Details

Category: Containers

Publisher: trickest-mhmdiaa

Created Date: 4/28/2022

Container: quay.io/trickest/trivy-image-scan:v0.34.0-patch-3

Source URL: https://github.com/aquasecurity/trivy

Parameters

debug
boolean
Command: --debug - debug mode
quiet
boolean
Command: --quiet - suppress progress bar and log output
reset
boolean
Command: --reset - remove all caches and database
token
string
Command: --token - for authentication in client/server mode
trace
boolean
Command: --trace - enable more verbose trace output for custom queries
config
file
Command: --config - config path (default trivy.yaml)
format
string
Command: --format - format (table, json, sarif, template, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default table)
server
string
Command: --server - server address in client mode
tf-vars
string
Command: --tf-vars - specify paths to override the Terraform tfvars files
timeout
string
Command: --timeout - timeout (default: 5m0s)
helm-set
string
Command: --helm-set - specify Helm values (can separate values with commas: key1=val1,key2=val2)
insecure
boolean
Command: --insecure - allow insecure server connections when using TLS
platform
string
Command: --platform - set platform in the form os/arch if image is multi-platform capable
redis-ca
file
Command: --redis-ca - redis ca file location, if using redis as cache backend
severity
string
Command: --severity - severities of vulnerabilities to be displayed (comma separated) (default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL)
template
file
Command: --template - output template
cache-ttl
string
Command: --cache-ttl - cache TTL when using redis as cache backend
exit-code
string
Command: --exit-code - Exit code when vulnerabilities are found
redis-key
file
Command: --redis-key - redis key file location, if using redis as cache backend
rekor-url
string
Command: --rekor-url - [EXPERIMENTAL] address of rekor STL server (default https://rekor.sigstore.dev)
skip-dirs
string
Command: --skip-dirs - specify the directories where the traversal is skipped
vuln-type
string
Command: --vuln-type - comma-separated list of vulnerability types (os,library)
compliance
string
Command: --compliance - comma-separated list of what compliance reports to generate (nsa)
ignorefile
file
Command: --ignorefile - specify .trivyignore file (default .trivyignore)
image-list
file
required
Command: - List of images line by line to be scanned
redis-cert
file
Command: --redis-cert - redis certificate file location, if using redis as cache backend
skip-files
string
Command: --skip-files - specify the file paths to skip traversal
clear-cache
boolean
Command: --clear-cache - clear image caches without scanning
config-data
folder
Command: --config-data - specify paths from which data for the Rego policies will be recursively loaded
helm-values
file
Command: --helm-values - specify paths to override the Helm values.yaml files
license-full
boolean
Command: --license-full - eagerly look for licenses in source code headers and license files
offline-scan
boolean
Command: --offline-scan - do not issue API requests to identify dependencies
removed-pkgs
boolean
Command: --removed-pkgs - detect vulnerabilities of removed packages (only for Alpine)
sbom-sources
string
Command: --sbom-sources - [EXPERIMENTAL] try to retrieve SBOM from the specified sources (rekor)
token-header
string
Command: --token-header - specify a header name for token in client/server mode (default Trivy-Token)
cache-backend
string
Command: --cache-backend - cache backend (e.g. redis://localhost:6379) (default fs)
config-policy
folder
Command: --config-policy - specify paths to the Rego policy files directory, applying config files
db-repository
string
Command: --db-repository - OCI repository to retrieve trivy-db from (default ghcr.io/aquasecurity/trivy-db)
file-patterns
file
Command: --file-patterns - specify config file patterns
ignore-policy
file
Command: --ignore-policy - specify the Rego file to evaluate each vulnerability
list-all-pkgs
boolean
Command: --list-all-pkgs - enabling the option will output all packages regardless of vulnerability
secret-config
file
Command: --secret-config - specify a path to config file for secret scanning (default trivy-secret.yaml)
show-progress
boolean
Command: --no-progress - suppress progress bar
custom-headers
string
Command: --custom-headers - custom headers in client mode
ignore-unfixed
boolean
Command: --ignore-unfixed - display only fixed vulnerabilities
skip-db-update
boolean
Command: --skip-db-update - skip updating vulnerability database
dependency-tree
boolean
Command: --dependency-tree - [EXPERIMENTAL] show dependency origin tree of vulnerable packages
helm-set-string
string
Command: --helm-set-string - specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
security-checks
string
Command: --security-checks - comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
download-db-only
boolean
Command: --download-db-only - download/update vulnerability database but don't run a scan
ignored-licenses
string
Command: --ignored-licenses - specify a list of license to ignore
policy-namespaces
string
Command: --policy-namespaces - Rego namespaces
username-password
file
required
Command: - Username and password for Docker Hub registry (format username:password)
include-non-failures
boolean
Command: --include-non-failures - include successes and exceptions, available with '--security-checks config'