfigName: "repository.tag", Value: "", Usage: "pass the tag name to be scanned", } )
var ( FormatFlag = Flag{ Name: "format", ConfigName: "format", Shorthand: "f", Value: report.FormatTable, Usage: "format (table, json, sarif, template, cyclonedx, spdx, spdx-json, github)", } ReportFormatFlag = Flag{ Name: "report", ConfigName: "report", Value: "all", Usage: "specify a report format for the output. (all,summary)", } TemplateFlag = Flag{ Name: "template", ConfigName: "template", Shorthand: "t", Value: "", Usage: "output template", } DependencyTreeFlag = Flag{ Name: "dependency-tree", ConfigName: "dependency-tree", Value: false, Usage: "show dependency origin tree (EXPERIMENTAL)", } ListAllPkgsFlag = Flag{ Name: "list-all-pkgs", ConfigName: "list-all-pkgs", Value: false, Usage: "enabling the option will output all packages regardless of vulnerability", } IgnoreFileFlag = Flag{ Name: "ignorefile", ConfigName: "ignorefile", Value: result.DefaultIgnoreFile, Usage: "specify .trivyignore file", } IgnorePolicyFlag = Flag{ Name: "ignore-policy", ConfigName: "ignore-policy", Value: "", Usage: "specify the Rego file path to evaluate each vulnerability", } ExitCodeFlag = Flag{ Name: "exit-code", ConfigName: "exit-code", Value: 0, Usage: "specify exit code when any security issues are found", } OutputFlag = Flag{ Name: "output", ConfigName: "output", Shorthand: "o", Value: "", Usage: "output file name", } SeverityFlag = Flag{ Name: "severity", ConfigName: "severity", Shorthand: "s", Value: strings.Join(dbTypes.SeverityNames, ","), Usage: "severities of security issues to be displayed (comma separated)", } )
e.g. config yaml report:
format: table dependency-tree: true exit-code: 1 severity: HIGH,CRITICAL
var ( ArtifactTypeFlag = Flag{ Name: "artifact-type", ConfigName: "sbom.artifact-type", Value: "", Usage: "deprecated", Deprecated: true, } SBOMFormatFlag = Flag{ Name: "sbom-format", ConfigName: "sbom.format", Value: "", Usage: "deprecated", Deprecated: true, } )
var ( SkipDirsFlag = Flag{ Name: "skip-dirs", ConfigName: "scan.skip-dirs", Value: []string{}, Usage: "specify the directories where the traversal is skipped", } SkipFilesFlag = Flag{ Name: "skip-files", ConfigName: "scan.skip-files", Value: []string{}, Usage: "specify the file paths to skip traversal", } OfflineScanFlag = Flag{ Name: "offline-scan", ConfigName: "scan.offline", Value: false, Usage: "do not issue API requests to identify dependencies", } SecurityChecksFlag = Flag{ Name: "security-checks", ConfigName: "scan.security-checks", Value: fmt.Sprintf("%s,%s", types.SecurityCheckVulnerability, types.SecurityCheckSecret), Usage: "comma-separated list of what security issues to detect (vuln,config,secret)", } )
var ( VulnTypeFlag = Flag{ Name: "vuln-type", ConfigName: "vulnerability.type", Value: strings.Join([]string{types.VulnTypeOS, types.VulnTypeLibrary}, ","), Usage: "comma-separated list of vulnerability types (os,library)", } IgnoreUnfixedFlag = Flag{ Name: "ignore-unfixed", ConfigName: "vulnerability.ignore-unfixed", Value: false, Usage: "display only fixed vulnerabilities", } )
var (
SecretConfigFlag = Flag{
Name: "secret-config",
ConfigName: "secret.config",
Value: "trivy-secret.yaml",
Usage: "specify a path to config file for secret scanning",
}
)
Functions ¶
This section is empty.
Types ¶
type CacheFlagGroup ¶
type CacheFlagGroup struct { ClearCache *Flag CacheBackend *Flag CacheTTL *Flag RedisCACert *Flag RedisCert *Flag RedisKey *Flag }
CacheFlagGroup composes common printer flag structs used for commands requiring cache logic.
func NewCacheFlagGroup ¶
func NewCacheFlagGroup() *CacheFlagGroup
NewCacheFlagGroup returns a default CacheFlagGroup
func (*CacheFlagGroup) Flags ¶
func (fg *CacheFlagGroup) Flags() []*Flag
func (*CacheFlagGroup) Name ¶
func (fg *CacheFlagGroup) Name() string
func (*CacheFlagGroup) ToOptions ¶
func (fg *CacheFlagGroup) ToOptions() (CacheOptions, error)
type CacheOptions ¶
type CacheOptions struct { ClearCache bool CacheBackend string CacheTTL time.Duration RedisOptions }
func (*CacheOptions) CacheBackendMasked ¶
func (o *CacheOptions) CacheBackendMasked() string
CacheBackendMasked returns the redis connection string masking credentials
type DBFlagGroup ¶
type DBFlagGroup struct { Reset *Flag DownloadDBOnly *Flag SkipDBUpdate *Flag NoProgress *Flag DBRepository *Flag Light *Flag // deprecated }
DBFlagGroup composes common printer flag structs used for commands requiring DB logic.
func NewDBFlagGroup ¶
func NewDBFlagGroup() *DBFlagGroup
NewDBFlagGroup returns a default DBFlagGroup
func (*DBFlagGroup) Flags ¶
func (f *DBFlagGroup) Flags() []*Flag
func (*DBFlagGroup) Name ¶
func (f *DBFlagGroup) Name() string
func (*DBFlagGroup) ToOptions ¶
func (f *DBFlagGroup) ToOptions() (DBOptions, error)
type Flag ¶
type Flag struct { // Name is for CLI flag and environment variable. // If this field is empty, it will be available only in config file. Name string // ConfigName is a key in config file. It is also used as a key of viper. ConfigName string // Shorthand is a shorthand letter. Shorthand string // Value is the default value. It must be filled to determine the flag type. Value interface{} // Usage explains how to use the flag. Usage string // Persistent represents if the flag is persistent Persistent bool // Deprecated represents if the flag is deprecated Deprecated bool }
type Flags ¶
type Flags struct { CacheFlagGroup *CacheFlagGroup DBFlagGroup *DBFlagGroup ImageFlagGroup *ImageFlagGroup K8sFlagGroup *K8sFlagGroup LicenseFlagGroup *LicenseFlagGroup MisconfFlagGroup *MisconfFlagGroup RemoteFlagGroup *RemoteFlagGroup RepoFlagGroup *RepoFlagGroup ReportFlagGroup *ReportFlagGroup SBOMFlagGroup *SBOMFlagGroup ScanFlagGroup *ScanFlagGroup SecretFlagGroup *SecretFlagGroup VulnerabilityFlagGroup *VulnerabilityFlagGroup }
type GlobalFlagGroup ¶
type GlobalFlagGroup struct { ConfigFile *Flag ShowVersion *Flag // spf13/cobra can't override the logic of version printing like VersionPrinter in urfave/cli. -v needs to be defined ourselves. Quiet *Flag Debug *Flag Insecure *Flag Timeout *Flag CacheDir *Flag GenerateDefaultConfig *Flag }
GlobalFlagGroup composes global flags
func NewGlobalFlagGroup ¶
func NewGlobalFlagGroup() *GlobalFlagGroup
func (*GlobalFlagGroup) AddFlags ¶
func (f *GlobalFlagGroup) AddFlags(cmd *cobra.Command)
func (*GlobalFlagGroup) ToOptions ¶
func (f *GlobalFlagGroup) ToOptions() GlobalOptions
type GlobalOptions ¶
type GlobalOptions struct { ConfigFile string ShowVersion bool Quiet bool Debug bool Insecure bool Timeout time.Duration CacheDir string GenerateDefaultConfig bool }
GlobalOptions defines flags and other configuration parameters for all the subcommands
type ImageFlagGroup ¶
func NewImageFlagGroup ¶
func NewImageFlagGroup() *ImageFlagGroup
func (*ImageFlagGroup) Flags ¶
func (f *ImageFlagGroup) Flags() []*Flag
func (*ImageFlagGroup) Name ¶
func (f *ImageFlagGroup) Name() string
func (*ImageFlagGroup) ToOptions ¶
func (f *ImageFlagGroup) ToOptions() ImageOptions
type ImageOptions ¶
type K8sFlagGroup ¶
func NewK8sFlagGroup ¶
func NewK8sFlagGroup() *K8sFlagGroup
func (*K8sFlagGroup) Flags ¶
func (f *K8sFlagGroup) Flags() []*Flag
func (*K8sFlagGroup) Name ¶
func (f *K8sFlagGroup) Name() string
func (*K8sFlagGroup) ToOptions ¶
func (f *K8sFlagGroup) ToOptions() K8sOptions
type K8sOptions ¶
type LicenseFlagGroup ¶
type LicenseFlagGroup struct { LicenseFull *Flag IgnoredLicenses *Flag // License Categories LicenseForbidden *Flag // mapped to CRITICAL LicenseRestricted *Flag // mapped to HIGH LicenseReciprocal *Flag // mapped to MEDIUM LicenseNotice *Flag // mapped to LOW LicensePermissive *Flag // mapped to LOW LicenseUnencumbered *Flag // mapped to LOW }
func NewLicenseFlagGroup ¶
func NewLicenseFlagGroup() *LicenseFlagGroup
func (*LicenseFlagGroup) Flags ¶
func (f *LicenseFlagGroup) Flags() []*Flag
func (*LicenseFlagGroup) Name ¶
func (f *LicenseFlagGroup) Name() string
func (*LicenseFlagGroup) ToOptions ¶
func (f *LicenseFlagGroup) ToOptions() LicenseOptions
type LicenseOptions ¶
type MisconfFlagGroup ¶
type MisconfFlagGroup struct { FilePatterns *Flag IncludeNonFailures *Flag SkipPolicyUpdate *Flag // deprecated Trace *Flag // Rego PolicyPaths *Flag DataPaths *Flag PolicyNamespaces *Flag }
MisconfFlagGroup composes common printer flag structs used for commands providing misconfinguration scanning.
func NewMisconfFlagGroup ¶
func NewMisconfFlagGroup() *MisconfFlagGroup
func (*MisconfFlagGroup) Flags ¶
func (f *MisconfFlagGroup) Flags() []*Flag
func (*MisconfFlagGroup) Name ¶
func (f *MisconfFlagGroup) Name() string
func (*MisconfFlagGroup) ToOptions ¶
func (f *MisconfFlagGroup) ToOptions() (MisconfOptions, error)
type MisconfOptions ¶
type Options ¶
type Options struct { GlobalOptions CacheOptions DBOptions ImageOptions K8sOptions LicenseOptions MisconfOptions RemoteOptions RepoOptions ReportOptions SBOMOptions ScanOptions SecretOptions VulnerabilityOptions // Trivy's version, not populated via CLI flags AppVersion string // We don't want to allow disabled analyzers to be passed by users, but it is necessary for internal use. DisabledAnalyzers []analyzer.Type }
Options holds all the runtime configuration
type RedisOptions ¶
RedisOptions holds the options for redis cache
type RemoteFlagGroup ¶
type RemoteFlagGroup struct { // for client/server Token *Flag TokenHeader *Flag // for client ServerAddr *Flag CustomHeaders *Flag // for server Listen *Flag }
RemoteFlagGroup composes common printer flag structs used for commands requiring reporting logic.
func NewClientFlags ¶
func NewClientFlags() *RemoteFlagGroup
func NewServerFlags ¶
func NewServerFlags() *RemoteFlagGroup
func (*RemoteFlagGroup) Flags ¶
func (f *RemoteFlagGroup) Flags() []*Flag
func (*RemoteFlagGroup) Name ¶
func (f *RemoteFlagGroup) Name() string
func (*RemoteFlagGroup) ToOptions ¶
func (f *RemoteFlagGroup) ToOptions() RemoteOptions
type RemoteOptions ¶
type RepoFlagGroup ¶ added in v0.30.1
func NewRepoFlagGroup ¶ added in v0.30.1
func NewRepoFlagGroup() *RepoFlagGroup
func (*RepoFlagGroup) Flags ¶ added in v0.30.1
func (f *RepoFlagGroup) Flags() []*Flag
func (*RepoFlagGroup) Name ¶ added in v0.30.1
func (f *RepoFlagGroup) Name() string
func (*RepoFlagGroup) ToOptions ¶ added in v0.30.1
func (f *RepoFlagGroup) ToOptions() RepoOptions
type RepoOptions ¶ added in v0.30.1
type ReportFlagGroup ¶
type ReportFlagGroup struct { Format *Flag ReportFormat *Flag Template *Flag DependencyTree *Flag ListAllPkgs *Flag IgnoreFile *Flag IgnorePolicy *Flag ExitCode *Flag Output *Flag Severity *Flag }
ReportFlagGroup composes common printer flag structs used for commands requiring reporting logic.
func NewReportFlagGroup ¶
func NewReportFlagGroup() *ReportFlagGroup
func (*ReportFlagGroup) Flags ¶
func (f *ReportFlagGroup) Flags() []*Flag
func (*ReportFlagGroup) Name ¶
func (f *ReportFlagGroup) Name() string
func (*ReportFlagGroup) ToOptions ¶
func (f *ReportFlagGroup) ToOptions(out io.Writer) (ReportOptions, error)
type ReportOptions ¶
type SBOMFlagGroup ¶
func NewSBOMFlagGroup ¶
func NewSBOMFlagGroup() *SBOMFlagGroup
func (*SBOMFlagGroup) Flags ¶
func (f *SBOMFlagGroup) Flags() []*Flag
func (*SBOMFlagGroup) Name ¶
func (f *SBOMFlagGroup) Name() string
func (*SBOMFlagGroup) ToOptions ¶
func (f *SBOMFlagGroup) ToOptions() (SBOMOptions, error)
type SBOMOptions ¶
type ScanFlagGroup ¶
func NewScanFlagGroup ¶
func NewScanFlagGroup() *ScanFlagGroup
func (*ScanFlagGroup) Flags ¶
func (f *ScanFlagGroup) Flags() []*Flag
func (*ScanFlagGroup) Name ¶
func (f *ScanFlagGroup) Name() string
func (*ScanFlagGroup) ToOptions ¶
func (f *ScanFlagGroup) ToOptions(args []string) ScanOptions
type ScanOptions ¶
type SecretFlagGroup ¶
type SecretFlagGroup struct {
SecretConfig *Flag
}
func NewSecretFlagGroup ¶
func NewSecretFlagGroup() *SecretFlagGroup
func (*SecretFlagGroup) Flags ¶
func (f *SecretFlagGroup) Flags() []*Flag
func (*SecretFlagGroup) Name ¶
func (f *SecretFlagGroup) Name() string
func (*SecretFlagGroup) ToOptions ¶
func (f *SecretFlagGroup) ToOptions() SecretOptions
type SecretOptions ¶
type SecretOptions struct {
SecretConfigPath string
}
type VulnerabilityFlagGroup ¶
func NewVulnerabilityFlagGroup ¶
func NewVulnerabilityFlagGroup() *VulnerabilityFlagGroup
func (*VulnerabilityFlagGroup) Flags ¶
func (f *VulnerabilityFlagGroup) Flags() []*Flag
func (*VulnerabilityFlagGroup) Name ¶
func (f *VulnerabilityFlagGroup) Name() string
func (*VulnerabilityFlagGroup) ToOptions ¶
func (f *VulnerabilityFlagGroup) ToOptions() VulnerabilityOptions