Details

Category: Containers

Publisher: trickest-mhmdiaa

Created Date: 6/7/2022

Container: quay.io/trickest/trivy-ecr-scan:v0.24.4

Source URL: https://github.com/aquasecurity/trivy

Parameters

light
boolean
Command: --light - deprecated (default: false) [$TRIVY_LIGHT]
format
string
Command: --format - format (table, json, sarif, template) (default: table) [$TRIVY_FORMAT]
timeout
string
Command: --timeout - timeout (default: 5m0s) [$TRIVY_TIMEOUT]
insecure
boolean
Command: --insecure - allow insecure server connections when using SSL (default: false) [$TRIVY_INSECURE]
severity
string
Command: --severity - severities of vulnerabilities to be displayed (comma separated) (default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) [$TRIVY_SEVERITY]
exit-code
string
Command: --exit-code - Exit code when vulnerabilities were found (default: 0) [$TRIVY_EXIT_CODE]
skip-dirs
string
Command: --skip-dirs - specify the directories where the traversal is skipped [$TRIVY_SKIP_DIRS]
vuln-type
string
Command: --vuln-type - comma-separated list of vulnerability types (os,library) (default: os,library) [$TRIVY_VULN_TYPE]
image-list
file
required
Command: - List of images line by line to be scanned
skip-files
string
Command: --skip-files - specify the file paths to skip traversal [$TRIVY_SKIP_FILES]
no-progress
boolean
Command: --no-progress - suppress progress bar (default: false) [$TRIVY_NO_PROGRESS]
removed-pkgs
boolean
Command: --removed-pkgs - detect vulnerabilities of removed packages (only for Alpine) (default: false) [$TRIVY_REMOVED_PKGS]
ignore-policy
file
Command: --ignore-policy - specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
list-all-pkgs
boolean
Command: --list-all-pkgs - enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
ignore-unfixed
boolean
Command: --ignore-unfixed - display only fixed vulnerabilities (default: false) [$TRIVY_IGNORE_UNFIXED]
skip-db-update
boolean
Command: --skip-db-update - skip updating vulnerability database (default: false) [$TRIVY_SKIP_UPDATE, $TRIVY_SKIP_DB_UPDATE]
aws-credentials
file
required
Command: - Credentials to be used to log into ECR. Format: 'AWS_ACCESS_KEY_ID:AWS_SECRET_ACCESS_KEY:AWS_DEFAULT_REGION' (colon-separated)
security-checks
string
Command: --security-checks - comma-separated list of what security issues to detect (vuln,config) (default: vuln) [$TRIVY_SECURITY_CHECKS]