trivy-image-scan
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Name:trivy-image-scan
Category:Containers
Publisher:trickest-mhmdiaa
Created:4/28/2022
Container:
quay.io/trickest/trivy-image-scan:v0.34.0-patch-3Output Type:
License:Unknown
Source:View Source
Parameters
--debugdebug mode--quietsuppress progress bar and log output--resetremove all caches and database--tokenfor authentication in client/server mode--traceenable more verbose trace output for custom queries--configconfig path (default trivy.yaml)--formatformat (table, json, sarif, template, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default table)--serverserver address in client mode--tf-varsspecify paths to override the Terraform tfvars files--timeouttimeout (default: 5m0s)--helm-setspecify Helm values (can separate values with commas: key1=val1,key2=val2)--insecureallow insecure server connections when using TLS--platformset platform in the form os/arch if image is multi-platform capable--redis-caredis ca file location, if using redis as cache backend--severityseverities of vulnerabilities to be displayed (comma separated) (default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL)--templateoutput template--cache-ttlcache TTL when using redis as cache backend--exit-codeExit code when vulnerabilities are found--redis-keyredis key file location, if using redis as cache backend--rekor-url[EXPERIMENTAL] address of rekor STL server (default https://rekor.sigstore.dev)--skip-dirsspecify the directories where the traversal is skipped--vuln-typecomma-separated list of vulnerability types (os,library)--compliancecomma-separated list of what compliance reports to generate (nsa)--ignorefilespecify .trivyignore file (default .trivyignore)--redis-certredis certificate file location, if using redis as cache backend--skip-filesspecify the file paths to skip traversal--clear-cacheclear image caches without scanning--config-dataspecify paths from which data for the Rego policies will be recursively loaded--helm-valuesspecify paths to override the Helm values.yaml files--license-fulleagerly look for licenses in source code headers and license files--offline-scando not issue API requests to identify dependencies--removed-pkgsdetect vulnerabilities of removed packages (only for Alpine)--sbom-sources[EXPERIMENTAL] try to retrieve SBOM from the specified sources (rekor)--token-headerspecify a header name for token in client/server mode (default Trivy-Token)--cache-backendcache backend (e.g. redis://localhost:6379) (default fs)--config-policyspecify paths to the Rego policy files directory, applying config files--db-repositoryOCI repository to retrieve trivy-db from (default ghcr.io/aquasecurity/trivy-db)--file-patternsspecify config file patterns--ignore-policyspecify the Rego file to evaluate each vulnerability--list-all-pkgsenabling the option will output all packages regardless of vulnerability--secret-configspecify a path to config file for secret scanning (default trivy-secret.yaml)--no-progresssuppress progress bar--custom-headerscustom headers in client mode--ignore-unfixeddisplay only fixed vulnerabilities--skip-db-updateskip updating vulnerability database--dependency-tree[EXPERIMENTAL] show dependency origin tree of vulnerable packages--helm-set-stringspecify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)--security-checkscomma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])--download-db-onlydownload/update vulnerability database but don't run a scan--ignored-licensesspecify a list of license to ignore--policy-namespacesRego namespaces--include-non-failuresinclude successes and exceptions, available with '--security-checks config'