flag

package
v0.34.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 31, 2022 License: Apache-2.0 Imports: 21 Imported by: 31

Documentation

Index

Constants

View Source
const (
	DefaultTokenHeader = "Trivy-Token"
)

Variables

View Source
var (
	ClearCacheFlag = Flag{
		Name:       "clear-cache",
		ConfigName: "cache.clear",
		Value:      false,
		Usage:      "clear image caches without scanning",
	}
	CacheBackendFlag = Flag{
		Name:       "cache-backend",
		ConfigName: "cache.backend",
		Value:      "fs",
		Usage:      "cache backend (e.g. redis://localhost:6379)",
	}
	CacheTTLFlag = Flag{
		Name:       "cache-ttl",
		ConfigName: "cache.ttl",
		Value:      time.Duration(0),
		Usage:      "cache TTL when using redis as cache backend",
	}
	RedisCACertFlag = Flag{
		Name:       "redis-ca",
		ConfigName: "cache.redis.ca",
		Value:      "",
		Usage:      "redis ca file location, if using redis as cache backend",
	}
	RedisCertFlag = Flag{
		Name:       "redis-cert",
		ConfigName: "cache.redis.cert",
		Value:      "",
		Usage:      "redis certificate file location, if using redis as cache backend",
	}
	RedisKeyFlag = Flag{
		Name:       "redis-key",
		ConfigName: "cache.redis.key",
		Value:      "",
		Usage:      "redis key file location, if using redis as cache backend",
	}
)

e.g. config yaml:

cache:
  clear: true
  backend: "redis://localhost:6379"
redis:
  ca: ca-cert.pem
  cert: cert.pem
  key: key.pem
View Source
var (
	ResetFlag = Flag{
		Name:       "reset",
		ConfigName: "reset",
		Value:      false,
		Usage:      "remove all caches and database",
	}
	DownloadDBOnlyFlag = Flag{
		Name:       "download-db-only",
		ConfigName: "db.download-only",
		Value:      false,
		Usage:      "download/update vulnerability database but don't run a scan",
	}
	SkipDBUpdateFlag = Flag{
		Name:       "skip-db-update",
		ConfigName: "db.skip-update",
		Value:      false,
		Usage:      "skip updating vulnerability database",
	}
	NoProgressFlag = Flag{
		Name:       "no-progress",
		ConfigName: "db.no-progress",
		Value:      false,
		Usage:      "suppress progress bar",
	}
	DBRepositoryFlag = Flag{
		Name:       "db-repository",
		ConfigName: "db.repository",
		Value:      defaultDBRepository,
		Usage:      "OCI repository to retrieve trivy-db from",
	}
	LightFlag = Flag{
		Name:       "light",
		ConfigName: "db.light",
		Value:      false,
		Usage:      "deprecated",
		Deprecated: true,
	}
)
View Source
var (
	ConfigFileFlag = Flag{
		Name:       "config",
		ConfigName: "config",
		Shorthand:  "c",
		Value:      "trivy.yaml",
		Usage:      "config path",
		Persistent: true,
	}
	ShowVersionFlag = Flag{
		Name:       "version",
		ConfigName: "version",
		Shorthand:  "v",
		Value:      false,
		Usage:      "show version",
		Persistent: true,
	}
	QuietFlag = Flag{
		Name:       "quiet",
		ConfigName: "quiet",
		Shorthand:  "q",
		Value:      false,
		Usage:      "suppress progress bar and log output",
		Persistent: true,
	}
	DebugFlag = Flag{
		Name:       "debug",
		ConfigName: "debug",
		Shorthand:  "d",
		Value:      false,
		Usage:      "debug mode",
		Persistent: true,
	}
	InsecureFlag = Flag{
		Name:       "insecure",
		ConfigName: "insecure",
		Value:      false,
		Usage:      "allow insecure server connections when using TLS",
		Persistent: true,
	}
	TimeoutFlag = Flag{
		Name:       "timeout",
		ConfigName: "timeout",
		Value:      time.Second * 300,
		Usage:      "timeout",
		Persistent: true,
	}
	CacheDirFlag = Flag{
		Name:       "cache-dir",
		ConfigName: "cache.dir",
		Value:      utils.DefaultCacheDir(),
		Usage:      "cache directory",
		Persistent: true,
	}
	GenerateDefaultConfigFlag = Flag{
		Name:       "generate-default-config",
		ConfigName: "generate-default-config",
		Value:      false,
		Usage:      "write the default config to trivy-default.yaml",
		Persistent: true,
	}
)
View Source
var (
	ScanRemovedPkgsFlag = Flag{
		Name:       "removed-pkgs",
		ConfigName: "image.removed-pkgs",
		Value:      false,
		Usage:      "detect vulnerabilities of removed packages (only for Alpine)",
	}
	InputFlag = Flag{
		Name:       "input",
		ConfigName: "image.input",
		Value:      "",
		Usage:      "input file path instead of image name",
	}

	PlatformFlag = Flag{
		Name:       "platform",
		ConfigName: "image.platform",
		Value:      "",
		Usage:      "set platform in the form os/arch if image is multi-platform capable",
	}
)
View Source
var (
	ClusterContextFlag = Flag{
		Name:       "context",
		ConfigName: "kubernetes.context",
		Value:      "",
		Usage:      "specify a context to scan",
	}
	K8sNamespaceFlag = Flag{
		Name:       "namespace",
		ConfigName: "kubernetes.namespace",
		Shorthand:  "n",
		Value:      "",
		Usage:      "specify a namespace to scan",
	}
	KubeConfigFlag = Flag{
		Name:       "kubeconfig",
		ConfigName: "kubernetes.kubeconfig",
		Value:      "",
		Usage:      "specify the kubeconfig file path to use",
	}
	ComponentsFlag = Flag{
		Name:       "components",
		ConfigName: "kubernetes.components",
		Value:      []string{"workload", "infra"},
		Usage:      "specify which components to scan",
	}
)
View Source
var (
	LicenseFull = Flag{
		Name:       "license-full",
		ConfigName: "license.full",
		Value:      false,
		Usage:      "eagerly look for licenses in source code headers and license files",
	}
	IgnoredLicenses = Flag{
		Name:       "ignored-licenses",
		ConfigName: "license.ignored",
		Value:      []string{},
		Usage:      "specify a list of license to ignore",
	}

	// LicenseForbidden is an option only in a config file
	LicenseForbidden = Flag{
		ConfigName: "license.forbidden",
		Value:      licensing.ForbiddenLicenses,
		Usage:      "forbidden licenses",
	}
	// LicenseRestricted is an option only in a config file
	LicenseRestricted = Flag{
		ConfigName: "license.restricted",
		Value:      licensing.RestrictedLicenses,
		Usage:      "restricted licenses",
	}
	// LicenseReciprocal is an option only in a config file
	LicenseReciprocal = Flag{
		ConfigName: "license.reciprocal",
		Value:      licensing.ReciprocalLicenses,
		Usage:      "reciprocal licenses",
	}
	// LicenseNotice is an option only in a config file
	LicenseNotice = Flag{
		ConfigName: "license.notice",
		Value:      licensing.NoticeLicenses,
		Usage:      "notice licenses",
	}
	// LicensePermissive is an option only in a config file
	LicensePermissive = Flag{
		ConfigName: "license.permissive",
		Value:      licensing.PermissiveLicenses,
		Usage:      "permissive licenses",
	}
	// LicenseUnencumbered is an option only in a config file
	LicenseUnencumbered = Flag{
		ConfigName: "license.unencumbered",
		Value:      licensing.UnencumberedLicenses,
		Usage:      "unencumbered licenses",
	}
)
View Source
var (
	IncludeNonFailuresFlag = Flag{
		Name:       "include-non-failures",
		ConfigName: "misconfiguration.include-non-failures",
		Value:      false,
		Usage:      "include successes and exceptions, available with '--security-checks config'",
	}
	HelmValuesFileFlag = Flag{
		Name:       "helm-values",
		ConfigName: "misconfiguration.helm.values",
		Value:      []string{},
		Usage:      "specify paths to override the Helm values.yaml files",
	}
	HelmSetFlag = Flag{
		Name:       "helm-set",
		ConfigName: "misconfiguration.helm.set",
		Value:      []string{},
		Usage:      "specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)",
	}
	HelmSetFileFlag = Flag{
		Name:       "helm-set-file",
		ConfigName: "misconfiguration.helm.set-file",
		Value:      []string{},
		Usage:      "specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)",
	}
	HelmSetStringFlag = Flag{
		Name:       "helm-set-string",
		ConfigName: "misconfiguration.helm.set-string",
		Value:      []string{},
		Usage:      "specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)",
	}
	TfVarsFlag = Flag{
		Name:       "tf-vars",
		ConfigName: "misconfiguration.terraform.vars",
		Value:      []string{},
		Usage:      "specify paths to override the Terraform tfvars files",
	}
)

e.g. config yaml:

misconfiguration:
  trace: true
  config-policy: "custom-policy/policy"
  policy-namespaces: "user"
View Source
var (
	SkipPolicyUpdateFlag = Flag{
		Name:       "skip-policy-update",
		ConfigName: "rego.skip-policy-update",
		Value:      false,
		Usage:      "deprecated",
		Deprecated: true,
	}
	TraceFlag = Flag{
		Name:       "trace",
		ConfigName: "rego.trace",
		Value:      false,
		Usage:      "enable more verbose trace output for custom queries",
	}
	ConfigPolicyFlag = Flag{
		Name:       "config-policy",
		ConfigName: "rego.policy",
		Value:      []string{},
		Usage:      "specify paths to the Rego policy files directory, applying config files",
	}
	ConfigDataFlag = Flag{
		Name:       "config-data",
		ConfigName: "rego.data",
		Value:      []string{},
		Usage:      "specify paths from which data for the Rego policies will be recursively loaded",
	}
	PolicyNamespaceFlag = Flag{
		Name:       "policy-namespaces",
		ConfigName: "rego.namespaces",
		Value:      []string{},
		Usage:      "Rego namespaces",
	}
)

e.g. config yaml:

rego:
  trace: true
  config-policy: "custom-policy/policy"
  policy-namespaces: "user"
View Source
var (
	ServerTokenFlag = Flag{
		Name:       "token",
		ConfigName: "server.token",
		Value:      "",
		Usage:      "for authentication in client/server mode",
	}
	ServerTokenHeaderFlag = Flag{
		Name:       "token-header",
		ConfigName: "server.token-header",
		Value:      DefaultTokenHeader,
		Usage:      "specify a header name for token in client/server mode",
	}
	ServerAddrFlag = Flag{
		Name:       "server",
		ConfigName: "server.addr",
		Value:      "",
		Usage:      "server address in client mode",
	}
	ServerCustomHeadersFlag = Flag{
		Name:       "custom-headers",
		ConfigName: "server.custom-headers",
		Value:      []string{},
		Usage:      "custom headers in client mode",
	}
	ServerListenFlag = Flag{
		Name:       "listen",
		ConfigName: "server.listen",
		Value:      "localhost:4954",
		Usage:      "listen address in server mode",
	}
)
View Source
var (
	FetchBranchFlag = Flag{
		Name:       "branch",
		ConfigName: "repository.branch",
		Value:      "",
		Usage:      "pass the branch name to be scanned",
	}
	FetchCommitFlag = Flag{
		Name:       "commit",
		ConfigName: "repository.commit",
		Value:      "",
		Usage:      "pass the commit hash to be scanned",
	}
	FetchTagFlag = Flag{
		Name:       "tag",
		ConfigName: "repository.tag",
		Value:      "",
		Usage:      "pass the tag name to be scanned",
	}
)
View Source
var (
	FormatFlag = Flag{
		Name:       "format",
		ConfigName: "format",
		Shorthand:  "f",
		Value:      report.FormatTable,
		Usage:      "format (table, json, sarif, template, cyclonedx, spdx, spdx-json, github, cosign-vuln)",
	}
	ReportFormatFlag = Flag{
		Name:       "report",
		ConfigName: "report",
		Value:      "all",
		Usage:      "specify a report format for the output. (all,summary)",
	}
	TemplateFlag = Flag{
		Name:       "template",
		ConfigName: "template",
		Shorthand:  "t",
		Value:      "",
		Usage:      "output template",
	}
	DependencyTreeFlag = Flag{
		Name:       "dependency-tree",
		ConfigName: "dependency-tree",
		Value:      false,
		Usage:      "[EXPERIMENTAL] show dependency origin tree of vulnerable packages",
	}
	ListAllPkgsFlag = Flag{
		Name:       "list-all-pkgs",
		ConfigName: "list-all-pkgs",
		Value:      false,
		Usage:      "enabling the option will output all packages regardless of vulnerability",
	}
	IgnoreFileFlag = Flag{
		Name:       "ignorefile",
		ConfigName: "ignorefile",
		Value:      result.DefaultIgnoreFile,
		Usage:      "specify .trivyignore file",
	}
	IgnorePolicyFlag = Flag{
		Name:       "ignore-policy",
		ConfigName: "ignore-policy",
		Value:      "",
		Usage:      "specify the Rego file path to evaluate each vulnerability",
	}
	ExitCodeFlag = Flag{
		Name:       "exit-code",
		ConfigName: "exit-code",
		Value:      0,
		Usage:      "specify exit code when any security issues are found",
	}
	OutputFlag = Flag{
		Name:       "output",
		ConfigName: "output",
		Shorthand:  "o",
		Value:      "",
		Usage:      "output file name",
	}
	SeverityFlag = Flag{
		Name:       "severity",
		ConfigName: "severity",
		Shorthand:  "s",
		Value:      strings.Join(dbTypes.SeverityNames, ","),
		Usage:      "severities of security issues to be displayed (comma separated)",
	}
	ComplianceFlag = Flag{
		Name:       "compliance",
		ConfigName: "scan.compliance",
		Value:      "",
		Usage:      "comma-separated list of what compliance reports to generate (nsa)",
	}
)

e.g. config yaml:

format: table
dependency-tree: true
severity: HIGH,CRITICAL
View Source
var (
	ArtifactTypeFlag = Flag{
		Name:       "artifact-type",
		ConfigName: "sbom.artifact-type",
		Value:      "",
		Usage:      "deprecated",
		Deprecated: true,
	}
	SBOMFormatFlag = Flag{
		Name:       "sbom-format",
		ConfigName: "sbom.format",
		Value:      "",
		Usage:      "deprecated",
		Deprecated: true,
	}
)
View Source
var (
	SkipDirsFlag = Flag{
		Name:       "skip-dirs",
		ConfigName: "scan.skip-dirs",
		Value:      []string{},
		Usage:      "specify the directories where the traversal is skipped",
	}
	SkipFilesFlag = Flag{
		Name:       "skip-files",
		ConfigName: "scan.skip-files",
		Value:      []string{},
		Usage:      "specify the file paths to skip traversal",
	}
	OfflineScanFlag = Flag{
		Name:       "offline-scan",
		ConfigName: "scan.offline",
		Value:      false,
		Usage:      "do not issue API requests to identify dependencies",
	}
	SecurityChecksFlag = Flag{
		Name:       "security-checks",
		ConfigName: "scan.security-checks",
		Value:      []string{types.SecurityCheckVulnerability, types.SecurityCheckSecret},
		Usage:      "comma-separated list of what security issues to detect (vuln,config,secret,license)",
	}
	FilePatternsFlag = Flag{
		Name:       "file-patterns",
		ConfigName: "scan.file-patterns",
		Value:      []string{},
		Usage:      "specify config file patterns",
	}
	SBOMSourcesFlag = Flag{
		Name:       "sbom-sources",
		ConfigName: "scan.sbom-sources",
		Value:      []string{},
		Usage:      "[EXPERIMENTAL] try to retrieve SBOM from the specified sources (rekor)",
	}
	RekorURLFlag = Flag{
		Name:       "rekor-url",
		ConfigName: "scan.rekor-url",
		Value:      "https://rekor.sigstore.dev",
		Usage:      "[EXPERIMENTAL] address of rekor STL server",
	}
)
View Source
var (
	VulnTypeFlag = Flag{
		Name:       "vuln-type",
		ConfigName: "vulnerability.type",
		Value:      strings.Join([]string{types.VulnTypeOS, types.VulnTypeLibrary}, ","),
		Usage:      "comma-separated list of vulnerability types (os,library)",
	}
	IgnoreUnfixedFlag = Flag{
		Name:       "ignore-unfixed",
		ConfigName: "vulnerability.ignore-unfixed",
		Value:      false,
		Usage:      "display only fixed vulnerabilities",
	}
)
View Source
var (
	SecretConfigFlag = Flag{
		Name:       "secret-config",
		ConfigName: "secret.config",
		Value:      "trivy-secret.yaml",
		Usage:      "specify a path to config file for secret scanning",
	}
)

Functions

This section is empty.

Types

type AWSFlagGroup added in v0.31.0

type AWSFlagGroup struct {
	Region   *Flag
	Endpoint *Flag
	Services *Flag
	Account  *Flag
	ARN      *Flag
}

func NewAWSFlagGroup added in v0.31.0

func NewAWSFlagGroup() *AWSFlagGroup

func (*AWSFlagGroup) Flags added in v0.31.0

func (f *AWSFlagGroup) Flags() []*Flag

func (*AWSFlagGroup) Name added in v0.31.0

func (f *AWSFlagGroup) Name() string

func (*AWSFlagGroup) ToOptions added in v0.31.0

func (f *AWSFlagGroup) ToOptions() AWSOptions

type AWSOptions added in v0.31.0

type AWSOptions struct {
	Region   string
	Endpoint string
	Services []string
	Account  string
	ARN      string
}

type CacheFlagGroup

type CacheFlagGroup struct {
	ClearCache   *Flag
	CacheBackend *Flag
	CacheTTL     *Flag

	RedisCACert *Flag
	RedisCert   *Flag
	RedisKey    *Flag
}

CacheFlagGroup composes common printer flag structs used for commands requiring cache logic.

func NewCacheFlagGroup

func NewCacheFlagGroup() *CacheFlagGroup

NewCacheFlagGroup returns a default CacheFlagGroup

func (*CacheFlagGroup) Flags

func (fg *CacheFlagGroup) Flags() []*Flag

func (*CacheFlagGroup) Name

func (fg *CacheFlagGroup) Name() string

func (*CacheFlagGroup) ToOptions

func (fg *CacheFlagGroup) ToOptions() (CacheOptions, error)

type CacheOptions

type CacheOptions struct {
	ClearCache   bool
	CacheBackend string
	CacheTTL     time.Duration
	RedisOptions
}

func (*CacheOptions) CacheBackendMasked

func (o *CacheOptions) CacheBackendMasked() string

CacheBackendMasked returns the redis connection string masking credentials

type CloudFlagGroup added in v0.31.0

type CloudFlagGroup struct {
	UpdateCache *Flag
	MaxCacheAge *Flag
}

func NewCloudFlagGroup added in v0.31.0

func NewCloudFlagGroup() *CloudFlagGroup

func (*CloudFlagGroup) Flags added in v0.31.0

func (f *CloudFlagGroup) Flags() []*Flag

func (*CloudFlagGroup) Name added in v0.31.0

func (f *CloudFlagGroup) Name() string

func (*CloudFlagGroup) ToOptions added in v0.31.0

func (f *CloudFlagGroup) ToOptions() CloudOptions

type CloudOptions added in v0.31.0

type CloudOptions struct {
	MaxCacheAge time.Duration
	UpdateCache bool
}

type DBFlagGroup

type DBFlagGroup struct {
	Reset          *Flag
	DownloadDBOnly *Flag
	SkipDBUpdate   *Flag
	NoProgress     *Flag
	DBRepository   *Flag
	Light          *Flag // deprecated
}

DBFlagGroup composes common printer flag structs used for commands requiring DB logic.

func NewDBFlagGroup

func NewDBFlagGroup() *DBFlagGroup

NewDBFlagGroup returns a default DBFlagGroup

func (*DBFlagGroup) Flags

func (f *DBFlagGroup) Flags() []*Flag

func (*DBFlagGroup) Name

func (f *DBFlagGroup) Name() string

func (*DBFlagGroup) ToOptions

func (f *DBFlagGroup) ToOptions() (DBOptions, error)

type DBOptions

type DBOptions struct {
	Reset          bool
	DownloadDBOnly bool
	SkipDBUpdate   bool
	NoProgress     bool
	DBRepository   string
	Light          bool // deprecated
}

type Flag

type Flag struct {
	// Name is for CLI flag and environment variable.
	// If this field is empty, it will be available only in config file.
	Name string

	// ConfigName is a key in config file. It is also used as a key of viper.
	ConfigName string

	// Shorthand is a shorthand letter.
	Shorthand string

	// Value is the default value. It must be filled to determine the flag type.
	Value interface{}

	// Usage explains how to use the flag.
	Usage string

	// Persistent represents if the flag is persistent
	Persistent bool

	// Deprecated represents if the flag is deprecated
	Deprecated bool
}

type FlagGroup

type FlagGroup interface {
	Name() string
	Flags() []*Flag
}

type Flags

type Flags struct {
	AWSFlagGroup           *AWSFlagGroup
	CacheFlagGroup         *CacheFlagGroup
	CloudFlagGroup         *CloudFlagGroup
	DBFlagGroup            *DBFlagGroup
	ImageFlagGroup         *ImageFlagGroup
	K8sFlagGroup           *K8sFlagGroup
	LicenseFlagGroup       *LicenseFlagGroup
	MisconfFlagGroup       *MisconfFlagGroup
	RemoteFlagGroup        *RemoteFlagGroup
	RegoFlagGroup          *RegoFlagGroup
	RepoFlagGroup          *RepoFlagGroup
	ReportFlagGroup        *ReportFlagGroup
	SBOMFlagGroup          *SBOMFlagGroup
	ScanFlagGroup          *ScanFlagGroup
	SecretFlagGroup        *SecretFlagGroup
	VulnerabilityFlagGroup *VulnerabilityFlagGroup
}

func (*Flags) AddFlags

func (f *Flags) AddFlags(cmd *cobra.Command)

func (*Flags) Bind

func (f *Flags) Bind(cmd *cobra.Command) error

func (*Flags) ToOptions

func (f *Flags) ToOptions(appVersion string, args []string, globalFlags *GlobalFlagGroup, output io.Writer) (Options, error)

nolint: gocyclo

func (*Flags) Usages

func (f *Flags) Usages(cmd *cobra.Command) string

type GlobalFlagGroup

type GlobalFlagGroup struct {
	ConfigFile            *Flag
	ShowVersion           *Flag // spf13/cobra can't override the logic of version printing like VersionPrinter in urfave/cli. -v needs to be defined ourselves.
	Quiet                 *Flag
	Debug                 *Flag
	Insecure              *Flag
	Timeout               *Flag
	CacheDir              *Flag
	GenerateDefaultConfig *Flag
}

GlobalFlagGroup composes global flags

func NewGlobalFlagGroup

func NewGlobalFlagGroup() *GlobalFlagGroup

func (*GlobalFlagGroup) AddFlags

func (f *GlobalFlagGroup) AddFlags(cmd *cobra.Command)

func (*GlobalFlagGroup) Bind

func (f *GlobalFlagGroup) Bind(cmd *cobra.Command) error

func (*GlobalFlagGroup) ToOptions

func (f *GlobalFlagGroup) ToOptions() GlobalOptions

type GlobalOptions

type GlobalOptions struct {
	ConfigFile            string
	ShowVersion           bool
	Quiet                 bool
	Debug                 bool
	Insecure              bool
	Timeout               time.Duration
	CacheDir              string
	GenerateDefaultConfig bool
}

GlobalOptions defines flags and other configuration parameters for all the subcommands

type ImageFlagGroup

type ImageFlagGroup struct {
	Input           *Flag // local image archive
	ScanRemovedPkgs *Flag
	Platform        *Flag
}

func NewImageFlagGroup

func NewImageFlagGroup() *ImageFlagGroup

func (*ImageFlagGroup) Flags

func (f *ImageFlagGroup) Flags() []*Flag

func (*ImageFlagGroup) Name

func (f *ImageFlagGroup) Name() string

func (*ImageFlagGroup) ToOptions

func (f *ImageFlagGroup) ToOptions() ImageOptions

type ImageOptions

type ImageOptions struct {
	Input           string
	ScanRemovedPkgs bool
	Platform        string
}

type K8sFlagGroup

type K8sFlagGroup struct {
	ClusterContext *Flag
	Namespace      *Flag
	KubeConfig     *Flag
	Components     *Flag
}

func NewK8sFlagGroup

func NewK8sFlagGroup() *K8sFlagGroup

func (*K8sFlagGroup) Flags

func (f *K8sFlagGroup) Flags() []*Flag

func (*K8sFlagGroup) Name

func (f *K8sFlagGroup) Name() string

func (*K8sFlagGroup) ToOptions

func (f *K8sFlagGroup) ToOptions() K8sOptions

type K8sOptions

type K8sOptions struct {
	ClusterContext string
	Namespace      string
	KubeConfig     string
	Components     []string
}

type LicenseFlagGroup

type LicenseFlagGroup struct {
	LicenseFull     *Flag
	IgnoredLicenses *Flag

	// License Categories
	LicenseForbidden    *Flag // mapped to CRITICAL
	LicenseRestricted   *Flag // mapped to HIGH
	LicenseReciprocal   *Flag // mapped to MEDIUM
	LicenseNotice       *Flag // mapped to LOW
	LicensePermissive   *Flag // mapped to LOW
	LicenseUnencumbered *Flag // mapped to LOW
}

func NewLicenseFlagGroup

func NewLicenseFlagGroup() *LicenseFlagGroup

func (*LicenseFlagGroup) Flags

func (f *LicenseFlagGroup) Flags() []*Flag

func (*LicenseFlagGroup) Name

func (f *LicenseFlagGroup) Name() string

func (*LicenseFlagGroup) ToOptions

func (f *LicenseFlagGroup) ToOptions() LicenseOptions

type LicenseOptions

type LicenseOptions struct {
	LicenseFull          bool
	IgnoredLicenses      []string
	LicenseRiskThreshold int
	LicenseCategories    map[types.LicenseCategory][]string
}

type MisconfFlagGroup

type MisconfFlagGroup struct {
	IncludeNonFailures *Flag

	// Values Files
	HelmValues       *Flag
	HelmValueFiles   *Flag
	HelmFileValues   *Flag
	HelmStringValues *Flag
	TerraformTFVars  *Flag
}

MisconfFlagGroup composes common printer flag structs used for commands providing misconfinguration scanning.

func NewMisconfFlagGroup

func NewMisconfFlagGroup() *MisconfFlagGroup

func (*MisconfFlagGroup) Flags

func (f *MisconfFlagGroup) Flags() []*Flag

func (*MisconfFlagGroup) Name

func (f *MisconfFlagGroup) Name() string

func (*MisconfFlagGroup) ToOptions

func (f *MisconfFlagGroup) ToOptions() (MisconfOptions, error)

type MisconfOptions

type MisconfOptions struct {
	IncludeNonFailures bool

	// Values Files
	HelmValues       []string
	HelmValueFiles   []string
	HelmFileValues   []string
	HelmStringValues []string
	TerraformTFVars  []string
}

type Options

type Options struct {
	GlobalOptions
	AWSOptions
	CacheOptions
	CloudOptions
	DBOptions
	ImageOptions
	K8sOptions
	LicenseOptions
	MisconfOptions
	RegoOptions
	RemoteOptions
	RepoOptions
	ReportOptions
	SBOMOptions
	ScanOptions
	SecretOptions
	VulnerabilityOptions

	// Trivy's version, not populated via CLI flags
	AppVersion string

	// We don't want to allow disabled analyzers to be passed by users, but it is necessary for internal use.
	DisabledAnalyzers []analyzer.Type
}

Options holds all the runtime configuration

func (*Options) Align added in v0.31.0

func (o *Options) Align()

Align takes consistency of options

type RedisOptions

type RedisOptions struct {
	RedisCACert string
	RedisCert   string
	RedisKey    string
}

RedisOptions holds the options for redis cache

type RegoFlagGroup added in v0.33.0

type RegoFlagGroup struct {
	SkipPolicyUpdate *Flag // deprecated
	Trace            *Flag
	PolicyPaths      *Flag
	DataPaths        *Flag
	PolicyNamespaces *Flag
}

RegoFlagGroup composes common printer flag structs used for commands providing misconfinguration scanning.

func NewRegoFlagGroup added in v0.33.0

func NewRegoFlagGroup() *RegoFlagGroup

func (*RegoFlagGroup) Flags added in v0.33.0

func (f *RegoFlagGroup) Flags() []*Flag

func (*RegoFlagGroup) Name added in v0.33.0

func (f *RegoFlagGroup) Name() string

func (*RegoFlagGroup) ToOptions added in v0.33.0

func (f *RegoFlagGroup) ToOptions() (RegoOptions, error)

type RegoOptions added in v0.33.0

type RegoOptions struct {
	SkipPolicyUpdate bool // deprecated
	Trace            bool
	PolicyPaths      []string
	DataPaths        []string
	PolicyNamespaces []string
}

type RemoteFlagGroup

type RemoteFlagGroup struct {
	// for client/server
	Token       *Flag
	TokenHeader *Flag

	// for client
	ServerAddr    *Flag
	CustomHeaders *Flag

	// for server
	Listen *Flag
}

RemoteFlagGroup composes common printer flag structs used for commands requiring reporting logic.

func NewClientFlags

func NewClientFlags() *RemoteFlagGroup

func NewServerFlags

func NewServerFlags() *RemoteFlagGroup

func (*RemoteFlagGroup) Flags

func (f *RemoteFlagGroup) Flags() []*Flag

func (*RemoteFlagGroup) Name

func (f *RemoteFlagGroup) Name() string

func (*RemoteFlagGroup) ToOptions

func (f *RemoteFlagGroup) ToOptions() RemoteOptions

type RemoteOptions

type RemoteOptions struct {
	Token       string
	TokenHeader string

	ServerAddr    string
	Listen        string
	CustomHeaders http.Header
}

type RepoFlagGroup added in v0.30.1

type RepoFlagGroup struct {
	Branch *Flag
	Commit *Flag
	Tag    *Flag
}

func NewRepoFlagGroup added in v0.30.1

func NewRepoFlagGroup() *RepoFlagGroup

func (*RepoFlagGroup) Flags added in v0.30.1

func (f *RepoFlagGroup) Flags() []*Flag

func (*RepoFlagGroup) Name added in v0.30.1

func (f *RepoFlagGroup) Name() string

func (*RepoFlagGroup) ToOptions added in v0.30.1

func (f *RepoFlagGroup) ToOptions() RepoOptions

type RepoOptions added in v0.30.1

type RepoOptions struct {
	RepoBranch string
	RepoCommit string
	RepoTag    string
}

type ReportFlagGroup

type ReportFlagGroup struct {
	Format         *Flag
	ReportFormat   *Flag
	Template       *Flag
	DependencyTree *Flag
	ListAllPkgs    *Flag
	IgnoreFile     *Flag
	IgnorePolicy   *Flag
	ExitCode       *Flag
	Output         *Flag
	Severity       *Flag
	Compliance     *Flag
}

ReportFlagGroup composes common printer flag structs used for commands requiring reporting logic.

func NewReportFlagGroup

func NewReportFlagGroup() *ReportFlagGroup

func (*ReportFlagGroup) Flags

func (f *ReportFlagGroup) Flags() []*Flag

func (*ReportFlagGroup) Name

func (f *ReportFlagGroup) Name() string

func (*ReportFlagGroup) ToOptions

func (f *ReportFlagGroup) ToOptions(out io.Writer) (ReportOptions, error)

type ReportOptions

type ReportOptions struct {
	Format         string
	ReportFormat   string
	Template       string
	DependencyTree bool
	ListAllPkgs    bool
	IgnoreFile     string
	ExitCode       int
	IgnorePolicy   string
	Output         io.Writer
	Severities     []dbTypes.Severity
	Compliance     string
}

type SBOMFlagGroup

type SBOMFlagGroup struct {
	ArtifactType *Flag // deprecated
	SBOMFormat   *Flag // deprecated
}

func NewSBOMFlagGroup

func NewSBOMFlagGroup() *SBOMFlagGroup

func (*SBOMFlagGroup) Flags

func (f *SBOMFlagGroup) Flags() []*Flag

func (*SBOMFlagGroup) Name

func (f *SBOMFlagGroup) Name() string

func (*SBOMFlagGroup) ToOptions

func (f *SBOMFlagGroup) ToOptions() (SBOMOptions, error)

type SBOMOptions

type SBOMOptions struct {
	ArtifactType string // deprecated
	SBOMFormat   string // deprecated
}

type ScanFlagGroup

type ScanFlagGroup struct {
	SkipDirs       *Flag
	SkipFiles      *Flag
	OfflineScan    *Flag
	SecurityChecks *Flag
	FilePatterns   *Flag
	SBOMSources    *Flag
	RekorURL       *Flag
}

func NewScanFlagGroup

func NewScanFlagGroup() *ScanFlagGroup

func (*ScanFlagGroup) Flags

func (f *ScanFlagGroup) Flags() []*Flag

func (*ScanFlagGroup) Name

func (f *ScanFlagGroup) Name() string

func (*ScanFlagGroup) ToOptions

func (f *ScanFlagGroup) ToOptions(args []string) (ScanOptions, error)

type ScanOptions

type ScanOptions struct {
	Target         string
	SkipDirs       []string
	SkipFiles      []string
	OfflineScan    bool
	SecurityChecks []string
	FilePatterns   []string
	SBOMSources    []string
	RekorURL       string
}

type SecretFlagGroup

type SecretFlagGroup struct {
	SecretConfig *Flag
}

func NewSecretFlagGroup

func NewSecretFlagGroup() *SecretFlagGroup

func (*SecretFlagGroup) Flags

func (f *SecretFlagGroup) Flags() []*Flag

func (*SecretFlagGroup) Name

func (f *SecretFlagGroup) Name() string

func (*SecretFlagGroup) ToOptions

func (f *SecretFlagGroup) ToOptions() SecretOptions

type SecretOptions

type SecretOptions struct {
	SecretConfigPath string
}

type VulnerabilityFlagGroup

type VulnerabilityFlagGroup struct {
	VulnType      *Flag
	IgnoreUnfixed *Flag
}

func NewVulnerabilityFlagGroup

func NewVulnerabilityFlagGroup() *VulnerabilityFlagGroup

func (*VulnerabilityFlagGroup) Flags

func (f *VulnerabilityFlagGroup) Flags() []*Flag

func (*VulnerabilityFlagGroup) Name

func (f *VulnerabilityFlagGroup) Name() string

func (*VulnerabilityFlagGroup) ToOptions

type VulnerabilityOptions

type VulnerabilityOptions struct {
	VulnType      []string
	IgnoreUnfixed bool
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL