Documentation ¶
Index ¶
- Constants
- Variables
- type AWSFlagGroup
- type AWSOptions
- type Alias
- type CacheFlagGroup
- type CacheOptions
- type CleanFlagGroup
- type CleanOptions
- type DBFlagGroup
- type DBOptions
- type Flag
- func (f *Flag[T]) Add(cmd *cobra.Command)
- func (f *Flag[T]) Bind(cmd *cobra.Command) error
- func (f *Flag[T]) BindEnv() error
- func (f *Flag[T]) Clone() *Flag[T]
- func (f *Flag[T]) GetAliases() []Alias
- func (f *Flag[T]) GetConfigName() string
- func (f *Flag[T]) GetDefaultValue() any
- func (f *Flag[T]) GetName() string
- func (f *Flag[T]) Hidden() bool
- func (f *Flag[T]) Parse() error
- func (f *Flag[T]) Value() (t T)
- type FlagGroup
- type FlagType
- type Flagger
- type Flags
- type GlobalFlagGroup
- type GlobalOptions
- type ImageFlagGroup
- type ImageOptions
- type K8sFlagGroup
- type K8sOptions
- type LicenseFlagGroup
- type LicenseOptions
- type MisconfFlagGroup
- type MisconfOptions
- type ModuleFlagGroup
- type ModuleOptions
- type Options
- func (o *Options) Align(f *Flags) error
- func (o *Options) CacheOpts() cache.Options
- func (o *Options) ClientScannerOpts() client.ScannerOption
- func (o *Options) FilterOpts() result.FilterOptions
- func (o *Options) OutputWriter(ctx context.Context) (io.Writer, func() error, error)
- func (o *Options) RegistryOpts() ftypes.RegistryOptions
- func (o *Options) RemoteCacheOpts() cache.RemoteOptions
- func (o *Options) SetOutputWriter(w io.Writer)
- type PackageFlagGroup
- type PackageOptions
- type RegistryFlagGroup
- type RegistryOptions
- type RegoFlagGroup
- type RegoOptions
- type RemoteFlagGroup
- type RemoteOptions
- type RepoFlagGroup
- type RepoOptions
- type ReportFlagGroup
- type ReportOptions
- type ScanFlagGroup
- type ScanOptions
- type SecretFlagGroup
- type SecretOptions
- type VulnerabilityFlagGroup
- type VulnerabilityOptions
Constants ¶
const (
DefaultTokenHeader = "Tunnel-Token"
)
Variables ¶
var ( // Deprecated ClearCacheFlag = Flag[bool]{ Name: "clear-cache", ConfigName: "cache.clear", Usage: "clear image caches without scanning", Removed: `Use "tunnel clean --scan-cache" instead`, } CacheBackendFlag = Flag[string]{ Name: "cache-backend", ConfigName: "cache.backend", Default: "fs", Usage: "[EXPERIMENTAL] cache backend (e.g. redis://localhost:6379)", } CacheTTLFlag = Flag[time.Duration]{ Name: "cache-ttl", ConfigName: "cache.ttl", Usage: "cache TTL when using redis as cache backend", } RedisTLSFlag = Flag[bool]{ Name: "redis-tls", ConfigName: "cache.redis.tls", Usage: "enable redis TLS with public certificates, if using redis as cache backend", } RedisCACertFlag = Flag[string]{ Name: "redis-ca", ConfigName: "cache.redis.ca", Usage: "redis ca file location, if using redis as cache backend", } RedisCertFlag = Flag[string]{ Name: "redis-cert", ConfigName: "cache.redis.cert", Usage: "redis certificate file location, if using redis as cache backend", } RedisKeyFlag = Flag[string]{ Name: "redis-key", ConfigName: "cache.redis.key", Usage: "redis key file location, if using redis as cache backend", } )
e.g. config yaml:
cache: clear: true backend: "redis://localhost:6379" redis: ca: ca-cert.pem cert: cert.pem key: key.pem
var ( CleanAll = Flag[bool]{ Name: "all", Shorthand: "a", ConfigName: "clean.all", Usage: "remove all caches", } CleanScanCache = Flag[bool]{ Name: "scan-cache", ConfigName: "clean.scan-cache", Usage: "remove scan cache (container and VM image analysis results)", } CleanVulnerabilityDB = Flag[bool]{ Name: "vuln-db", ConfigName: "clean.vuln-db", Usage: "remove vulnerability database", } CleanJavaDB = Flag[bool]{ Name: "java-db", ConfigName: "clean.java-db", Usage: "remove Java database", } CleanChecksBundle = Flag[bool]{ Name: "checks-bundle", ConfigName: "clean.checks-bundle", Usage: "remove checks bundle", } CleanVEXRepo = Flag[bool]{ Name: "vex-repo", ConfigName: "clean.vex-repo", Usage: "remove VEX repositories", } )
var ( // Deprecated ResetFlag = Flag[bool]{ Name: "reset", ConfigName: "reset", Usage: "remove all caches and database", Removed: `Use "tunnel clean --all" instead.`, } DownloadDBOnlyFlag = Flag[bool]{ Name: "download-db-only", ConfigName: "db.download-only", Usage: "download/update vulnerability database but don't run a scan", } SkipDBUpdateFlag = Flag[bool]{ Name: "skip-db-update", ConfigName: "db.skip-update", Usage: "skip updating vulnerability database", Aliases: []Alias{ { Name: "skip-update", Deprecated: true, }, }, } DownloadJavaDBOnlyFlag = Flag[bool]{ Name: "download-java-db-only", ConfigName: "db.download-java-only", Usage: "download/update Java index database but don't run a scan", } SkipJavaDBUpdateFlag = Flag[bool]{ Name: "skip-java-db-update", ConfigName: "db.java-skip-update", Usage: "skip updating Java index database", } NoProgressFlag = Flag[bool]{ Name: "no-progress", ConfigName: "db.no-progress", Usage: "suppress progress bar", } DBRepositoryFlag = Flag[[]string]{ Name: "db-repository", ConfigName: "db.repository", Default: []string{db.DefaultGCRRepository, db.DefaultGHCRRepository}, Usage: "OCI repository(ies) to retrieve tunnel-db in order of priority", } JavaDBRepositoryFlag = Flag[[]string]{ Name: "java-db-repository", ConfigName: "db.java-repository", Default: []string{javadb.DefaultGCRRepository, javadb.DefaultGHCRRepository}, Usage: "OCI repository(ies) to retrieve tunnel-java-db in order of priority", } LightFlag = Flag[bool]{ Name: "light", ConfigName: "db.light", Usage: "deprecated", Deprecated: `This flag is ignored.`, } )
var ( ConfigFileFlag = Flag[string]{ Name: "config", ConfigName: "config", Shorthand: "c", Default: "tunnel.yaml", Usage: "config path", Persistent: true, } ShowVersionFlag = Flag[bool]{ Name: "version", ConfigName: "version", Shorthand: "v", Usage: "show version", Persistent: true, } QuietFlag = Flag[bool]{ Name: "quiet", ConfigName: "quiet", Shorthand: "q", Usage: "suppress progress bar and log output", Persistent: true, } DebugFlag = Flag[bool]{ Name: "debug", ConfigName: "debug", Shorthand: "d", Usage: "debug mode", Persistent: true, } InsecureFlag = Flag[bool]{ Name: "insecure", ConfigName: "insecure", Usage: "allow insecure server connections", Persistent: true, } TimeoutFlag = Flag[time.Duration]{ Name: "timeout", ConfigName: "timeout", Default: time.Second * 300, Usage: "timeout", Persistent: true, } CacheDirFlag = Flag[string]{ Name: "cache-dir", ConfigName: "cache.dir", Default: cache.DefaultDir(), Usage: "cache directory", Persistent: true, } GenerateDefaultConfigFlag = Flag[bool]{ Name: "generate-default-config", ConfigName: "generate-default-config", Usage: "write the default config to tunnel-default.yaml", Persistent: true, } )
var ( ImageConfigScannersFlag = Flag[[]string]{ Name: "image-config-scanners", ConfigName: "image.image-config-scanners", Values: xstrings.ToStringSlice(types.Scanners{ types.MisconfigScanner, types.SecretScanner, }), Usage: "comma-separated list of what security issues to detect on container image configurations", } ScanRemovedPkgsFlag = Flag[bool]{ Name: "removed-pkgs", ConfigName: "image.removed-pkgs", Usage: "detect vulnerabilities of removed packages (only for Alpine)", } InputFlag = Flag[string]{ Name: "input", ConfigName: "image.input", Usage: "input file path instead of image name", } PlatformFlag = Flag[string]{ Name: "platform", ConfigName: "image.platform", Usage: "set platform in the form os/arch if image is multi-platform capable", } DockerHostFlag = Flag[string]{ Name: "docker-host", ConfigName: "image.docker.host", Default: "", Usage: "unix domain socket path to use for docker scanning", } PodmanHostFlag = Flag[string]{ Name: "podman-host", ConfigName: "image.podman.host", Default: "", Usage: "unix podman socket path to use for podman scanning", } SourceFlag = Flag[[]string]{ Name: "image-src", ConfigName: "image.source", Default: xstrings.ToStringSlice(ftypes.AllImageSources), Values: xstrings.ToStringSlice(ftypes.AllImageSources), Usage: "image source(s) to use, in priority order", } )
var ( KubeConfigFlag = Flag[string]{ Name: "kubeconfig", ConfigName: "kubernetes.kubeconfig", Usage: "specify the kubeconfig file path to use", } K8sVersionFlag = Flag[string]{ Name: "k8s-version", ConfigName: "kubernetes.k8s-version", Usage: "specify k8s version to validate outdated api by it (example: 1.21.0)", } TolerationsFlag = Flag[[]string]{ Name: "tolerations", ConfigName: "kubernetes.tolerations", Usage: "specify node-collector job tolerations (example: key1=value1:NoExecute,key2=value2:NoSchedule)", } DisableNodeCollector = Flag[bool]{ Name: "disable-node-collector", ConfigName: "kubernetes.disableNodeCollector", Usage: "When the flag is activated, the node-collector job will not be executed, thus skipping misconfiguration findings on the node.", } NodeCollectorNamespace = Flag[string]{ Name: "node-collector-namespace", ConfigName: "kubernetes.node-collector.namespace", Default: "tunnel-temp", Usage: "specify the namespace in which the node-collector job should be deployed", } NodeCollectorImageRef = Flag[string]{ Name: "node-collector-imageref", ConfigName: "kubernetes.node-collector.imageref", Default: "ghcr.io/khulnasoft/node-collector:0.3.1", Usage: "indicate the image reference for the node-collector scan job", } ExcludeOwned = Flag[bool]{ Name: "exclude-owned", ConfigName: "kubernetes.exclude.owned", Usage: "exclude resources that have an owner reference", } SkipImages = Flag[bool]{ Name: "skip-images", ConfigName: "kubernetes.skipImages", Usage: "skip the downloading and scanning of images (vulnerabilities and secrets) in the cluster resources", } ExcludeNodes = Flag[[]string]{ Name: "exclude-nodes", ConfigName: "kubernetes.exclude.nodes", Usage: "indicate the node labels that the node-collector job should exclude from scanning (example: kubernetes.io/arch:arm64,team:dev)", } ExcludeKinds = Flag[[]string]{ Name: "exclude-kinds", ConfigName: "kubernetes.excludeKinds", Usage: "indicate the kinds exclude from scanning (example: node)", } IncludeKinds = Flag[[]string]{ Name: "include-kinds", ConfigName: "kubernetes.includeKinds", Usage: "indicate the kinds included in scanning (example: node)", } ExcludeNamespaces = Flag[[]string]{ Name: "exclude-namespaces", ConfigName: "kubernetes.excludeNamespaces", Usage: "indicate the namespaces excluded from scanning (example: kube-system)", } IncludeNamespaces = Flag[[]string]{ Name: "include-namespaces", ConfigName: "kubernetes.includeNamespaces", Usage: "indicate the namespaces included in scanning (example: kube-system)", } QPS = Flag[float64]{ Name: "qps", ConfigName: "kubernetes.qps", Default: 5.0, Usage: "specify the maximum QPS to the master from this client", } Burst = Flag[int]{ Name: "burst", ConfigName: "kubernetes.burst", Default: 10, Usage: "specify the maximum burst for throttle", } )
var ( LicenseFull = Flag[bool]{ Name: "license-full", ConfigName: "license.full", Usage: "eagerly look for licenses in source code headers and license files", } IgnoredLicenses = Flag[[]string]{ Name: "ignored-licenses", ConfigName: "license.ignored", Usage: "specify a list of license to ignore", } LicenseConfidenceLevel = Flag[float64]{ Name: "license-confidence-level", ConfigName: "license.confidenceLevel", Default: 0.9, Usage: "specify license classifier's confidence level", } // LicenseForbidden is an option only in a config file LicenseForbidden = Flag[[]string]{ ConfigName: "license.forbidden", Default: expression.ForbiddenLicenses, Usage: "forbidden licenses", } // LicenseRestricted is an option only in a config file LicenseRestricted = Flag[[]string]{ ConfigName: "license.restricted", Default: expression.RestrictedLicenses, Usage: "restricted licenses", } // LicenseReciprocal is an option only in a config file LicenseReciprocal = Flag[[]string]{ ConfigName: "license.reciprocal", Default: expression.ReciprocalLicenses, Usage: "reciprocal licenses", } // LicenseNotice is an option only in a config file LicenseNotice = Flag[[]string]{ ConfigName: "license.notice", Default: expression.NoticeLicenses, Usage: "notice licenses", } // LicensePermissive is an option only in a config file LicensePermissive = Flag[[]string]{ ConfigName: "license.permissive", Default: expression.PermissiveLicenses, Usage: "permissive licenses", } // LicenseUnencumbered is an option only in a config file LicenseUnencumbered = Flag[[]string]{ ConfigName: "license.unencumbered", Default: expression.UnencumberedLicenses, Usage: "unencumbered licenses", } )
var ( // Deprecated ResetChecksBundleFlag = Flag[bool]{ Name: "reset-checks-bundle", ConfigName: "misconfiguration.reset-checks-bundle", Usage: "remove checks bundle", Removed: `Use "tunnel clean --checks-bundle" instead`, Aliases: []Alias{ { Name: "reset-policy-bundle", ConfigName: "misconfiguration.reset-policy-bundle", Deprecated: true, }, }, } IncludeNonFailuresFlag = Flag[bool]{ Name: "include-non-failures", ConfigName: "misconfiguration.include-non-failures", Usage: "include successes, available with '--scanners misconfig'", } HelmValuesFileFlag = Flag[[]string]{ Name: "helm-values", ConfigName: "misconfiguration.helm.values", Usage: "specify paths to override the Helm values.yaml files", } HelmSetFlag = Flag[[]string]{ Name: "helm-set", ConfigName: "misconfiguration.helm.set", Usage: "specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)", } HelmSetFileFlag = Flag[[]string]{ Name: "helm-set-file", ConfigName: "misconfiguration.helm.set-file", Usage: "specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)", } HelmSetStringFlag = Flag[[]string]{ Name: "helm-set-string", ConfigName: "misconfiguration.helm.set-string", Usage: "specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)", } HelmAPIVersionsFlag = Flag[[]string]{ Name: "helm-api-versions", ConfigName: "misconfiguration.helm.api-versions", Usage: "Available API versions used for Capabilities.APIVersions. This flag is the same as the api-versions flag of the helm template command. (can specify multiple or separate values with commas: policy/v1/PodDisruptionBudget,apps/v1/Deployment)", } HelmKubeVersionFlag = Flag[string]{ Name: "helm-kube-version", ConfigName: "misconfiguration.helm.kube-version", Usage: "Kubernetes version used for Capabilities.KubeVersion. This flag is the same as the kube-version flag of the helm template command.", } TfVarsFlag = Flag[[]string]{ Name: "tf-vars", ConfigName: "misconfiguration.terraform.vars", Usage: "specify paths to override the Terraform tfvars files", } CfParamsFlag = Flag[[]string]{ Name: "cf-params", ConfigName: "misconfiguration.cloudformation.params", Default: []string{}, Usage: "specify paths to override the CloudFormation parameters files", } TerraformExcludeDownloaded = Flag[bool]{ Name: "tf-exclude-downloaded-modules", ConfigName: "misconfiguration.terraform.exclude-downloaded-modules", Usage: "exclude misconfigurations for downloaded terraform modules", } ChecksBundleRepositoryFlag = Flag[string]{ Name: "checks-bundle-repository", ConfigName: "misconfiguration.checks-bundle-repository", Default: fmt.Sprintf("%s:%d", policy.BundleRepository, policy.BundleVersion), Usage: "OCI registry URL to retrieve checks bundle from", Aliases: []Alias{ { Name: "policy-bundle-repository", ConfigName: "misconfiguration.policy-bundle-repository", Deprecated: true, }, }, } MisconfigScannersFlag = Flag[[]string]{ Name: "misconfig-scanners", ConfigName: "misconfiguration.scanners", Default: xstrings.ToStringSlice( lo.Without(analyzer.TypeConfigFiles, analyzer.TypeYAML, analyzer.TypeJSON), ), Usage: "comma-separated list of misconfig scanners to use for misconfiguration scanning", } ConfigFileSchemasFlag = Flag[[]string]{ Name: "config-file-schemas", ConfigName: "misconfiguration.config-file-schemas", Usage: "specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking", } )
e.g. config yaml:
misconfiguration: trace: true config-policy: "custom-policy/policy" policy-namespaces: "user"
var ( ModuleDirFlag = Flag[string]{ Name: "module-dir", ConfigName: "module.dir", Default: module.DefaultDir, Usage: "specify directory to the wasm modules that will be loaded", Persistent: true, } EnableModulesFlag = Flag[[]string]{ Name: "enable-modules", ConfigName: "module.enable-modules", Default: []string{}, Usage: "[EXPERIMENTAL] module names to enable", Persistent: true, } )
var ( IncludeDevDepsFlag = Flag[bool]{ Name: "include-dev-deps", ConfigName: "pkg.include-dev-deps", Usage: "include development dependencies in the report (supported: npm, yarn)", } PkgTypesFlag = Flag[[]string]{ Name: "pkg-types", ConfigName: "pkg.types", Default: types.PkgTypes, Values: types.PkgTypes, Usage: "list of package types", Aliases: []Alias{ { Name: "vuln-type", ConfigName: "vulnerability.type", Deprecated: true, }, }, } PkgRelationshipsFlag = Flag[[]string]{ Name: "pkg-relationships", ConfigName: "pkg.relationships", Default: xstrings.ToStringSlice(ftypes.Relationships), Values: xstrings.ToStringSlice(ftypes.Relationships), Usage: "list of package relationships", } )
var ( UsernameFlag = Flag[[]string]{ Name: "username", ConfigName: "registry.username", Usage: "username. Comma-separated usernames allowed.", } PasswordFlag = Flag[[]string]{ Name: "password", ConfigName: "registry.password", Usage: "password. Comma-separated passwords allowed. TUNNEL_PASSWORD should be used for security reasons.", } PasswordStdinFlag = Flag[bool]{ Name: "password-stdin", ConfigName: "registry.password-stdin", Usage: "password from stdin. Comma-separated passwords are not supported.", } RegistryTokenFlag = Flag[string]{ Name: "registry-token", ConfigName: "registry.token", Usage: "registry token", } )
var ( IncludeDeprecatedChecksFlag = Flag[bool]{ Name: "include-deprecated-checks", ConfigName: "rego.include-deprecated-checks", Usage: "include deprecated checks", } SkipCheckUpdateFlag = Flag[bool]{ Name: "skip-check-update", ConfigName: "rego.skip-check-update", Usage: "skip fetching rego check updates", Aliases: []Alias{ { Name: "skip-policy-update", ConfigName: "rego.skip-policy-update", Deprecated: true, }, }, } TraceFlag = Flag[bool]{ Name: "trace", ConfigName: "rego.trace", Usage: "enable more verbose trace output for custom queries", } ConfigCheckFlag = Flag[[]string]{ Name: "config-check", ConfigName: "rego.check", Usage: "specify the paths to the Rego check files or to the directories containing them, applying config files", Aliases: []Alias{ {Name: "policy", Deprecated: true}, {Name: "config-policy", Deprecated: true}, }, } ConfigDataFlag = Flag[[]string]{ Name: "config-data", ConfigName: "rego.data", Usage: "specify paths from which data for the Rego checks will be recursively loaded", Aliases: []Alias{ {Name: "data"}, }, } CheckNamespaceFlag = Flag[[]string]{ Name: "check-namespaces", ConfigName: "rego.namespaces", Usage: "Rego namespaces", Aliases: []Alias{ {Name: "namespaces"}, {Name: "policy-namespaces", Deprecated: true}, }, } )
e.g. config yaml:
rego: trace: true config-policy: "custom-policy/policy" policy-namespaces: "user"
var ( ServerTokenFlag = Flag[string]{ Name: "token", ConfigName: "server.token", Usage: "for authentication in client/server mode", } ServerTokenHeaderFlag = Flag[string]{ Name: "token-header", ConfigName: "server.token-header", Default: DefaultTokenHeader, Usage: "specify a header name for token in client/server mode", } ServerAddrFlag = Flag[string]{ Name: "server", ConfigName: "server.addr", Usage: "server address in client mode", } ServerCustomHeadersFlag = Flag[[]string]{ Name: "custom-headers", ConfigName: "server.custom-headers", Usage: "custom headers in client mode", } ServerListenFlag = Flag[string]{ Name: "listen", ConfigName: "server.listen", Default: "localhost:4954", Usage: "listen address in server mode", } ServerPathPrefixFlag = Flag[string]{ Name: "path-prefix", ConfigName: "server.path-prefix", Usage: "prefix for the server endpoint", Internal: true, } )
var ( FetchBranchFlag = Flag[string]{ Name: "branch", ConfigName: "repository.branch", Usage: "pass the branch name to be scanned", } FetchCommitFlag = Flag[string]{ Name: "commit", ConfigName: "repository.commit", Usage: "pass the commit hash to be scanned", } FetchTagFlag = Flag[string]{ Name: "tag", ConfigName: "repository.tag", Usage: "pass the tag name to be scanned", } )
var ( FormatFlag = Flag[string]{ Name: "format", ConfigName: "format", Shorthand: "f", Default: string(types.FormatTable), Values: xstrings.ToStringSlice(types.SupportedFormats), Usage: "format", } ReportFormatFlag = Flag[string]{ Name: "report", ConfigName: "report", Default: "all", Values: []string{ "all", "summary", }, Usage: "specify a report format for the output", } TemplateFlag = Flag[string]{ Name: "template", ConfigName: "template", Shorthand: "t", Usage: "output template", } DependencyTreeFlag = Flag[bool]{ Name: "dependency-tree", ConfigName: "dependency-tree", Usage: "[EXPERIMENTAL] show dependency origin tree of vulnerable packages", } ListAllPkgsFlag = Flag[bool]{ Name: "list-all-pkgs", ConfigName: "list-all-pkgs", Usage: "output all packages in the JSON report regardless of vulnerability", } IgnoreFileFlag = Flag[string]{ Name: "ignorefile", ConfigName: "ignorefile", Default: result.DefaultIgnoreFile, Usage: "specify .tunnelignore file", } IgnorePolicyFlag = Flag[string]{ Name: "ignore-policy", ConfigName: "ignore-policy", Usage: "specify the Rego file path to evaluate each vulnerability", } ExitCodeFlag = Flag[int]{ Name: "exit-code", ConfigName: "exit-code", Usage: "specify exit code when any security issues are found", } ExitOnEOLFlag = Flag[int]{ Name: "exit-on-eol", ConfigName: "exit-on-eol", Usage: "exit with the specified code when the OS reaches end of service/life", } OutputFlag = Flag[string]{ Name: "output", ConfigName: "output", Shorthand: "o", Usage: "output file name", } OutputPluginArgFlag = Flag[string]{ Name: "output-plugin-arg", ConfigName: "output-plugin-arg", Usage: "[EXPERIMENTAL] output plugin arguments", } SeverityFlag = Flag[[]string]{ Name: "severity", ConfigName: "severity", Shorthand: "s", Default: dbTypes.SeverityNames, Values: dbTypes.SeverityNames, Usage: "severities of security issues to be displayed", } ComplianceFlag = Flag[string]{ Name: "compliance", ConfigName: "scan.compliance", Usage: "compliance report to generate", } ShowSuppressedFlag = Flag[bool]{ Name: "show-suppressed", ConfigName: "scan.show-suppressed", Usage: "[EXPERIMENTAL] show suppressed vulnerabilities", } )
e.g. config yaml:
format: table dependency-tree: true severity: HIGH,CRITICAL
var ( SkipDirsFlag = Flag[[]string]{ Name: "skip-dirs", ConfigName: "scan.skip-dirs", Usage: "specify the directories or glob patterns to skip", } SkipFilesFlag = Flag[[]string]{ Name: "skip-files", ConfigName: "scan.skip-files", Default: []string{}, Usage: "specify the files or glob patterns to skip", } OfflineScanFlag = Flag[bool]{ Name: "offline-scan", ConfigName: "scan.offline", Usage: "do not issue API requests to identify dependencies", } ScannersFlag = Flag[[]string]{ Name: "scanners", ConfigName: "scan.scanners", Default: xstrings.ToStringSlice(types.Scanners{ types.VulnerabilityScanner, types.SecretScanner, }), Values: xstrings.ToStringSlice(types.Scanners{ types.VulnerabilityScanner, types.MisconfigScanner, types.SecretScanner, types.LicenseScanner, }), ValueNormalize: func(ss []string) []string { return lo.Map(ss, func(s string, _ int) string { switch s { case "vulnerability": return string(types.VulnerabilityScanner) case "misconf", "misconfiguration": return string(types.MisconfigScanner) case "config": log.Warn("'--scanners config' is deprecated. Use '--scanners misconfig' instead. See https://github.com/khulnasoft/tunnel/discussions/5586 for the detail.") return string(types.MisconfigScanner) } return s }) }, Aliases: []Alias{ { Name: "security-checks", ConfigName: "scan.security-checks", Deprecated: true, }, }, Usage: "comma-separated list of what security issues to detect", } FilePatternsFlag = Flag[[]string]{ Name: "file-patterns", ConfigName: "scan.file-patterns", Usage: "specify config file patterns", } SlowFlag = Flag[bool]{ Name: "slow", ConfigName: "scan.slow", Default: false, Usage: "scan over time with lower CPU and memory utilization", Deprecated: `Use "--parallel 1" instead.`, } ParallelFlag = Flag[int]{ Name: "parallel", ConfigName: "scan.parallel", Default: 5, Usage: "number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism", } SBOMSourcesFlag = Flag[[]string]{ Name: "sbom-sources", ConfigName: "scan.sbom-sources", Values: []string{ "oci", "rekor", }, Usage: "[EXPERIMENTAL] try to retrieve SBOM from the specified sources", } RekorURLFlag = Flag[string]{ Name: "rekor-url", ConfigName: "scan.rekor-url", Default: "https://rekor.sigstore.dev", Usage: "[EXPERIMENTAL] address of rekor STL server", } DetectionPriority = Flag[string]{ Name: "detection-priority", ConfigName: "scan.detection-priority", Default: string(ftypes.PriorityPrecise), Values: xstrings.ToStringSlice([]ftypes.DetectionPriority{ ftypes.PriorityPrecise, ftypes.PriorityComprehensive, }), Usage: `specify the detection priority: - "precise": Prioritizes precise by minimizing false positives. - "comprehensive": Aims to detect more security findings at the cost of potential false positives. `, } )
var ( IgnoreUnfixedFlag = Flag[bool]{ Name: "ignore-unfixed", ConfigName: "vulnerability.ignore-unfixed", Usage: "display only fixed vulnerabilities", } IgnoreStatusFlag = Flag[[]string]{ Name: "ignore-status", ConfigName: "vulnerability.ignore-status", Values: dbTypes.Statuses, Usage: "comma-separated list of vulnerability status to ignore", } VEXFlag = Flag[[]string]{ Name: "vex", ConfigName: "vulnerability.vex", Usage: `[EXPERIMENTAL] VEX sources ("repo", "oci" or file path)`, } SkipVEXRepoUpdateFlag = Flag[bool]{ Name: "skip-vex-repo-update", ConfigName: "vulnerability.skip-vex-repo-update", Usage: `[EXPERIMENTAL] Skip VEX Repository update`, } )
var (
SecretConfigFlag = Flag[string]{
Name: "secret-config",
ConfigName: "secret.config",
Default: "tunnel-secret.yaml",
Usage: "specify a path to config file for secret scanning",
}
)
Functions ¶
This section is empty.
Types ¶
type AWSFlagGroup ¶
type AWSFlagGroup struct { Region *Flag[string] Endpoint *Flag[string] Services *Flag[[]string] SkipServices *Flag[[]string] Account *Flag[string] ARN *Flag[string] }
func NewAWSFlagGroup ¶
func NewAWSFlagGroup() *AWSFlagGroup
func (*AWSFlagGroup) Flags ¶
func (f *AWSFlagGroup) Flags() []Flagger
func (*AWSFlagGroup) Name ¶
func (f *AWSFlagGroup) Name() string
func (*AWSFlagGroup) ToOptions ¶
func (f *AWSFlagGroup) ToOptions() (AWSOptions, error)
type AWSOptions ¶
type CacheFlagGroup ¶
type CacheFlagGroup struct { ClearCache *Flag[bool] CacheBackend *Flag[string] CacheTTL *Flag[time.Duration] RedisTLS *Flag[bool] RedisCACert *Flag[string] RedisCert *Flag[string] RedisKey *Flag[string] }
CacheFlagGroup composes common printer flag structs used for commands requiring cache logic.
func NewCacheFlagGroup ¶
func NewCacheFlagGroup() *CacheFlagGroup
NewCacheFlagGroup returns a default CacheFlagGroup
func (*CacheFlagGroup) Flags ¶
func (fg *CacheFlagGroup) Flags() []Flagger
func (*CacheFlagGroup) Name ¶
func (fg *CacheFlagGroup) Name() string
func (*CacheFlagGroup) ToOptions ¶
func (fg *CacheFlagGroup) ToOptions() (CacheOptions, error)
type CacheOptions ¶
type CleanFlagGroup ¶
type CleanFlagGroup struct { CleanAll *Flag[bool] CleanScanCache *Flag[bool] CleanVulnerabilityDB *Flag[bool] CleanJavaDB *Flag[bool] CleanChecksBundle *Flag[bool] CleanVEXRepositories *Flag[bool] }
func NewCleanFlagGroup ¶
func NewCleanFlagGroup() *CleanFlagGroup
func (*CleanFlagGroup) Flags ¶
func (fg *CleanFlagGroup) Flags() []Flagger
func (*CleanFlagGroup) Name ¶
func (fg *CleanFlagGroup) Name() string
func (*CleanFlagGroup) ToOptions ¶
func (fg *CleanFlagGroup) ToOptions() (CleanOptions, error)
type CleanOptions ¶
type DBFlagGroup ¶
type DBFlagGroup struct { Reset *Flag[bool] DownloadDBOnly *Flag[bool] SkipDBUpdate *Flag[bool] DownloadJavaDBOnly *Flag[bool] SkipJavaDBUpdate *Flag[bool] NoProgress *Flag[bool] DBRepositories *Flag[[]string] JavaDBRepositories *Flag[[]string] Light *Flag[bool] // deprecated }
DBFlagGroup composes common printer flag structs used for commands requiring DB logic.
func NewDBFlagGroup ¶
func NewDBFlagGroup() *DBFlagGroup
NewDBFlagGroup returns a default DBFlagGroup
func (*DBFlagGroup) Flags ¶
func (f *DBFlagGroup) Flags() []Flagger
func (*DBFlagGroup) Name ¶
func (f *DBFlagGroup) Name() string
func (*DBFlagGroup) ToOptions ¶
func (f *DBFlagGroup) ToOptions() (DBOptions, error)
type Flag ¶
type Flag[T FlagType] struct { // Name is for CLI flag and environment variable. // If this field is empty, it will be available only in config file. Name string // ConfigName is a key in config file. It is also used as a key of viper. ConfigName string // Shorthand is a shorthand letter. Shorthand string // Default is the default value. It should be defined when the value is different from the zero value. Default T // Values is a list of allowed values. // It currently supports string flags and string slice flags only. Values []string // ValueNormalize is a function to normalize the value. // It can be used for aliases, etc. ValueNormalize func(T) T // Usage explains how to use the flag. Usage string // Persistent represents if the flag is persistent. Persistent bool // Deprecated represents if the flag is deprecated. // It shows a warning message when the flag is used. Deprecated string // Removed represents if the flag is removed and no longer works. // It shows an error message when the flag is used. Removed string // Internal represents if the flag is for internal use only. // It is not shown in the usage message. Internal bool // Aliases represents aliases Aliases []Alias // contains filtered or unexported fields }
func (*Flag[T]) GetAliases ¶
func (*Flag[T]) GetConfigName ¶
func (*Flag[T]) GetDefaultValue ¶
type Flags ¶
type Flags struct { GlobalFlagGroup *GlobalFlagGroup AWSFlagGroup *AWSFlagGroup CacheFlagGroup *CacheFlagGroup CleanFlagGroup *CleanFlagGroup DBFlagGroup *DBFlagGroup ImageFlagGroup *ImageFlagGroup K8sFlagGroup *K8sFlagGroup LicenseFlagGroup *LicenseFlagGroup MisconfFlagGroup *MisconfFlagGroup ModuleFlagGroup *ModuleFlagGroup PackageFlagGroup *PackageFlagGroup RemoteFlagGroup *RemoteFlagGroup RegistryFlagGroup *RegistryFlagGroup RegoFlagGroup *RegoFlagGroup RepoFlagGroup *RepoFlagGroup ReportFlagGroup *ReportFlagGroup ScanFlagGroup *ScanFlagGroup SecretFlagGroup *SecretFlagGroup VulnerabilityFlagGroup *VulnerabilityFlagGroup }
type GlobalFlagGroup ¶
type GlobalFlagGroup struct { ConfigFile *Flag[string] ShowVersion *Flag[bool] // spf13/cobra can't override the logic of version printing like VersionPrinter in urfave/cli. -v needs to be defined ourselves. Quiet *Flag[bool] Debug *Flag[bool] Insecure *Flag[bool] Timeout *Flag[time.Duration] CacheDir *Flag[string] GenerateDefaultConfig *Flag[bool] }
GlobalFlagGroup composes global flags
func NewGlobalFlagGroup ¶
func NewGlobalFlagGroup() *GlobalFlagGroup
func (*GlobalFlagGroup) AddFlags ¶
func (f *GlobalFlagGroup) AddFlags(cmd *cobra.Command)
func (*GlobalFlagGroup) Flags ¶
func (f *GlobalFlagGroup) Flags() []Flagger
func (*GlobalFlagGroup) Name ¶
func (f *GlobalFlagGroup) Name() string
func (*GlobalFlagGroup) ToOptions ¶
func (f *GlobalFlagGroup) ToOptions() (GlobalOptions, error)
type GlobalOptions ¶
type GlobalOptions struct { ConfigFile string ShowVersion bool Quiet bool Debug bool Insecure bool Timeout time.Duration CacheDir string GenerateDefaultConfig bool }
GlobalOptions defines flags and other configuration parameters for all the subcommands
type ImageFlagGroup ¶
type ImageFlagGroup struct { Input *Flag[string] // local image archive ImageConfigScanners *Flag[[]string] ScanRemovedPkgs *Flag[bool] Platform *Flag[string] DockerHost *Flag[string] PodmanHost *Flag[string] ImageSources *Flag[[]string] }
func NewImageFlagGroup ¶
func NewImageFlagGroup() *ImageFlagGroup
func (*ImageFlagGroup) Flags ¶
func (f *ImageFlagGroup) Flags() []Flagger
func (*ImageFlagGroup) Name ¶
func (f *ImageFlagGroup) Name() string
func (*ImageFlagGroup) ToOptions ¶
func (f *ImageFlagGroup) ToOptions() (ImageOptions, error)
type ImageOptions ¶
type K8sFlagGroup ¶
type K8sFlagGroup struct { KubeConfig *Flag[string] K8sVersion *Flag[string] Tolerations *Flag[[]string] DisableNodeCollector *Flag[bool] NodeCollectorImageRef *Flag[string] NodeCollectorNamespace *Flag[string] ExcludeOwned *Flag[bool] SkipImages *Flag[bool] ExcludeNodes *Flag[[]string] ExcludeKinds *Flag[[]string] IncludeKinds *Flag[[]string] ExcludeNamespaces *Flag[[]string] IncludeNamespaces *Flag[[]string] QPS *Flag[float64] Burst *Flag[int] }
func NewK8sFlagGroup ¶
func NewK8sFlagGroup() *K8sFlagGroup
func (*K8sFlagGroup) Flags ¶
func (f *K8sFlagGroup) Flags() []Flagger
func (*K8sFlagGroup) Name ¶
func (f *K8sFlagGroup) Name() string
func (*K8sFlagGroup) ToOptions ¶
func (f *K8sFlagGroup) ToOptions() (K8sOptions, error)
type K8sOptions ¶
type K8sOptions struct { KubeConfig string K8sVersion string Tolerations []corev1.Toleration NodeCollectorImageRef string NodeCollectorNamespace string ExcludeOwned bool DisableNodeCollector bool ExcludeNodes map[string]string ExcludeKinds []string IncludeKinds []string ExcludeNamespaces []string IncludeNamespaces []string QPS float32 SkipImages bool Burst int }
type LicenseFlagGroup ¶
type LicenseFlagGroup struct { LicenseFull *Flag[bool] IgnoredLicenses *Flag[[]string] LicenseConfidenceLevel *Flag[float64] // License Categories LicenseForbidden *Flag[[]string] // mapped to CRITICAL LicenseRestricted *Flag[[]string] // mapped to HIGH LicenseReciprocal *Flag[[]string] // mapped to MEDIUM LicenseNotice *Flag[[]string] // mapped to LOW LicensePermissive *Flag[[]string] // mapped to LOW LicenseUnencumbered *Flag[[]string] // mapped to LOW }
func NewLicenseFlagGroup ¶
func NewLicenseFlagGroup() *LicenseFlagGroup
func (*LicenseFlagGroup) Flags ¶
func (f *LicenseFlagGroup) Flags() []Flagger
func (*LicenseFlagGroup) Name ¶
func (f *LicenseFlagGroup) Name() string
func (*LicenseFlagGroup) ToOptions ¶
func (f *LicenseFlagGroup) ToOptions() (LicenseOptions, error)
type LicenseOptions ¶
type MisconfFlagGroup ¶
type MisconfFlagGroup struct { IncludeNonFailures *Flag[bool] ResetChecksBundle *Flag[bool] ChecksBundleRepository *Flag[string] // Values Files HelmValues *Flag[[]string] HelmValueFiles *Flag[[]string] HelmFileValues *Flag[[]string] HelmStringValues *Flag[[]string] HelmAPIVersions *Flag[[]string] HelmKubeVersion *Flag[string] TerraformTFVars *Flag[[]string] CloudformationParamVars *Flag[[]string] TerraformExcludeDownloaded *Flag[bool] MisconfigScanners *Flag[[]string] ConfigFileSchemas *Flag[[]string] }
MisconfFlagGroup composes common printer flag structs used for commands providing misconfiguration scanning.
func NewMisconfFlagGroup ¶
func NewMisconfFlagGroup() *MisconfFlagGroup
func (*MisconfFlagGroup) Flags ¶
func (f *MisconfFlagGroup) Flags() []Flagger
func (*MisconfFlagGroup) Name ¶
func (f *MisconfFlagGroup) Name() string
func (*MisconfFlagGroup) ToOptions ¶
func (f *MisconfFlagGroup) ToOptions() (MisconfOptions, error)
type MisconfOptions ¶
type MisconfOptions struct { IncludeNonFailures bool ResetChecksBundle bool ChecksBundleRepository string // Values Files HelmValues []string HelmValueFiles []string HelmFileValues []string HelmStringValues []string HelmAPIVersions []string HelmKubeVersion string TerraformTFVars []string CloudFormationParamVars []string TfExcludeDownloaded bool MisconfigScanners []analyzer.Type ConfigFileSchemas []string }
type ModuleFlagGroup ¶
ModuleFlagGroup defines flags for modules
func NewModuleFlagGroup ¶
func NewModuleFlagGroup() *ModuleFlagGroup
func (*ModuleFlagGroup) Flags ¶
func (f *ModuleFlagGroup) Flags() []Flagger
func (*ModuleFlagGroup) Name ¶
func (f *ModuleFlagGroup) Name() string
func (*ModuleFlagGroup) ToOptions ¶
func (f *ModuleFlagGroup) ToOptions() (ModuleOptions, error)
type ModuleOptions ¶
type Options ¶
type Options struct { GlobalOptions AWSOptions CacheOptions CleanOptions DBOptions ImageOptions K8sOptions LicenseOptions MisconfOptions ModuleOptions PackageOptions RegistryOptions RegoOptions RemoteOptions RepoOptions ReportOptions ScanOptions SecretOptions VulnerabilityOptions // Tunnel's version, not populated via CLI flags AppVersion string // We don't want to allow disabled analyzers to be passed by users, but it is necessary for internal use. DisabledAnalyzers []analyzer.Type // contains filtered or unexported fields }
Options holds all the runtime configuration
func (*Options) ClientScannerOpts ¶
func (o *Options) ClientScannerOpts() client.ScannerOption
func (*Options) FilterOpts ¶
func (o *Options) FilterOpts() result.FilterOptions
FilterOpts returns options for filtering
func (*Options) OutputWriter ¶
OutputWriter returns an output writer. If the output file is not specified, it returns os.Stdout.
func (*Options) RegistryOpts ¶
func (o *Options) RegistryOpts() ftypes.RegistryOptions
RegistryOpts returns options for OCI registries
func (*Options) RemoteCacheOpts ¶
func (o *Options) RemoteCacheOpts() cache.RemoteOptions
RemoteCacheOpts returns options for remote scan cache
func (*Options) SetOutputWriter ¶
SetOutputWriter sets an output writer.
type PackageFlagGroup ¶
type PackageFlagGroup struct { IncludeDevDeps *Flag[bool] PkgTypes *Flag[[]string] PkgRelationships *Flag[[]string] }
PackageFlagGroup composes common package flag structs. These flags affect both SBOM and vulnerability scanning.
func NewPackageFlagGroup ¶
func NewPackageFlagGroup() *PackageFlagGroup
func (*PackageFlagGroup) Flags ¶
func (f *PackageFlagGroup) Flags() []Flagger
func (*PackageFlagGroup) Name ¶
func (f *PackageFlagGroup) Name() string
func (*PackageFlagGroup) ToOptions ¶
func (f *PackageFlagGroup) ToOptions() (PackageOptions, error)
type PackageOptions ¶
type PackageOptions struct { IncludeDevDeps bool PkgTypes []string PkgRelationships []ftypes.Relationship }
type RegistryFlagGroup ¶
type RegistryFlagGroup struct { Username *Flag[[]string] Password *Flag[[]string] PasswordStdin *Flag[bool] RegistryToken *Flag[string] }
func NewRegistryFlagGroup ¶
func NewRegistryFlagGroup() *RegistryFlagGroup
func (*RegistryFlagGroup) Flags ¶
func (f *RegistryFlagGroup) Flags() []Flagger
func (*RegistryFlagGroup) Name ¶
func (f *RegistryFlagGroup) Name() string
func (*RegistryFlagGroup) ToOptions ¶
func (f *RegistryFlagGroup) ToOptions() (RegistryOptions, error)
type RegistryOptions ¶
type RegistryOptions struct { Credentials []types.Credential RegistryToken string }
type RegoFlagGroup ¶
type RegoFlagGroup struct { IncludeDeprecatedChecks *Flag[bool] SkipCheckUpdate *Flag[bool] Trace *Flag[bool] CheckPaths *Flag[[]string] DataPaths *Flag[[]string] CheckNamespaces *Flag[[]string] }
RegoFlagGroup composes common printer flag structs used for commands providing misconfinguration scanning.
func NewRegoFlagGroup ¶
func NewRegoFlagGroup() *RegoFlagGroup
func (*RegoFlagGroup) Flags ¶
func (f *RegoFlagGroup) Flags() []Flagger
func (*RegoFlagGroup) Name ¶
func (f *RegoFlagGroup) Name() string
func (*RegoFlagGroup) ToOptions ¶
func (f *RegoFlagGroup) ToOptions() (RegoOptions, error)
type RegoOptions ¶
type RemoteFlagGroup ¶
type RemoteFlagGroup struct { // for client/server Token *Flag[string] TokenHeader *Flag[string] PathPrefix *Flag[string] // for client ServerAddr *Flag[string] CustomHeaders *Flag[[]string] // for server Listen *Flag[string] }
RemoteFlagGroup composes common printer flag structs used for commands requiring reporting logic.
func NewClientFlags ¶
func NewClientFlags() *RemoteFlagGroup
func NewServerFlags ¶
func NewServerFlags() *RemoteFlagGroup
func (*RemoteFlagGroup) Flags ¶
func (f *RemoteFlagGroup) Flags() []Flagger
func (*RemoteFlagGroup) Name ¶
func (f *RemoteFlagGroup) Name() string
func (*RemoteFlagGroup) ToOptions ¶
func (f *RemoteFlagGroup) ToOptions() (RemoteOptions, error)
type RemoteOptions ¶
type RepoFlagGroup ¶
func NewRepoFlagGroup ¶
func NewRepoFlagGroup() *RepoFlagGroup
func (*RepoFlagGroup) Flags ¶
func (f *RepoFlagGroup) Flags() []Flagger
func (*RepoFlagGroup) Name ¶
func (f *RepoFlagGroup) Name() string
func (*RepoFlagGroup) ToOptions ¶
func (f *RepoFlagGroup) ToOptions() (RepoOptions, error)
type RepoOptions ¶
type ReportFlagGroup ¶
type ReportFlagGroup struct { Format *Flag[string] ReportFormat *Flag[string] Template *Flag[string] DependencyTree *Flag[bool] ListAllPkgs *Flag[bool] IgnoreFile *Flag[string] IgnorePolicy *Flag[string] ExitCode *Flag[int] ExitOnEOL *Flag[int] Output *Flag[string] OutputPluginArg *Flag[string] Severity *Flag[[]string] Compliance *Flag[string] ShowSuppressed *Flag[bool] }
ReportFlagGroup composes common printer flag structs used for commands requiring reporting logic.
func NewReportFlagGroup ¶
func NewReportFlagGroup() *ReportFlagGroup
func (*ReportFlagGroup) Flags ¶
func (f *ReportFlagGroup) Flags() []Flagger
func (*ReportFlagGroup) Name ¶
func (f *ReportFlagGroup) Name() string
func (*ReportFlagGroup) ToOptions ¶
func (f *ReportFlagGroup) ToOptions() (ReportOptions, error)
type ReportOptions ¶
type ReportOptions struct { Format types.Format ReportFormat string Template string DependencyTree bool ListAllPkgs bool IgnoreFile string ExitCode int ExitOnEOL int IgnorePolicy string Output string OutputPluginArgs []string Severities []dbTypes.Severity Compliance spec.ComplianceSpec ShowSuppressed bool }
type ScanFlagGroup ¶
type ScanFlagGroup struct { SkipDirs *Flag[[]string] SkipFiles *Flag[[]string] OfflineScan *Flag[bool] Scanners *Flag[[]string] FilePatterns *Flag[[]string] Slow *Flag[bool] // deprecated Parallel *Flag[int] SBOMSources *Flag[[]string] RekorURL *Flag[string] DetectionPriority *Flag[string] }
func NewScanFlagGroup ¶
func NewScanFlagGroup() *ScanFlagGroup
func (*ScanFlagGroup) Flags ¶
func (f *ScanFlagGroup) Flags() []Flagger
func (*ScanFlagGroup) Name ¶
func (f *ScanFlagGroup) Name() string
func (*ScanFlagGroup) ToOptions ¶
func (f *ScanFlagGroup) ToOptions(args []string) (ScanOptions, error)
type ScanOptions ¶
type SecretFlagGroup ¶
func NewSecretFlagGroup ¶
func NewSecretFlagGroup() *SecretFlagGroup
func (*SecretFlagGroup) Flags ¶
func (f *SecretFlagGroup) Flags() []Flagger
func (*SecretFlagGroup) Name ¶
func (f *SecretFlagGroup) Name() string
func (*SecretFlagGroup) ToOptions ¶
func (f *SecretFlagGroup) ToOptions() (SecretOptions, error)
type SecretOptions ¶
type SecretOptions struct {
SecretConfigPath string
}
type VulnerabilityFlagGroup ¶
type VulnerabilityFlagGroup struct { IgnoreUnfixed *Flag[bool] IgnoreStatus *Flag[[]string] VEX *Flag[[]string] SkipVEXRepoUpdate *Flag[bool] }
func NewVulnerabilityFlagGroup ¶
func NewVulnerabilityFlagGroup() *VulnerabilityFlagGroup
func (*VulnerabilityFlagGroup) Flags ¶
func (f *VulnerabilityFlagGroup) Flags() []Flagger
func (*VulnerabilityFlagGroup) Name ¶
func (f *VulnerabilityFlagGroup) Name() string
func (*VulnerabilityFlagGroup) ToOptions ¶
func (f *VulnerabilityFlagGroup) ToOptions() (VulnerabilityOptions, error)
Source Files ¶
- aws_flags.go
- cache_flags.go
- clean_flags.go
- db_flags.go
- global_flags.go
- image_flags.go
- kubernetes_flags.go
- license_flags.go
- misconf_flags.go
- module_flags.go
- options.go
- package_flags.go
- registry_flags.go
- rego_flags.go
- remote_flags.go
- repo_flags.go
- report_flags.go
- scan_flags.go
- secret_flags.go
- vulnerability_flags.go