Documentation ¶
Index ¶
- Constants
- Variables
- type AWSFlagGroup
- type AWSOptions
- type Alias
- type CacheFlagGroup
- type CacheOptions
- type CloudFlagGroup
- type CloudOptions
- type DBFlagGroup
- type DBOptions
- type Flag
- type FlagGroup
- type Flags
- type GlobalFlagGroup
- type GlobalOptions
- type ImageFlagGroup
- type ImageOptions
- type K8sFlagGroup
- type K8sOptions
- type LicenseFlagGroup
- type LicenseOptions
- type MisconfFlagGroup
- type MisconfOptions
- type ModuleFlagGroup
- type ModuleOptions
- type Options
- type RedisOptions
- type RegistryFlagGroup
- type RegistryOptions
- type RegoFlagGroup
- type RegoOptions
- type RemoteFlagGroup
- type RemoteOptions
- type RepoFlagGroup
- type RepoOptions
- type ReportFlagGroup
- type ReportOptions
- type SBOMFlagGroup
- type SBOMOptions
- type ScanFlagGroup
- type ScanOptions
- type SecretFlagGroup
- type SecretOptions
- type VulnerabilityFlagGroup
- type VulnerabilityOptions
Constants ¶
const (
DefaultTokenHeader = "Vul-Token"
)
Variables ¶
var ( ClearCacheFlag = Flag{ Name: "clear-cache", ConfigName: "cache.clear", Default: false, Usage: "clear image caches without scanning", } CacheBackendFlag = Flag{ Name: "cache-backend", ConfigName: "cache.backend", Default: "fs", Usage: "cache backend (e.g. redis://localhost:6379)", } CacheTTLFlag = Flag{ Name: "cache-ttl", ConfigName: "cache.ttl", Default: time.Duration(0), Usage: "cache TTL when using redis as cache backend", } RedisTLSFlag = Flag{ Name: "redis-tls", ConfigName: "cache.redis.tls", Default: false, Usage: "enable redis TLS with public certificates, if using redis as cache backend", } RedisCACertFlag = Flag{ Name: "redis-ca", ConfigName: "cache.redis.ca", Default: "", Usage: "redis ca file location, if using redis as cache backend", } RedisCertFlag = Flag{ Name: "redis-cert", ConfigName: "cache.redis.cert", Default: "", Usage: "redis certificate file location, if using redis as cache backend", } RedisKeyFlag = Flag{ Name: "redis-key", ConfigName: "cache.redis.key", Default: "", Usage: "redis key file location, if using redis as cache backend", } )
e.g. config yaml:
cache: clear: true backend: "redis://localhost:6379" redis: ca: ca-cert.pem cert: cert.pem key: key.pem
var ( ResetFlag = Flag{ Name: "reset", ConfigName: "reset", Default: false, Usage: "remove all caches and database", } DownloadDBOnlyFlag = Flag{ Name: "download-db-only", ConfigName: "db.download-only", Default: false, Usage: "download/update vulnerability database but don't run a scan", } SkipDBUpdateFlag = Flag{ Name: "skip-db-update", ConfigName: "db.skip-update", Default: false, Usage: "skip updating vulnerability database", Aliases: []Alias{ { Name: "skip-update", Deprecated: true, }, }, } DownloadJavaDBOnlyFlag = Flag{ Name: "download-java-db-only", ConfigName: "db.download-java-only", Default: false, Usage: "download/update Java index database but don't run a scan", } SkipJavaDBUpdateFlag = Flag{ Name: "skip-java-db-update", ConfigName: "db.java-skip-update", Default: false, Usage: "skip updating Java index database", } NoProgressFlag = Flag{ Name: "no-progress", ConfigName: "db.no-progress", Default: false, Usage: "suppress progress bar", } DBRepositoryFlag = Flag{ Name: "db-repository", ConfigName: "db.repository", Default: defaultDBRepository, Usage: "OCI repository to retrieve vul-db from", } JavaDBRepositoryFlag = Flag{ Name: "java-db-repository", ConfigName: "db.java-repository", Default: defaultJavaDBRepository, Usage: "OCI repository to retrieve vul-java-db from", } LightFlag = Flag{ Name: "light", ConfigName: "db.light", Default: false, Usage: "deprecated", Deprecated: true, } )
var ( ConfigFileFlag = Flag{ Name: "config", ConfigName: "config", Shorthand: "c", Default: "vul.yaml", Usage: "config path", Persistent: true, } ShowVersionFlag = Flag{ Name: "version", ConfigName: "version", Shorthand: "v", Default: false, Usage: "show version", Persistent: true, } QuietFlag = Flag{ Name: "quiet", ConfigName: "quiet", Shorthand: "q", Default: false, Usage: "suppress progress bar and log output", Persistent: true, } DebugFlag = Flag{ Name: "debug", ConfigName: "debug", Shorthand: "d", Default: false, Usage: "debug mode", Persistent: true, } InsecureFlag = Flag{ Name: "insecure", ConfigName: "insecure", Default: false, Usage: "allow insecure server connections", Persistent: true, } TimeoutFlag = Flag{ Name: "timeout", ConfigName: "timeout", Default: time.Second * 300, Usage: "timeout", Persistent: true, } CacheDirFlag = Flag{ Name: "cache-dir", ConfigName: "cache.dir", Default: fsutils.CacheDir(), Usage: "cache directory", Persistent: true, } GenerateDefaultConfigFlag = Flag{ Name: "generate-default-config", ConfigName: "generate-default-config", Default: false, Usage: "write the default config to vul-default.yaml", Persistent: true, } )
var ( ImageConfigScannersFlag = Flag{ Name: "image-config-scanners", ConfigName: "image.image-config-scanners", Default: []string{}, Values: xstrings.ToStringSlice(types.Scanners{ types.MisconfigScanner, types.SecretScanner, }), Usage: "comma-separated list of what security issues to detect on container image configurations", } ScanRemovedPkgsFlag = Flag{ Name: "removed-pkgs", ConfigName: "image.removed-pkgs", Default: false, Usage: "detect vulnerabilities of removed packages (only for Alpine)", } InputFlag = Flag{ Name: "input", ConfigName: "image.input", Default: "", Usage: "input file path instead of image name", } PlatformFlag = Flag{ Name: "platform", ConfigName: "image.platform", Default: "", Usage: "set platform in the form os/arch if image is multi-platform capable", } DockerHostFlag = Flag{ Name: "docker-host", ConfigName: "image.docker.host", Default: "", Usage: "unix domain socket path to use for docker scanning", } SourceFlag = Flag{ Name: "image-src", ConfigName: "image.source", Default: xstrings.ToStringSlice(ftypes.AllImageSources), Values: xstrings.ToStringSlice(ftypes.AllImageSources), Usage: "image source(s) to use, in priority order", } )
var ( ClusterContextFlag = Flag{ Name: "context", ConfigName: "kubernetes.context", Default: "", Usage: "specify a context to scan", Aliases: []Alias{ {Name: "ctx"}, }, } K8sNamespaceFlag = Flag{ Name: "namespace", ConfigName: "kubernetes.namespace", Shorthand: "n", Default: "", Usage: "specify a namespace to scan", } KubeConfigFlag = Flag{ Name: "kubeconfig", ConfigName: "kubernetes.kubeconfig", Default: "", Usage: "specify the kubeconfig file path to use", } ComponentsFlag = Flag{ Name: "components", ConfigName: "kubernetes.components", Default: []string{ "workload", "infra", }, Values: []string{ "workload", "infra", }, Usage: "specify which components to scan", } K8sVersionFlag = Flag{ Name: "k8s-version", ConfigName: "kubernetes.k8s.version", Default: "", Usage: "specify k8s version to validate outdated api by it (example: 1.21.0)", } ParallelFlag = Flag{ Name: "parallel", ConfigName: "kubernetes.parallel", Default: 5, Usage: "number (between 1-20) of goroutines enabled for parallel scanning", } TolerationsFlag = Flag{ Name: "tolerations", ConfigName: "kubernetes.tolerations", Default: []string{}, Usage: "specify node-collector job tolerations (example: key1=value1:NoExecute,key2=value2:NoSchedule)", } AllNamespaces = Flag{ Name: "all-namespaces", ConfigName: "kubernetes.all.namespaces", Shorthand: "A", Default: false, Usage: "fetch resources from all cluster namespaces", } NodeCollectorNamespace = Flag{ Name: "node-collector-namespace", ConfigName: "node.collector.namespace", Default: "vul-temp", Usage: "specify the namespace in which the node-collector job should be deployed", } ExcludeNodes = Flag{ Name: "exclude-nodes", ConfigName: "exclude.nodes", Default: []string{}, Usage: "indicate the node labels that the node-collector job should exclude from scanning (example: kubernetes.io/arch:arm64,team:dev)", } )
var ( LicenseFull = Flag{ Name: "license-full", ConfigName: "license.full", Default: false, Usage: "eagerly look for licenses in source code headers and license files", } IgnoredLicenses = Flag{ Name: "ignored-licenses", ConfigName: "license.ignored", Default: []string{}, Usage: "specify a list of license to ignore", } LicenseConfidenceLevel = Flag{ Name: "license-confidence-level", ConfigName: "license.confidenceLevel", Default: 0.9, Usage: "specify license classifier's confidence level", } // LicenseForbidden is an option only in a config file LicenseForbidden = Flag{ ConfigName: "license.forbidden", Default: licensing.ForbiddenLicenses, Usage: "forbidden licenses", } // LicenseRestricted is an option only in a config file LicenseRestricted = Flag{ ConfigName: "license.restricted", Default: licensing.RestrictedLicenses, Usage: "restricted licenses", } // LicenseReciprocal is an option only in a config file LicenseReciprocal = Flag{ ConfigName: "license.reciprocal", Default: licensing.ReciprocalLicenses, Usage: "reciprocal licenses", } // LicenseNotice is an option only in a config file LicenseNotice = Flag{ ConfigName: "license.notice", Default: licensing.NoticeLicenses, Usage: "notice licenses", } // LicensePermissive is an option only in a config file LicensePermissive = Flag{ ConfigName: "license.permissive", Default: licensing.PermissiveLicenses, Usage: "permissive licenses", } // LicenseUnencumbered is an option only in a config file LicenseUnencumbered = Flag{ ConfigName: "license.unencumbered", Default: licensing.UnencumberedLicenses, Usage: "unencumbered licenses", } )
var ( ResetPolicyBundleFlag = Flag{ Name: "reset-policy-bundle", ConfigName: "misconfiguration.reset-policy-bundle", Default: false, Usage: "remove policy bundle", } IncludeNonFailuresFlag = Flag{ Name: "include-non-failures", ConfigName: "misconfiguration.include-non-failures", Default: false, Usage: "include successes and exceptions, available with '--scanners config'", } HelmValuesFileFlag = Flag{ Name: "helm-values", ConfigName: "misconfiguration.helm.values", Default: []string{}, Usage: "specify paths to override the Helm values.yaml files", } HelmSetFlag = Flag{ Name: "helm-set", ConfigName: "misconfiguration.helm.set", Default: []string{}, Usage: "specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)", } HelmSetFileFlag = Flag{ Name: "helm-set-file", ConfigName: "misconfiguration.helm.set-file", Default: []string{}, Usage: "specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)", } HelmSetStringFlag = Flag{ Name: "helm-set-string", ConfigName: "misconfiguration.helm.set-string", Default: []string{}, Usage: "specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)", } TfVarsFlag = Flag{ Name: "tf-vars", ConfigName: "misconfiguration.terraform.vars", Default: []string{}, Usage: "specify paths to override the Terraform tfvars files", } TerraformExcludeDownloaded = Flag{ Name: "tf-exclude-downloaded-modules", ConfigName: "misconfiguration.terraform.exclude-downloaded-modules", Default: false, Usage: "remove results for downloaded modules in .terraform folder", } PolicyBundleRepositoryFlag = Flag{ Name: "policy-bundle-repository", ConfigName: "misconfiguration.policy-bundle-repository", Default: fmt.Sprintf("%s:%d", policy.BundleRepository, policy.BundleVersion), Usage: "OCI registry URL to retrieve policy bundle from", } )
e.g. config yaml:
misconfiguration: trace: true config-policy: "custom-policy/policy" policy-namespaces: "user"
var ( ModuleDirFlag = Flag{ Name: "module-dir", ConfigName: "module.dir", Default: module.DefaultDir, Usage: "specify directory to the wasm modules that will be loaded", Persistent: true, } EnableModulesFlag = Flag{ Name: "enable-modules", ConfigName: "module.enable-modules", Default: []string{}, Usage: "[EXPERIMENTAL] module names to enable", Persistent: true, } )
var ( UsernameFlag = Flag{ Name: "username", ConfigName: "registry.username", Default: []string{}, Usage: "username. Comma-separated usernames allowed.", } PasswordFlag = Flag{ Name: "password", ConfigName: "registry.password", Default: []string{}, Usage: "password. Comma-separated passwords allowed. VUL_PASSWORD should be used for security reasons.", } RegistryTokenFlag = Flag{ Name: "registry-token", ConfigName: "registry.token", Default: "", Usage: "registry token", } )
var ( SkipPolicyUpdateFlag = Flag{ Name: "skip-policy-update", ConfigName: "rego.skip-policy-update", Default: false, Usage: "skip fetching rego policy updates", } TraceFlag = Flag{ Name: "trace", ConfigName: "rego.trace", Default: false, Usage: "enable more verbose trace output for custom queries", } ConfigPolicyFlag = Flag{ Name: "config-policy", ConfigName: "rego.policy", Default: []string{}, Usage: "specify the paths to the Rego policy files or to the directories containing them, applying config files", Aliases: []Alias{ {Name: "policy"}, }, } ConfigDataFlag = Flag{ Name: "config-data", ConfigName: "rego.data", Default: []string{}, Usage: "specify paths from which data for the Rego policies will be recursively loaded", Aliases: []Alias{ {Name: "data"}, }, } PolicyNamespaceFlag = Flag{ Name: "policy-namespaces", ConfigName: "rego.namespaces", Default: []string{}, Usage: "Rego namespaces", Aliases: []Alias{ {Name: "namespaces"}, }, } )
e.g. config yaml:
rego: trace: true config-policy: "custom-policy/policy" policy-namespaces: "user"
var ( ServerTokenFlag = Flag{ Name: "token", ConfigName: "server.token", Default: "", Usage: "for authentication in client/server mode", } ServerTokenHeaderFlag = Flag{ Name: "token-header", ConfigName: "server.token-header", Default: DefaultTokenHeader, Usage: "specify a header name for token in client/server mode", } ServerAddrFlag = Flag{ Name: "server", ConfigName: "server.addr", Default: "", Usage: "server address in client mode", } ServerCustomHeadersFlag = Flag{ Name: "custom-headers", ConfigName: "server.custom-headers", Default: []string{}, Usage: "custom headers in client mode", } ServerListenFlag = Flag{ Name: "listen", ConfigName: "server.listen", Default: "localhost:4954", Usage: "listen address in server mode", } )
var ( FetchBranchFlag = Flag{ Name: "branch", ConfigName: "repository.branch", Default: "", Usage: "pass the branch name to be scanned", } FetchCommitFlag = Flag{ Name: "commit", ConfigName: "repository.commit", Default: "", Usage: "pass the commit hash to be scanned", } FetchTagFlag = Flag{ Name: "tag", ConfigName: "repository.tag", Default: "", Usage: "pass the tag name to be scanned", } )
var ( FormatFlag = Flag{ Name: "format", ConfigName: "format", Shorthand: "f", Default: string(types.FormatTable), Values: xstrings.ToStringSlice(types.SupportedFormats), Usage: "format", } ReportFormatFlag = Flag{ Name: "report", ConfigName: "report", Default: "all", Values: []string{"all", "summary"}, Usage: "specify a report format for the output", } TemplateFlag = Flag{ Name: "template", ConfigName: "template", Shorthand: "t", Default: "", Usage: "output template", } DependencyTreeFlag = Flag{ Name: "dependency-tree", ConfigName: "dependency-tree", Default: false, Usage: "[EXPERIMENTAL] show dependency origin tree of vulnerable packages", } ListAllPkgsFlag = Flag{ Name: "list-all-pkgs", ConfigName: "list-all-pkgs", Default: false, Usage: "enabling the option will output all packages regardless of vulnerability", } IgnoreFileFlag = Flag{ Name: "ignorefile", ConfigName: "ignorefile", Default: result.DefaultIgnoreFile, Usage: "specify .vulignore file", } IgnorePolicyFlag = Flag{ Name: "ignore-policy", ConfigName: "ignore-policy", Default: "", Usage: "specify the Rego file path to evaluate each vulnerability", } ExitCodeFlag = Flag{ Name: "exit-code", ConfigName: "exit-code", Default: 0, Usage: "specify exit code when any security issues are found", } ExitOnEOLFlag = Flag{ Name: "exit-on-eol", ConfigName: "exit-on-eol", Default: 0, Usage: "exit with the specified code when the OS reaches end of service/life", } OutputFlag = Flag{ Name: "output", ConfigName: "output", Shorthand: "o", Default: "", Usage: "output file name", } SeverityFlag = Flag{ Name: "severity", ConfigName: "severity", Shorthand: "s", Default: dbTypes.SeverityNames, Values: dbTypes.SeverityNames, Usage: "severities of security issues to be displayed", } ComplianceFlag = Flag{ Name: "compliance", ConfigName: "scan.compliance", Default: "", Usage: "compliance report to generate", } )
e.g. config yaml:
format: table dependency-tree: true severity: HIGH,CRITICAL
var ( ArtifactTypeFlag = Flag{ Name: "artifact-type", ConfigName: "sbom.artifact-type", Default: "", Usage: "deprecated", Deprecated: true, } SBOMFormatFlag = Flag{ Name: "sbom-format", ConfigName: "sbom.format", Default: "", Usage: "deprecated", Deprecated: true, } VEXFlag = Flag{ Name: "vex", ConfigName: "sbom.vex", Default: "", Usage: "[EXPERIMENTAL] file path to VEX", } )
var ( SkipDirsFlag = Flag{ Name: "skip-dirs", ConfigName: "scan.skip-dirs", Default: []string{}, Usage: "specify the directories or glob patterns to skip", } SkipFilesFlag = Flag{ Name: "skip-files", ConfigName: "scan.skip-files", Default: []string{}, Usage: "specify the files or glob patterns to skip", } OfflineScanFlag = Flag{ Name: "offline-scan", ConfigName: "scan.offline", Default: false, Usage: "do not issue API requests to identify dependencies", } ScannersFlag = Flag{ Name: "scanners", ConfigName: "scan.scanners", Default: xstrings.ToStringSlice(types.Scanners{ types.VulnerabilityScanner, types.SecretScanner, }), Values: xstrings.ToStringSlice(types.Scanners{ types.VulnerabilityScanner, types.MisconfigScanner, types.SecretScanner, types.LicenseScanner, }), Aliases: []Alias{ { Name: "security-checks", ConfigName: "scan.security-checks", Deprecated: true, }, }, Usage: "comma-separated list of what security issues to detect", } FilePatternsFlag = Flag{ Name: "file-patterns", ConfigName: "scan.file-patterns", Default: []string{}, Usage: "specify config file patterns", } SlowFlag = Flag{ Name: "slow", ConfigName: "scan.slow", Default: false, Usage: "scan over time with lower CPU and memory utilization", } SBOMSourcesFlag = Flag{ Name: "sbom-sources", ConfigName: "scan.sbom-sources", Default: []string{}, Values: []string{"oci", "rekor"}, Usage: "[EXPERIMENTAL] try to retrieve SBOM from the specified sources", } RekorURLFlag = Flag{ Name: "rekor-url", ConfigName: "scan.rekor-url", Default: "https://rekor.sigstore.dev", Usage: "[EXPERIMENTAL] address of rekor STL server", } IncludeDevDepsFlag = Flag{ Name: "include-dev-deps", ConfigName: "include-dev-deps", Default: false, Usage: "include development dependencies in the report (supported: npm, yarn)", } )
var ( VulnTypeFlag = Flag{ Name: "vuln-type", ConfigName: "vulnerability.type", Default: []string{ types.VulnTypeOS, types.VulnTypeLibrary, }, Values: []string{ types.VulnTypeOS, types.VulnTypeLibrary, }, Usage: "comma-separated list of vulnerability types", } IgnoreUnfixedFlag = Flag{ Name: "ignore-unfixed", ConfigName: "vulnerability.ignore-unfixed", Default: false, Usage: "display only fixed vulnerabilities", } IgnoreStatusFlag = Flag{ Name: "ignore-status", ConfigName: "vulnerability.ignore-status", Default: []string{}, Values: dbTypes.Statuses, Usage: "comma-separated list of vulnerability status to ignore", } )
var (
SecretConfigFlag = Flag{
Name: "secret-config",
ConfigName: "secret.config",
Default: "vul-secret.yaml",
Usage: "specify a path to config file for secret scanning",
}
)
Functions ¶
This section is empty.
Types ¶
type AWSFlagGroup ¶
type AWSFlagGroup struct { Region *Flag Endpoint *Flag Services *Flag SkipServices *Flag Account *Flag ARN *Flag }
func NewAWSFlagGroup ¶
func NewAWSFlagGroup() *AWSFlagGroup
func (*AWSFlagGroup) Flags ¶
func (f *AWSFlagGroup) Flags() []*Flag
func (*AWSFlagGroup) Name ¶
func (f *AWSFlagGroup) Name() string
func (*AWSFlagGroup) ToOptions ¶
func (f *AWSFlagGroup) ToOptions() AWSOptions
type AWSOptions ¶
type CacheFlagGroup ¶
type CacheFlagGroup struct { ClearCache *Flag CacheBackend *Flag CacheTTL *Flag RedisTLS *Flag RedisCACert *Flag RedisCert *Flag RedisKey *Flag }
CacheFlagGroup composes common printer flag structs used for commands requiring cache logic.
func NewCacheFlagGroup ¶
func NewCacheFlagGroup() *CacheFlagGroup
NewCacheFlagGroup returns a default CacheFlagGroup
func (*CacheFlagGroup) Flags ¶
func (fg *CacheFlagGroup) Flags() []*Flag
func (*CacheFlagGroup) Name ¶
func (fg *CacheFlagGroup) Name() string
func (*CacheFlagGroup) ToOptions ¶
func (fg *CacheFlagGroup) ToOptions() (CacheOptions, error)
type CacheOptions ¶
type CacheOptions struct { ClearCache bool CacheBackend string CacheTTL time.Duration RedisTLS bool RedisOptions }
func (*CacheOptions) CacheBackendMasked ¶
func (o *CacheOptions) CacheBackendMasked() string
CacheBackendMasked returns the redis connection string masking credentials
type CloudFlagGroup ¶
func NewCloudFlagGroup ¶
func NewCloudFlagGroup() *CloudFlagGroup
func (*CloudFlagGroup) Flags ¶
func (f *CloudFlagGroup) Flags() []*Flag
func (*CloudFlagGroup) Name ¶
func (f *CloudFlagGroup) Name() string
func (*CloudFlagGroup) ToOptions ¶
func (f *CloudFlagGroup) ToOptions() CloudOptions
type CloudOptions ¶
type DBFlagGroup ¶
type DBFlagGroup struct { Reset *Flag DownloadDBOnly *Flag SkipDBUpdate *Flag DownloadJavaDBOnly *Flag SkipJavaDBUpdate *Flag NoProgress *Flag DBRepository *Flag JavaDBRepository *Flag Light *Flag // deprecated }
DBFlagGroup composes common printer flag structs used for commands requiring DB logic.
func NewDBFlagGroup ¶
func NewDBFlagGroup() *DBFlagGroup
NewDBFlagGroup returns a default DBFlagGroup
func (*DBFlagGroup) Flags ¶
func (f *DBFlagGroup) Flags() []*Flag
func (*DBFlagGroup) Name ¶
func (f *DBFlagGroup) Name() string
func (*DBFlagGroup) ToOptions ¶
func (f *DBFlagGroup) ToOptions() (DBOptions, error)
type Flag ¶
type Flag struct { // Name is for CLI flag and environment variable. // If this field is empty, it will be available only in config file. Name string // ConfigName is a key in config file. It is also used as a key of viper. ConfigName string // Shorthand is a shorthand letter. Shorthand string // Default is the default value. It must be filled to determine the flag type. Default any // Values is a list of allowed values. // It currently supports string flags and string slice flags only. Values []string // Usage explains how to use the flag. Usage string // Persistent represents if the flag is persistent Persistent bool // Deprecated represents if the flag is deprecated Deprecated bool // Aliases represents aliases Aliases []Alias }
type Flags ¶
type Flags struct { AWSFlagGroup *AWSFlagGroup CacheFlagGroup *CacheFlagGroup CloudFlagGroup *CloudFlagGroup DBFlagGroup *DBFlagGroup ImageFlagGroup *ImageFlagGroup K8sFlagGroup *K8sFlagGroup LicenseFlagGroup *LicenseFlagGroup MisconfFlagGroup *MisconfFlagGroup ModuleFlagGroup *ModuleFlagGroup RemoteFlagGroup *RemoteFlagGroup RegistryFlagGroup *RegistryFlagGroup RegoFlagGroup *RegoFlagGroup RepoFlagGroup *RepoFlagGroup ReportFlagGroup *ReportFlagGroup SBOMFlagGroup *SBOMFlagGroup ScanFlagGroup *ScanFlagGroup SecretFlagGroup *SecretFlagGroup VulnerabilityFlagGroup *VulnerabilityFlagGroup }
type GlobalFlagGroup ¶
type GlobalFlagGroup struct { ConfigFile *Flag ShowVersion *Flag // spf13/cobra can't override the logic of version printing like VersionPrinter in urfave/cli. -v needs to be defined ourselves. Quiet *Flag Debug *Flag Insecure *Flag Timeout *Flag CacheDir *Flag GenerateDefaultConfig *Flag }
GlobalFlagGroup composes global flags
func NewGlobalFlagGroup ¶
func NewGlobalFlagGroup() *GlobalFlagGroup
func (*GlobalFlagGroup) AddFlags ¶
func (f *GlobalFlagGroup) AddFlags(cmd *cobra.Command)
func (*GlobalFlagGroup) ToOptions ¶
func (f *GlobalFlagGroup) ToOptions() GlobalOptions
type GlobalOptions ¶
type GlobalOptions struct { ConfigFile string ShowVersion bool Quiet bool Debug bool Insecure bool Timeout time.Duration CacheDir string GenerateDefaultConfig bool }
GlobalOptions defines flags and other configuration parameters for all the subcommands
type ImageFlagGroup ¶
type ImageFlagGroup struct { Input *Flag // local image archive ImageConfigScanners *Flag ScanRemovedPkgs *Flag Platform *Flag DockerHost *Flag ImageSources *Flag }
func NewImageFlagGroup ¶
func NewImageFlagGroup() *ImageFlagGroup
func (*ImageFlagGroup) Flags ¶
func (f *ImageFlagGroup) Flags() []*Flag
func (*ImageFlagGroup) Name ¶
func (f *ImageFlagGroup) Name() string
func (*ImageFlagGroup) ToOptions ¶
func (f *ImageFlagGroup) ToOptions() (ImageOptions, error)
type ImageOptions ¶
type K8sFlagGroup ¶
type K8sFlagGroup struct { ClusterContext *Flag Namespace *Flag KubeConfig *Flag Components *Flag K8sVersion *Flag Parallel *Flag Tolerations *Flag AllNamespaces *Flag NodeCollectorNamespace *Flag ExcludeNodes *Flag }
func NewK8sFlagGroup ¶
func NewK8sFlagGroup() *K8sFlagGroup
func (*K8sFlagGroup) Flags ¶
func (f *K8sFlagGroup) Flags() []*Flag
func (*K8sFlagGroup) Name ¶
func (f *K8sFlagGroup) Name() string
func (*K8sFlagGroup) ToOptions ¶
func (f *K8sFlagGroup) ToOptions() (K8sOptions, error)
type K8sOptions ¶
type LicenseFlagGroup ¶
type LicenseFlagGroup struct { LicenseFull *Flag IgnoredLicenses *Flag LicenseConfidenceLevel *Flag // License Categories LicenseForbidden *Flag // mapped to CRITICAL LicenseRestricted *Flag // mapped to HIGH LicenseReciprocal *Flag // mapped to MEDIUM LicenseNotice *Flag // mapped to LOW LicensePermissive *Flag // mapped to LOW LicenseUnencumbered *Flag // mapped to LOW }
func NewLicenseFlagGroup ¶
func NewLicenseFlagGroup() *LicenseFlagGroup
func (*LicenseFlagGroup) Flags ¶
func (f *LicenseFlagGroup) Flags() []*Flag
func (*LicenseFlagGroup) Name ¶
func (f *LicenseFlagGroup) Name() string
func (*LicenseFlagGroup) ToOptions ¶
func (f *LicenseFlagGroup) ToOptions() LicenseOptions
type LicenseOptions ¶
type MisconfFlagGroup ¶
type MisconfFlagGroup struct { IncludeNonFailures *Flag ResetPolicyBundle *Flag PolicyBundleRepository *Flag // Values Files HelmValues *Flag HelmValueFiles *Flag HelmFileValues *Flag HelmStringValues *Flag TerraformTFVars *Flag TerraformExcludeDownloaded *Flag }
MisconfFlagGroup composes common printer flag structs used for commands providing misconfinguration scanning.
func NewMisconfFlagGroup ¶
func NewMisconfFlagGroup() *MisconfFlagGroup
func (*MisconfFlagGroup) Flags ¶
func (f *MisconfFlagGroup) Flags() []*Flag
func (*MisconfFlagGroup) Name ¶
func (f *MisconfFlagGroup) Name() string
func (*MisconfFlagGroup) ToOptions ¶
func (f *MisconfFlagGroup) ToOptions() (MisconfOptions, error)
type MisconfOptions ¶
type ModuleFlagGroup ¶
ModuleFlagGroup defines flags for modules
func NewModuleFlagGroup ¶
func NewModuleFlagGroup() *ModuleFlagGroup
func (*ModuleFlagGroup) Flags ¶
func (f *ModuleFlagGroup) Flags() []*Flag
func (*ModuleFlagGroup) Name ¶
func (f *ModuleFlagGroup) Name() string
func (*ModuleFlagGroup) ToOptions ¶
func (f *ModuleFlagGroup) ToOptions() ModuleOptions
type ModuleOptions ¶
type Options ¶
type Options struct { GlobalOptions AWSOptions CacheOptions CloudOptions DBOptions ImageOptions K8sOptions LicenseOptions MisconfOptions ModuleOptions RegistryOptions RegoOptions RemoteOptions RepoOptions ReportOptions SBOMOptions ScanOptions SecretOptions VulnerabilityOptions // Vul's version, not populated via CLI flags AppVersion string // We don't want to allow disabled analyzers to be passed by users, but it is necessary for internal use. DisabledAnalyzers []analyzer.Type }
Options holds all the runtime configuration
func (*Options) FilterOpts ¶
func (o *Options) FilterOpts() result.FilterOption
FilterOpts returns options for filtering
func (*Options) OutputWriter ¶
func (o *Options) OutputWriter() (io.WriteCloser, error)
OutputWriter returns an output writer. If the output file is not specified, it returns os.Stdout.
func (*Options) RegistryOpts ¶
func (o *Options) RegistryOpts() ftypes.RegistryOptions
RegistryOpts returns options for OCI registries
type RedisOptions ¶
RedisOptions holds the options for redis cache
type RegistryFlagGroup ¶
func NewRegistryFlagGroup ¶
func NewRegistryFlagGroup() *RegistryFlagGroup
func (*RegistryFlagGroup) Flags ¶
func (f *RegistryFlagGroup) Flags() []*Flag
func (*RegistryFlagGroup) Name ¶
func (f *RegistryFlagGroup) Name() string
func (*RegistryFlagGroup) ToOptions ¶
func (f *RegistryFlagGroup) ToOptions() (RegistryOptions, error)
type RegistryOptions ¶
type RegistryOptions struct { Credentials []types.Credential RegistryToken string }
type RegoFlagGroup ¶
type RegoFlagGroup struct { SkipPolicyUpdate *Flag Trace *Flag PolicyPaths *Flag DataPaths *Flag PolicyNamespaces *Flag }
RegoFlagGroup composes common printer flag structs used for commands providing misconfinguration scanning.
func NewRegoFlagGroup ¶
func NewRegoFlagGroup() *RegoFlagGroup
func (*RegoFlagGroup) Flags ¶
func (f *RegoFlagGroup) Flags() []*Flag
func (*RegoFlagGroup) Name ¶
func (f *RegoFlagGroup) Name() string
func (*RegoFlagGroup) ToOptions ¶
func (f *RegoFlagGroup) ToOptions() (RegoOptions, error)
type RegoOptions ¶
type RemoteFlagGroup ¶
type RemoteFlagGroup struct { // for client/server Token *Flag TokenHeader *Flag // for client ServerAddr *Flag CustomHeaders *Flag // for server Listen *Flag }
RemoteFlagGroup composes common printer flag structs used for commands requiring reporting logic.
func NewClientFlags ¶
func NewClientFlags() *RemoteFlagGroup
func NewServerFlags ¶
func NewServerFlags() *RemoteFlagGroup
func (*RemoteFlagGroup) Flags ¶
func (f *RemoteFlagGroup) Flags() []*Flag
func (*RemoteFlagGroup) Name ¶
func (f *RemoteFlagGroup) Name() string
func (*RemoteFlagGroup) ToOptions ¶
func (f *RemoteFlagGroup) ToOptions() RemoteOptions
type RemoteOptions ¶
type RepoFlagGroup ¶
func NewRepoFlagGroup ¶
func NewRepoFlagGroup() *RepoFlagGroup
func (*RepoFlagGroup) Flags ¶
func (f *RepoFlagGroup) Flags() []*Flag
func (*RepoFlagGroup) Name ¶
func (f *RepoFlagGroup) Name() string
func (*RepoFlagGroup) ToOptions ¶
func (f *RepoFlagGroup) ToOptions() RepoOptions
type RepoOptions ¶
type ReportFlagGroup ¶
type ReportFlagGroup struct { Format *Flag ReportFormat *Flag Template *Flag DependencyTree *Flag ListAllPkgs *Flag IgnoreFile *Flag IgnorePolicy *Flag ExitCode *Flag ExitOnEOL *Flag Output *Flag Severity *Flag Compliance *Flag }
ReportFlagGroup composes common printer flag structs used for commands requiring reporting logic.
func NewReportFlagGroup ¶
func NewReportFlagGroup() *ReportFlagGroup
func (*ReportFlagGroup) Flags ¶
func (f *ReportFlagGroup) Flags() []*Flag
func (*ReportFlagGroup) Name ¶
func (f *ReportFlagGroup) Name() string
func (*ReportFlagGroup) ToOptions ¶
func (f *ReportFlagGroup) ToOptions() (ReportOptions, error)
type ReportOptions ¶
type SBOMFlagGroup ¶
type SBOMFlagGroup struct { ArtifactType *Flag // deprecated SBOMFormat *Flag // deprecated VEXPath *Flag }
func NewSBOMFlagGroup ¶
func NewSBOMFlagGroup() *SBOMFlagGroup
func (*SBOMFlagGroup) Flags ¶
func (f *SBOMFlagGroup) Flags() []*Flag
func (*SBOMFlagGroup) Name ¶
func (f *SBOMFlagGroup) Name() string
func (*SBOMFlagGroup) ToOptions ¶
func (f *SBOMFlagGroup) ToOptions() (SBOMOptions, error)
type SBOMOptions ¶
type SBOMOptions struct {
VEXPath string
}
type ScanFlagGroup ¶
type ScanFlagGroup struct { SkipDirs *Flag SkipFiles *Flag OfflineScan *Flag Scanners *Flag FilePatterns *Flag Slow *Flag SBOMSources *Flag RekorURL *Flag IncludeDevDeps *Flag }
func NewScanFlagGroup ¶
func NewScanFlagGroup() *ScanFlagGroup
func (*ScanFlagGroup) Flags ¶
func (f *ScanFlagGroup) Flags() []*Flag
func (*ScanFlagGroup) Name ¶
func (f *ScanFlagGroup) Name() string
func (*ScanFlagGroup) ToOptions ¶
func (f *ScanFlagGroup) ToOptions(args []string) (ScanOptions, error)
type ScanOptions ¶
type SecretFlagGroup ¶
type SecretFlagGroup struct {
SecretConfig *Flag
}
func NewSecretFlagGroup ¶
func NewSecretFlagGroup() *SecretFlagGroup
func (*SecretFlagGroup) Flags ¶
func (f *SecretFlagGroup) Flags() []*Flag
func (*SecretFlagGroup) Name ¶
func (f *SecretFlagGroup) Name() string
func (*SecretFlagGroup) ToOptions ¶
func (f *SecretFlagGroup) ToOptions() SecretOptions
type SecretOptions ¶
type SecretOptions struct {
SecretConfigPath string
}
type VulnerabilityFlagGroup ¶
func NewVulnerabilityFlagGroup ¶
func NewVulnerabilityFlagGroup() *VulnerabilityFlagGroup
func (*VulnerabilityFlagGroup) Flags ¶
func (f *VulnerabilityFlagGroup) Flags() []*Flag
func (*VulnerabilityFlagGroup) Name ¶
func (f *VulnerabilityFlagGroup) Name() string
func (*VulnerabilityFlagGroup) ToOptions ¶
func (f *VulnerabilityFlagGroup) ToOptions() VulnerabilityOptions
type VulnerabilityOptions ¶
Source Files ¶
- aws_flags.go
- cache_flags.go
- cloud_flags.go
- db_flags.go
- global_flags.go
- image_flags.go
- kubernetes_flags.go
- license_flags.go
- misconf_flags.go
- module_flags.go
- options.go
- registry_flags.go
- rego_flags.go
- remote_flags.go
- repo.go
- report_flags.go
- sbom_flags.go
- scan_flags.go
- secret_flags.go
- value.go
- vulnerability_flags.go