Documentation
¶
Index ¶
- Constants
- Variables
- type AWSFlagGroup
- type AWSOptions
- type Alias
- type CacheFlagGroup
- type CacheOptions
- type CloudFlagGroup
- type CloudOptions
- type DBFlagGroup
- type DBOptions
- type Flag
- type FlagGroup
- type Flags
- type GlobalFlagGroup
- type GlobalOptions
- type ImageFlagGroup
- type ImageOptions
- type K8sFlagGroup
- type K8sOptions
- type LicenseFlagGroup
- type LicenseOptions
- type MisconfFlagGroup
- type MisconfOptions
- type ModuleFlagGroup
- type ModuleOptions
- type Options
- type RedisOptions
- type RegistryFlagGroup
- type RegistryOptions
- type RegoFlagGroup
- type RegoOptions
- type RemoteFlagGroup
- type RemoteOptions
- type RepoFlagGroup
- type RepoOptions
- type ReportFlagGroup
- type ReportOptions
- type SBOMFlagGroup
- type SBOMOptions
- type ScanFlagGroup
- type ScanOptions
- type SecretFlagGroup
- type SecretOptions
- type ValueNormalizeFunc
- type VulnerabilityFlagGroup
- type VulnerabilityOptions
Constants ¶
View Source
const (
DefaultTokenHeader = "Trivy-Token"
)
Variables ¶
View Source
var ( ClearCacheFlag = Flag{ Name: "clear-cache", ConfigName: "cache.clear", Default: false, Usage: "clear image caches without scanning", } CacheBackendFlag = Flag{ Name: "cache-backend", ConfigName: "cache.backend", Default: "fs", Usage: "cache backend (e.g. redis://localhost:6379)", } CacheTTLFlag = Flag{ Name: "cache-ttl", ConfigName: "cache.ttl", Default: time.Duration(0), Usage: "cache TTL when using redis as cache backend", } RedisTLSFlag = Flag{ Name: "redis-tls", ConfigName: "cache.redis.tls", Default: false, Usage: "enable redis TLS with public certificates, if using redis as cache backend", } RedisCACertFlag = Flag{ Name: "redis-ca", ConfigName: "cache.redis.ca", Default: "", Usage: "redis ca file location, if using redis as cache backend", } RedisCertFlag = Flag{ Name: "redis-cert", ConfigName: "cache.redis.cert", Default: "", Usage: "redis certificate file location, if using redis as cache backend", } RedisKeyFlag = Flag{ Name: "redis-key", ConfigName: "cache.redis.key", Default: "", Usage: "redis key file location, if using redis as cache backend", } )
e.g. config yaml:
cache: clear: true backend: "redis://localhost:6379" redis: ca: ca-cert.pem cert: cert.pem key: key.pem
View Source
var ( ResetFlag = Flag{ Name: "reset", ConfigName: "reset", Default: false, Usage: "remove all caches and database", } DownloadDBOnlyFlag = Flag{ Name: "download-db-only", ConfigName: "db.download-only", Default: false, Usage: "download/update vulnerability database but don't run a scan", } SkipDBUpdateFlag = Flag{ Name: "skip-db-update", ConfigName: "db.skip-update", Default: false, Usage: "skip updating vulnerability database", Aliases: []Alias{ { Name: "skip-update", Deprecated: true, }, }, } DownloadJavaDBOnlyFlag = Flag{ Name: "download-java-db-only", ConfigName: "db.download-java-only", Default: false, Usage: "download/update Java index database but don't run a scan", } SkipJavaDBUpdateFlag = Flag{ Name: "skip-java-db-update", ConfigName: "db.java-skip-update", Default: false, Usage: "skip updating Java index database", } NoProgressFlag = Flag{ Name: "no-progress", ConfigName: "db.no-progress", Default: false, Usage: "suppress progress bar", } DBRepositoryFlag = Flag{ Name: "db-repository", ConfigName: "db.repository", Default: defaultDBRepository, Usage: "OCI repository to retrieve trivy-db from", } JavaDBRepositoryFlag = Flag{ Name: "java-db-repository", ConfigName: "db.java-repository", Default: defaultJavaDBRepository, Usage: "OCI repository to retrieve trivy-java-db from", } LightFlag = Flag{ Name: "light", ConfigName: "db.light", Default: false, Usage: "deprecated", Deprecated: true, } )
View Source
var ( ConfigFileFlag = Flag{ Name: "config", ConfigName: "config", Shorthand: "c", Default: "trivy.yaml", Usage: "config path", Persistent: true, } ShowVersionFlag = Flag{ Name: "version", ConfigName: "version", Shorthand: "v", Default: false, Usage: "show version", Persistent: true, } QuietFlag = Flag{ Name: "quiet", ConfigName: "quiet", Shorthand: "q", Default: false, Usage: "suppress progress bar and log output", Persistent: true, } DebugFlag = Flag{ Name: "debug", ConfigName: "debug", Shorthand: "d", Default: false, Usage: "debug mode", Persistent: true, } InsecureFlag = Flag{ Name: "insecure", ConfigName: "insecure", Default: false, Usage: "allow insecure server connections", Persistent: true, } TimeoutFlag = Flag{ Name: "timeout", ConfigName: "timeout", Default: time.Second * 300, Usage: "timeout", Persistent: true, } CacheDirFlag = Flag{ Name: "cache-dir", ConfigName: "cache.dir", Default: fsutils.CacheDir(), Usage: "cache directory", Persistent: true, } GenerateDefaultConfigFlag = Flag{ Name: "generate-default-config", ConfigName: "generate-default-config", Default: false, Usage: "write the default config to trivy-default.yaml", Persistent: true, } )
View Source
var ( ImageConfigScannersFlag = Flag{ Name: "image-config-scanners", ConfigName: "image.image-config-scanners", Default: []string{}, Values: xstrings.ToStringSlice(types.Scanners{ types.MisconfigScanner, types.SecretScanner, }), Usage: "comma-separated list of what security issues to detect on container image configurations", } ScanRemovedPkgsFlag = Flag{ Name: "removed-pkgs", ConfigName: "image.removed-pkgs", Default: false, Usage: "detect vulnerabilities of removed packages (only for Alpine)", } InputFlag = Flag{ Name: "input", ConfigName: "image.input", Default: "", Usage: "input file path instead of image name", } PlatformFlag = Flag{ Name: "platform", ConfigName: "image.platform", Default: "", Usage: "set platform in the form os/arch if image is multi-platform capable", } DockerHostFlag = Flag{ Name: "docker-host", ConfigName: "image.docker.host", Default: "", Usage: "unix domain socket path to use for docker scanning", } SourceFlag = Flag{ Name: "image-src", ConfigName: "image.source", Default: xstrings.ToStringSlice(ftypes.AllImageSources), Values: xstrings.ToStringSlice(ftypes.AllImageSources), Usage: "image source(s) to use, in priority order", } )
View Source
var ( ClusterContextFlag = Flag{ Name: "context", ConfigName: "kubernetes.context", Default: "", Usage: "specify a context to scan", Aliases: []Alias{ {Name: "ctx"}, }, } K8sNamespaceFlag = Flag{ Name: "namespace", ConfigName: "kubernetes.namespace", Shorthand: "n", Default: "", Usage: "specify a namespace to scan", } KubeConfigFlag = Flag{ Name: "kubeconfig", ConfigName: "kubernetes.kubeconfig", Default: "", Usage: "specify the kubeconfig file path to use", } ComponentsFlag = Flag{ Name: "components", ConfigName: "kubernetes.components", Default: []string{ "workload", "infra", }, Values: []string{ "workload", "infra", }, Usage: "specify which components to scan", } K8sVersionFlag = Flag{ Name: "k8s-version", ConfigName: "kubernetes.k8s.version", Default: "", Usage: "specify k8s version to validate outdated api by it (example: 1.21.0)", } TolerationsFlag = Flag{ Name: "tolerations", ConfigName: "kubernetes.tolerations", Default: []string{}, Usage: "specify node-collector job tolerations (example: key1=value1:NoExecute,key2=value2:NoSchedule)", } AllNamespaces = Flag{ Name: "all-namespaces", ConfigName: "kubernetes.all.namespaces", Shorthand: "A", Default: false, Usage: "fetch resources from all cluster namespaces", } NodeCollectorNamespace = Flag{ Name: "node-collector-namespace", ConfigName: "node.collector.namespace", Default: "trivy-temp", Usage: "specify the namespace in which the node-collector job should be deployed", } ExcludeOwned = Flag{ Name: "exclude-owned", ConfigName: "kubernetes.exclude.owned", Default: false, Usage: "exclude resources that have an owner reference", } ExcludeNodes = Flag{ Name: "exclude-nodes", ConfigName: "exclude.nodes", Default: []string{}, Usage: "indicate the node labels that the node-collector job should exclude from scanning (example: kubernetes.io/arch:arm64,team:dev)", } NodeCollectorImageRef = Flag{ Name: "node-collector-imageref", ConfigName: "node.collector.imageref", Default: "ghcr.io/aquasecurity/node-collector:0.0.9", Usage: "indicate the image reference for the node-collector scan job", } )
View Source
var ( LicenseFull = Flag{ Name: "license-full", ConfigName: "license.full", Default: false, Usage: "eagerly look for licenses in source code headers and license files", } IgnoredLicenses = Flag{ Name: "ignored-licenses", ConfigName: "license.ignored", Default: []string{}, Usage: "specify a list of license to ignore", } LicenseConfidenceLevel = Flag{ Name: "license-confidence-level", ConfigName: "license.confidenceLevel", Default: 0.9, Usage: "specify license classifier's confidence level", } // LicenseForbidden is an option only in a config file LicenseForbidden = Flag{ ConfigName: "license.forbidden", Default: licensing.ForbiddenLicenses, Usage: "forbidden licenses", } // LicenseRestricted is an option only in a config file LicenseRestricted = Flag{ ConfigName: "license.restricted", Default: licensing.RestrictedLicenses, Usage: "restricted licenses", } // LicenseReciprocal is an option only in a config file LicenseReciprocal = Flag{ ConfigName: "license.reciprocal", Default: licensing.ReciprocalLicenses, Usage: "reciprocal licenses", } // LicenseNotice is an option only in a config file LicenseNotice = Flag{ ConfigName: "license.notice", Default: licensing.NoticeLicenses, Usage: "notice licenses", } // LicensePermissive is an option only in a config file LicensePermissive = Flag{ ConfigName: "license.permissive", Default: licensing.PermissiveLicenses, Usage: "permissive licenses", } // LicenseUnencumbered is an option only in a config file LicenseUnencumbered = Flag{ ConfigName: "license.unencumbered", Default: licensing.UnencumberedLicenses, Usage: "unencumbered licenses", } )
View Source
var ( ResetPolicyBundleFlag = Flag{ Name: "reset-policy-bundle", ConfigName: "misconfiguration.reset-policy-bundle", Default: false, Usage: "remove policy bundle", } IncludeNonFailuresFlag = Flag{ Name: "include-non-failures", ConfigName: "misconfiguration.include-non-failures", Default: false, Usage: "include successes and exceptions, available with '--scanners misconfig'", } HelmValuesFileFlag = Flag{ Name: "helm-values", ConfigName: "misconfiguration.helm.values", Default: []string{}, Usage: "specify paths to override the Helm values.yaml files", } HelmSetFlag = Flag{ Name: "helm-set", ConfigName: "misconfiguration.helm.set", Default: []string{}, Usage: "specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)", } HelmSetFileFlag = Flag{ Name: "helm-set-file", ConfigName: "misconfiguration.helm.set-file", Default: []string{}, Usage: "specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)", } HelmSetStringFlag = Flag{ Name: "helm-set-string", ConfigName: "misconfiguration.helm.set-string", Default: []string{}, Usage: "specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)", } TfVarsFlag = Flag{ Name: "tf-vars", ConfigName: "misconfiguration.terraform.vars", Default: []string{}, Usage: "specify paths to override the Terraform tfvars files", } CfParamsFlag = Flag{ Name: "cf-params", ConfigName: "misconfiguration.cloudformation.params", Default: []string{}, Usage: "specify paths to override the CloudFormation parameters files", } TerraformExcludeDownloaded = Flag{ Name: "tf-exclude-downloaded-modules", ConfigName: "misconfiguration.terraform.exclude-downloaded-modules", Default: false, Usage: "exclude misconfigurations for downloaded terraform modules", } PolicyBundleRepositoryFlag = Flag{ Name: "policy-bundle-repository", ConfigName: "misconfiguration.policy-bundle-repository", Default: fmt.Sprintf("%s:%d", policy.BundleRepository, policy.BundleVersion), Usage: "OCI registry URL to retrieve policy bundle from", } MisconfigScannersFlag = Flag{ Name: "misconfig-scanners", ConfigName: "misconfiguration.scanners", Default: xstrings.ToStringSlice(analyzer.TypeConfigFiles), Usage: "comma-separated list of misconfig scanners to use for misconfiguration scanning", } )
e.g. config yaml:
misconfiguration: trace: true config-policy: "custom-policy/policy" policy-namespaces: "user"
View Source
var ( ModuleDirFlag = Flag{ Name: "module-dir", ConfigName: "module.dir", Default: module.DefaultDir, Usage: "specify directory to the wasm modules that will be loaded", Persistent: true, } EnableModulesFlag = Flag{ Name: "enable-modules", ConfigName: "module.enable-modules", Default: []string{}, Usage: "[EXPERIMENTAL] module names to enable", Persistent: true, } )
View Source
var ( UsernameFlag = Flag{ Name: "username", ConfigName: "registry.username", Default: []string{}, Usage: "username. Comma-separated usernames allowed.", } PasswordFlag = Flag{ Name: "password", ConfigName: "registry.password", Default: []string{}, Usage: "password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.", } RegistryTokenFlag = Flag{ Name: "registry-token", ConfigName: "registry.token", Default: "", Usage: "registry token", } )
View Source
var ( SkipPolicyUpdateFlag = Flag{ Name: "skip-policy-update", ConfigName: "rego.skip-policy-update", Default: false, Usage: "skip fetching rego policy updates", } TraceFlag = Flag{ Name: "trace", ConfigName: "rego.trace", Default: false, Usage: "enable more verbose trace output for custom queries", } ConfigPolicyFlag = Flag{ Name: "config-policy", ConfigName: "rego.policy", Default: []string{}, Usage: "specify the paths to the Rego policy files or to the directories containing them, applying config files", Aliases: []Alias{ {Name: "policy"}, }, } ConfigDataFlag = Flag{ Name: "config-data", ConfigName: "rego.data", Default: []string{}, Usage: "specify paths from which data for the Rego policies will be recursively loaded", Aliases: []Alias{ {Name: "data"}, }, } PolicyNamespaceFlag = Flag{ Name: "policy-namespaces", ConfigName: "rego.namespaces", Default: []string{}, Usage: "Rego namespaces", Aliases: []Alias{ {Name: "namespaces"}, }, } )
e.g. config yaml:
rego: trace: true config-policy: "custom-policy/policy" policy-namespaces: "user"
View Source
var ( ServerTokenFlag = Flag{ Name: "token", ConfigName: "server.token", Default: "", Usage: "for authentication in client/server mode", } ServerTokenHeaderFlag = Flag{ Name: "token-header", ConfigName: "server.token-header", Default: DefaultTokenHeader, Usage: "specify a header name for token in client/server mode", } ServerAddrFlag = Flag{ Name: "server", ConfigName: "server.addr", Default: "", Usage: "server address in client mode", } ServerCustomHeadersFlag = Flag{ Name: "custom-headers", ConfigName: "server.custom-headers", Default: []string{}, Usage: "custom headers in client mode", } ServerListenFlag = Flag{ Name: "listen", ConfigName: "server.listen", Default: "localhost:4954", Usage: "listen address in server mode", } )
View Source
var ( FetchBranchFlag = Flag{ Name: "branch", ConfigName: "repository.branch", Default: "", Usage: "pass the branch name to be scanned", } FetchCommitFlag = Flag{ Name: "commit", ConfigName: "repository.commit", Default: "", Usage: "pass the commit hash to be scanned", } FetchTagFlag = Flag{ Name: "tag", ConfigName: "repository.tag", Default: "", Usage: "pass the tag name to be scanned", } )
View Source
var ( FormatFlag = Flag{ Name: "format", ConfigName: "format", Shorthand: "f", Default: string(types.FormatTable), Values: xstrings.ToStringSlice(types.SupportedFormats), Usage: "format", } ReportFormatFlag = Flag{ Name: "report", ConfigName: "report", Default: "all", Values: []string{"all", "summary"}, Usage: "specify a report format for the output", } TemplateFlag = Flag{ Name: "template", ConfigName: "template", Shorthand: "t", Default: "", Usage: "output template", } DependencyTreeFlag = Flag{ Name: "dependency-tree", ConfigName: "dependency-tree", Default: false, Usage: "[EXPERIMENTAL] show dependency origin tree of vulnerable packages", } ListAllPkgsFlag = Flag{ Name: "list-all-pkgs", ConfigName: "list-all-pkgs", Default: false, Usage: "enabling the option will output all packages regardless of vulnerability", } IgnoreFileFlag = Flag{ Name: "ignorefile", ConfigName: "ignorefile", Default: result.DefaultIgnoreFile, Usage: "specify .trivyignore file", } IgnorePolicyFlag = Flag{ Name: "ignore-policy", ConfigName: "ignore-policy", Default: "", Usage: "specify the Rego file path to evaluate each vulnerability", } ExitCodeFlag = Flag{ Name: "exit-code", ConfigName: "exit-code", Default: 0, Usage: "specify exit code when any security issues are found", } ExitOnEOLFlag = Flag{ Name: "exit-on-eol", ConfigName: "exit-on-eol", Default: 0, Usage: "exit with the specified code when the OS reaches end of service/life", } OutputFlag = Flag{ Name: "output", ConfigName: "output", Shorthand: "o", Default: "", Usage: "output file name", } OutputPluginArgFlag = Flag{ Name: "output-plugin-arg", ConfigName: "output-plugin-arg", Default: "", Usage: "[EXPERIMENTAL] output plugin arguments", } SeverityFlag = Flag{ Name: "severity", ConfigName: "severity", Shorthand: "s", Default: dbTypes.SeverityNames, Values: dbTypes.SeverityNames, Usage: "severities of security issues to be displayed", } ComplianceFlag = Flag{ Name: "compliance", ConfigName: "scan.compliance", Default: "", Usage: "compliance report to generate", } )
e.g. config yaml:
format: table dependency-tree: true severity: HIGH,CRITICAL
View Source
var ( ArtifactTypeFlag = Flag{ Name: "artifact-type", ConfigName: "sbom.artifact-type", Default: "", Usage: "deprecated", Deprecated: true, } SBOMFormatFlag = Flag{ Name: "sbom-format", ConfigName: "sbom.format", Default: "", Usage: "deprecated", Deprecated: true, } VEXFlag = Flag{ Name: "vex", ConfigName: "sbom.vex", Default: "", Usage: "[EXPERIMENTAL] file path to VEX", } )
View Source
var ( SkipDirsFlag = Flag{ Name: "skip-dirs", ConfigName: "scan.skip-dirs", Default: []string{}, Usage: "specify the directories or glob patterns to skip", } SkipFilesFlag = Flag{ Name: "skip-files", ConfigName: "scan.skip-files", Default: []string{}, Usage: "specify the files or glob patterns to skip", } OfflineScanFlag = Flag{ Name: "offline-scan", ConfigName: "scan.offline", Default: false, Usage: "do not issue API requests to identify dependencies", } ScannersFlag = Flag{ Name: "scanners", ConfigName: "scan.scanners", Default: xstrings.ToStringSlice(types.Scanners{ types.VulnerabilityScanner, types.SecretScanner, }), Values: xstrings.ToStringSlice(types.Scanners{ types.VulnerabilityScanner, types.MisconfigScanner, types.SecretScanner, types.LicenseScanner, }), ValueNormalize: func(s string) string { switch s { case "vulnerability": return string(types.VulnerabilityScanner) case "misconf", "misconfiguration": return string(types.MisconfigScanner) case "config": log.Logger.Warn("'--scanner config' is deprecated. Use '--scanner misconfig' instead. See https://github.com/aquasecurity/trivy/discussions/5586 for the detail.") return string(types.MisconfigScanner) } return s }, Aliases: []Alias{ { Name: "security-checks", ConfigName: "scan.security-checks", Deprecated: true, }, }, Usage: "comma-separated list of what security issues to detect", } FilePatternsFlag = Flag{ Name: "file-patterns", ConfigName: "scan.file-patterns", Default: []string{}, Usage: "specify config file patterns", } SlowFlag = Flag{ Name: "slow", ConfigName: "scan.slow", Default: false, Usage: "scan over time with lower CPU and memory utilization", Deprecated: true, } ParallelFlag = Flag{ Name: "parallel", ConfigName: "scan.parallel", Default: 5, Usage: "number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism", } SBOMSourcesFlag = Flag{ Name: "sbom-sources", ConfigName: "scan.sbom-sources", Default: []string{}, Values: []string{"oci", "rekor"}, Usage: "[EXPERIMENTAL] try to retrieve SBOM from the specified sources", } RekorURLFlag = Flag{ Name: "rekor-url", ConfigName: "scan.rekor-url", Default: "https://rekor.sigstore.dev", Usage: "[EXPERIMENTAL] address of rekor STL server", } IncludeDevDepsFlag = Flag{ Name: "include-dev-deps", ConfigName: "include-dev-deps", Default: false, Usage: "include development dependencies in the report (supported: npm, yarn)", } )
View Source
var ( VulnTypeFlag = Flag{ Name: "vuln-type", ConfigName: "vulnerability.type", Default: []string{ types.VulnTypeOS, types.VulnTypeLibrary, }, Values: []string{ types.VulnTypeOS, types.VulnTypeLibrary, }, Usage: "comma-separated list of vulnerability types", } IgnoreUnfixedFlag = Flag{ Name: "ignore-unfixed", ConfigName: "vulnerability.ignore-unfixed", Default: false, Usage: "display only fixed vulnerabilities", } IgnoreStatusFlag = Flag{ Name: "ignore-status", ConfigName: "vulnerability.ignore-status", Default: []string{}, Values: dbTypes.Statuses, Usage: "comma-separated list of vulnerability status to ignore", } )
View Source
var (
SecretConfigFlag = Flag{
Name: "secret-config",
ConfigName: "secret.config",
Default: "trivy-secret.yaml",
Usage: "specify a path to config file for secret scanning",
}
)
Functions ¶
This section is empty.
Types ¶
type AWSFlagGroup ¶
type AWSFlagGroup struct {
Region *Flag
Endpoint *Flag
Services *Flag
SkipServices *Flag
Account *Flag
ARN *Flag
}
func NewAWSFlagGroup ¶
func NewAWSFlagGroup() *AWSFlagGroup
func (*AWSFlagGroup) Flags ¶
func (f *AWSFlagGroup) Flags() []*Flag
func (*AWSFlagGroup) Name ¶
func (f *AWSFlagGroup) Name() string
func (*AWSFlagGroup) ToOptions ¶
func (f *AWSFlagGroup) ToOptions() AWSOptions
type AWSOptions ¶
type CacheFlagGroup ¶
type CacheFlagGroup struct {
ClearCache *Flag
CacheBackend *Flag
CacheTTL *Flag
RedisTLS *Flag
RedisCACert *Flag
RedisCert *Flag
RedisKey *Flag
}
CacheFlagGroup composes common printer flag structs used for commands requiring cache logic.
func NewCacheFlagGroup ¶
func NewCacheFlagGroup() *CacheFlagGroup
NewCacheFlagGroup returns a default CacheFlagGroup
func (*CacheFlagGroup) Flags ¶
func (fg *CacheFlagGroup) Flags() []*Flag
func (*CacheFlagGroup) Name ¶
func (fg *CacheFlagGroup) Name() string
func (*CacheFlagGroup) ToOptions ¶
func (fg *CacheFlagGroup) ToOptions() (CacheOptions, error)
type CacheOptions ¶
type CacheOptions struct {
ClearCache bool
CacheBackend string
CacheTTL time.Duration
RedisTLS bool
RedisOptions
}
func (*CacheOptions) CacheBackendMasked ¶
func (o *CacheOptions) CacheBackendMasked() string
CacheBackendMasked returns the redis connection string masking credentials
type CloudFlagGroup ¶
func NewCloudFlagGroup ¶
func NewCloudFlagGroup() *CloudFlagGroup
func (*CloudFlagGroup) Flags ¶
func (f *CloudFlagGroup) Flags() []*Flag
func (*CloudFlagGroup) Name ¶
func (f *CloudFlagGroup) Name() string
func (*CloudFlagGroup) ToOptions ¶
func (f *CloudFlagGroup) ToOptions() CloudOptions
type CloudOptions ¶
type DBFlagGroup ¶
type DBFlagGroup struct {
Reset *Flag
DownloadDBOnly *Flag
SkipDBUpdate *Flag
DownloadJavaDBOnly *Flag
SkipJavaDBUpdate *Flag
NoProgress *Flag
DBRepository *Flag
JavaDBRepository *Flag
Light *Flag // deprecated
}
DBFlagGroup composes common printer flag structs used for commands requiring DB logic.
func NewDBFlagGroup ¶
func NewDBFlagGroup() *DBFlagGroup
NewDBFlagGroup returns a default DBFlagGroup
func (*DBFlagGroup) Flags ¶
func (f *DBFlagGroup) Flags() []*Flag
func (*DBFlagGroup) Name ¶
func (f *DBFlagGroup) Name() string
func (*DBFlagGroup) ToOptions ¶
func (f *DBFlagGroup) ToOptions() (DBOptions, error)
type Flag ¶
type Flag struct {
// Name is for CLI flag and environment variable.
// If this field is empty, it will be available only in config file.
Name string
// ConfigName is a key in config file. It is also used as a key of viper.
ConfigName string
// Shorthand is a shorthand letter.
Shorthand string
// Default is the default value. It must be filled to determine the flag type.
Default any
// Values is a list of allowed values.
// It currently supports string flags and string slice flags only.
Values []string
// ValueNormalize is a function to normalize the value.
// It can be used for aliases, etc.
ValueNormalize func(string) string
// Usage explains how to use the flag.
Usage string
// Persistent represents if the flag is persistent
Persistent bool
// Deprecated represents if the flag is deprecated
Deprecated bool
// Aliases represents aliases
Aliases []Alias
}
type Flags ¶
type Flags struct {
AWSFlagGroup *AWSFlagGroup
CacheFlagGroup *CacheFlagGroup
CloudFlagGroup *CloudFlagGroup
DBFlagGroup *DBFlagGroup
ImageFlagGroup *ImageFlagGroup
K8sFlagGroup *K8sFlagGroup
LicenseFlagGroup *LicenseFlagGroup
MisconfFlagGroup *MisconfFlagGroup
ModuleFlagGroup *ModuleFlagGroup
RemoteFlagGroup *RemoteFlagGroup
RegistryFlagGroup *RegistryFlagGroup
RegoFlagGroup *RegoFlagGroup
RepoFlagGroup *RepoFlagGroup
ReportFlagGroup *ReportFlagGroup
SBOMFlagGroup *SBOMFlagGroup
ScanFlagGroup *ScanFlagGroup
SecretFlagGroup *SecretFlagGroup
VulnerabilityFlagGroup *VulnerabilityFlagGroup
}
type GlobalFlagGroup ¶
type GlobalFlagGroup struct {
ConfigFile *Flag
ShowVersion *Flag // spf13/cobra can't override the logic of version printing like VersionPrinter in urfave/cli. -v needs to be defined ourselves.
Quiet *Flag
Debug *Flag
Insecure *Flag
Timeout *Flag
CacheDir *Flag
GenerateDefaultConfig *Flag
}
GlobalFlagGroup composes global flags
func NewGlobalFlagGroup ¶
func NewGlobalFlagGroup() *GlobalFlagGroup
func (*GlobalFlagGroup) AddFlags ¶
func (f *GlobalFlagGroup) AddFlags(cmd *cobra.Command)
func (*GlobalFlagGroup) ToOptions ¶
func (f *GlobalFlagGroup) ToOptions() GlobalOptions
type GlobalOptions ¶
type GlobalOptions struct {
ConfigFile string
ShowVersion bool
Quiet bool
Debug bool
Insecure bool
Timeout time.Duration
CacheDir string
GenerateDefaultConfig bool
}
GlobalOptions defines flags and other configuration parameters for all the subcommands
type ImageFlagGroup ¶
type ImageFlagGroup struct {
Input *Flag // local image archive
ImageConfigScanners *Flag
ScanRemovedPkgs *Flag
Platform *Flag
DockerHost *Flag
ImageSources *Flag
}
func NewImageFlagGroup ¶
func NewImageFlagGroup() *ImageFlagGroup
func (*ImageFlagGroup) Flags ¶
func (f *ImageFlagGroup) Flags() []*Flag
func (*ImageFlagGroup) Name ¶
func (f *ImageFlagGroup) Name() string
func (*ImageFlagGroup) ToOptions ¶
func (f *ImageFlagGroup) ToOptions() (ImageOptions, error)
type ImageOptions ¶
type K8sFlagGroup ¶
type K8sFlagGroup struct {
ClusterContext *Flag
Namespace *Flag
KubeConfig *Flag
Components *Flag
K8sVersion *Flag
Tolerations *Flag
NodeCollectorImageRef *Flag
AllNamespaces *Flag
NodeCollectorNamespace *Flag
ExcludeOwned *Flag
ExcludeNodes *Flag
}
func NewK8sFlagGroup ¶
func NewK8sFlagGroup() *K8sFlagGroup
func (*K8sFlagGroup) Flags ¶
func (f *K8sFlagGroup) Flags() []*Flag
func (*K8sFlagGroup) Name ¶
func (f *K8sFlagGroup) Name() string
func (*K8sFlagGroup) ToOptions ¶
func (f *K8sFlagGroup) ToOptions() (K8sOptions, error)
type K8sOptions ¶
type LicenseFlagGroup ¶
type LicenseFlagGroup struct {
LicenseFull *Flag
IgnoredLicenses *Flag
LicenseConfidenceLevel *Flag
// License Categories
LicenseForbidden *Flag // mapped to CRITICAL
LicenseRestricted *Flag // mapped to HIGH
LicenseReciprocal *Flag // mapped to MEDIUM
LicenseNotice *Flag // mapped to LOW
LicensePermissive *Flag // mapped to LOW
LicenseUnencumbered *Flag // mapped to LOW
}
func NewLicenseFlagGroup ¶
func NewLicenseFlagGroup() *LicenseFlagGroup
func (*LicenseFlagGroup) Flags ¶
func (f *LicenseFlagGroup) Flags() []*Flag
func (*LicenseFlagGroup) Name ¶
func (f *LicenseFlagGroup) Name() string
func (*LicenseFlagGroup) ToOptions ¶
func (f *LicenseFlagGroup) ToOptions() LicenseOptions
type LicenseOptions ¶
type MisconfFlagGroup ¶
type MisconfFlagGroup struct {
IncludeNonFailures *Flag
ResetPolicyBundle *Flag
PolicyBundleRepository *Flag
// Values Files
HelmValues *Flag
HelmValueFiles *Flag
HelmFileValues *Flag
HelmStringValues *Flag
TerraformTFVars *Flag
CloudformationParamVars *Flag
TerraformExcludeDownloaded *Flag
MisconfigScanners *Flag
}
MisconfFlagGroup composes common printer flag structs used for commands providing misconfiguration scanning.
func NewMisconfFlagGroup ¶
func NewMisconfFlagGroup() *MisconfFlagGroup
func (*MisconfFlagGroup) Flags ¶
func (f *MisconfFlagGroup) Flags() []*Flag
func (*MisconfFlagGroup) Name ¶
func (f *MisconfFlagGroup) Name() string
func (*MisconfFlagGroup) ToOptions ¶
func (f *MisconfFlagGroup) ToOptions() (MisconfOptions, error)
type MisconfOptions ¶
type MisconfOptions struct {
IncludeNonFailures bool
ResetPolicyBundle bool
PolicyBundleRepository string
// Values Files
HelmValues []string
HelmValueFiles []string
HelmFileValues []string
HelmStringValues []string
TerraformTFVars []string
CloudFormationParamVars []string
TfExcludeDownloaded bool
MisconfigScanners []analyzer.Type
}
type ModuleFlagGroup ¶
ModuleFlagGroup defines flags for modules
func NewModuleFlagGroup ¶
func NewModuleFlagGroup() *ModuleFlagGroup
func (*ModuleFlagGroup) Flags ¶
func (f *ModuleFlagGroup) Flags() []*Flag
func (*ModuleFlagGroup) Name ¶
func (f *ModuleFlagGroup) Name() string
func (*ModuleFlagGroup) ToOptions ¶
func (f *ModuleFlagGroup) ToOptions() ModuleOptions
type ModuleOptions ¶
type Options ¶
type Options struct {
GlobalOptions
AWSOptions
CacheOptions
CloudOptions
DBOptions
ImageOptions
K8sOptions
LicenseOptions
MisconfOptions
ModuleOptions
RegistryOptions
RegoOptions
RemoteOptions
RepoOptions
ReportOptions
SBOMOptions
ScanOptions
SecretOptions
VulnerabilityOptions
// Trivy's version, not populated via CLI flags
AppVersion string
// Deepfactor dfctl version
DfctlVersion string
// Deepfactor dfctl image url
DfctlImage string
OnlyFetchDFScanRegistrationMeta bool // fetch only basic metadata required to register df static scan
OnlyInspectArtifact bool // only inspect/validate artifact as part of scan and return metadata
// We don't want to allow disabled analyzers to be passed by users, but it is necessary for internal use.
DisabledAnalyzers []analyzer.Type
// contains filtered or unexported fields
}
Options holds all the runtime configuration
func (*Options) FilterOpts ¶
func (o *Options) FilterOpts() result.FilterOption
FilterOpts returns options for filtering
func (*Options) OutputWriter ¶
OutputWriter returns an output writer. If the output file is not specified, it returns os.Stdout.
func (*Options) RegistryOpts ¶
func (o *Options) RegistryOpts() ftypes.RegistryOptions
RegistryOpts returns options for OCI registries
func (*Options) SetOutputWriter ¶
SetOutputWriter sets an output writer.
type RedisOptions ¶
RedisOptions holds the options for redis cache
type RegistryFlagGroup ¶
func NewRegistryFlagGroup ¶
func NewRegistryFlagGroup() *RegistryFlagGroup
func (*RegistryFlagGroup) Flags ¶
func (f *RegistryFlagGroup) Flags() []*Flag
func (*RegistryFlagGroup) Name ¶
func (f *RegistryFlagGroup) Name() string
func (*RegistryFlagGroup) ToOptions ¶
func (f *RegistryFlagGroup) ToOptions() (RegistryOptions, error)
type RegistryOptions ¶
type RegistryOptions struct {
Credentials []types.Credential
RegistryToken string
}
type RegoFlagGroup ¶
type RegoFlagGroup struct {
SkipPolicyUpdate *Flag
Trace *Flag
PolicyPaths *Flag
DataPaths *Flag
PolicyNamespaces *Flag
}
RegoFlagGroup composes common printer flag structs used for commands providing misconfinguration scanning.
func NewRegoFlagGroup ¶
func NewRegoFlagGroup() *RegoFlagGroup
func (*RegoFlagGroup) Flags ¶
func (f *RegoFlagGroup) Flags() []*Flag
func (*RegoFlagGroup) Name ¶
func (f *RegoFlagGroup) Name() string
func (*RegoFlagGroup) ToOptions ¶
func (f *RegoFlagGroup) ToOptions() (RegoOptions, error)
type RegoOptions ¶
type RemoteFlagGroup ¶
type RemoteFlagGroup struct {
// for client/server
Token *Flag
TokenHeader *Flag
// for client
ServerAddr *Flag
CustomHeaders *Flag
// for server
Listen *Flag
}
RemoteFlagGroup composes common printer flag structs used for commands requiring reporting logic.
func NewClientFlags ¶
func NewClientFlags() *RemoteFlagGroup
func NewServerFlags ¶
func NewServerFlags() *RemoteFlagGroup
func (*RemoteFlagGroup) Flags ¶
func (f *RemoteFlagGroup) Flags() []*Flag
func (*RemoteFlagGroup) Name ¶
func (f *RemoteFlagGroup) Name() string
func (*RemoteFlagGroup) ToOptions ¶
func (f *RemoteFlagGroup) ToOptions() RemoteOptions
type RemoteOptions ¶
type RepoFlagGroup ¶
func NewRepoFlagGroup ¶
func NewRepoFlagGroup() *RepoFlagGroup
func (*RepoFlagGroup) Flags ¶
func (f *RepoFlagGroup) Flags() []*Flag
func (*RepoFlagGroup) Name ¶
func (f *RepoFlagGroup) Name() string
func (*RepoFlagGroup) ToOptions ¶
func (f *RepoFlagGroup) ToOptions() RepoOptions
type RepoOptions ¶
type ReportFlagGroup ¶
type ReportFlagGroup struct {
Format *Flag
ReportFormat *Flag
Template *Flag
DependencyTree *Flag
ListAllPkgs *Flag
IgnoreFile *Flag
IgnorePolicy *Flag
ExitCode *Flag
ExitOnEOL *Flag
Output *Flag
OutputPluginArg *Flag
Severity *Flag
Compliance *Flag
}
ReportFlagGroup composes common printer flag structs used for commands requiring reporting logic.
func NewReportFlagGroup ¶
func NewReportFlagGroup() *ReportFlagGroup
func (*ReportFlagGroup) Flags ¶
func (f *ReportFlagGroup) Flags() []*Flag
func (*ReportFlagGroup) Name ¶
func (f *ReportFlagGroup) Name() string
func (*ReportFlagGroup) ToOptions ¶
func (f *ReportFlagGroup) ToOptions() (ReportOptions, error)
type ReportOptions ¶
type SBOMFlagGroup ¶
type SBOMFlagGroup struct {
ArtifactType *Flag // deprecated
SBOMFormat *Flag // deprecated
VEXPath *Flag
}
func NewSBOMFlagGroup ¶
func NewSBOMFlagGroup() *SBOMFlagGroup
func (*SBOMFlagGroup) Flags ¶
func (f *SBOMFlagGroup) Flags() []*Flag
func (*SBOMFlagGroup) Name ¶
func (f *SBOMFlagGroup) Name() string
func (*SBOMFlagGroup) ToOptions ¶
func (f *SBOMFlagGroup) ToOptions() (SBOMOptions, error)
type SBOMOptions ¶
type SBOMOptions struct {
VEXPath string
}
type ScanFlagGroup ¶
type ScanFlagGroup struct {
SkipDirs *Flag
SkipFiles *Flag
OfflineScan *Flag
Scanners *Flag
FilePatterns *Flag
Slow *Flag // deprecated
Parallel *Flag
SBOMSources *Flag
RekorURL *Flag
IncludeDevDeps *Flag
}
func NewScanFlagGroup ¶
func NewScanFlagGroup() *ScanFlagGroup
func (*ScanFlagGroup) Flags ¶
func (f *ScanFlagGroup) Flags() []*Flag
func (*ScanFlagGroup) Name ¶
func (f *ScanFlagGroup) Name() string
func (*ScanFlagGroup) ToOptions ¶
func (f *ScanFlagGroup) ToOptions(args []string) (ScanOptions, error)
type ScanOptions ¶
type SecretFlagGroup ¶
type SecretFlagGroup struct {
SecretConfig *Flag
}
func NewSecretFlagGroup ¶
func NewSecretFlagGroup() *SecretFlagGroup
func (*SecretFlagGroup) Flags ¶
func (f *SecretFlagGroup) Flags() []*Flag
func (*SecretFlagGroup) Name ¶
func (f *SecretFlagGroup) Name() string
func (*SecretFlagGroup) ToOptions ¶
func (f *SecretFlagGroup) ToOptions() SecretOptions
type SecretOptions ¶
type SecretOptions struct {
SecretConfigPath string
}
type ValueNormalizeFunc ¶
type VulnerabilityFlagGroup ¶
func NewVulnerabilityFlagGroup ¶
func NewVulnerabilityFlagGroup() *VulnerabilityFlagGroup
func (*VulnerabilityFlagGroup) Flags ¶
func (f *VulnerabilityFlagGroup) Flags() []*Flag
func (*VulnerabilityFlagGroup) Name ¶
func (f *VulnerabilityFlagGroup) Name() string
func (*VulnerabilityFlagGroup) ToOptions ¶
func (f *VulnerabilityFlagGroup) ToOptions() VulnerabilityOptions
type VulnerabilityOptions ¶
Source Files
¶
- aws_flags.go
- cache_flags.go
- cloud_flags.go
- db_flags.go
- global_flags.go
- image_flags.go
- kubernetes_flags.go
- license_flags.go
- misconf_flags.go
- module_flags.go
- options.go
- registry_flags.go
- rego_flags.go
- remote_flags.go
- repo.go
- report_flags.go
- sbom_flags.go
- scan_flags.go
- secret_flags.go
- value.go
- vulnerability_flags.go
Click to show internal directories.
Click to hide internal directories.