(globalFlags *flag.GlobalFlagGroup)
| 245 | } |
| 246 | |
| 247 | func NewImageCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command { |
| 248 | reportFlagGroup := flag.NewReportFlagGroup() |
| 249 | report := flag.ReportFormatFlag.Clone() |
| 250 | report.Default = "summary" // override the default value as the summary is preferred for the compliance report |
| 251 | report.Usage = "specify a format for the compliance report." // "--report" works only with "--compliance" |
| 252 | reportFlagGroup.ReportFormat = report |
| 253 | |
| 254 | compliance := flag.ComplianceFlag.Clone() |
| 255 | compliance.Usage = fmt.Sprintf("%s (built-in compliance's: %s)", compliance.Usage, types.ComplianceDockerCIS160) |
| 256 | reportFlagGroup.Compliance = compliance // override usage as the accepted values differ for each subcommand. |
| 257 | |
| 258 | packageFlagGroup := flag.NewPackageFlagGroup() |
| 259 | packageFlagGroup.IncludeDevDeps = nil // disable '--include-dev-deps' |
| 260 | |
| 261 | misconfFlagGroup := flag.NewMisconfFlagGroup() |
| 262 | misconfFlagGroup.CloudformationParamVars = nil // disable '--cf-params' |
| 263 | misconfFlagGroup.TerraformTFVars = nil // disable '--tf-vars' |
| 264 | |
| 265 | imageFlags := flag.Flags{ |
| 266 | globalFlags, |
| 267 | flag.NewCacheFlagGroup(), |
| 268 | flag.NewDBFlagGroup(), |
| 269 | flag.NewImageFlagGroup(), // container image specific flags |
| 270 | flag.NewLicenseFlagGroup(), |
| 271 | misconfFlagGroup, |
| 272 | flag.NewModuleFlagGroup(), |
| 273 | packageFlagGroup, |
| 274 | flag.NewClientFlags(), |
| 275 | flag.NewRegistryFlagGroup(), |
| 276 | flag.NewRegoFlagGroup(), |
| 277 | reportFlagGroup, |
| 278 | flag.NewScanFlagGroup(), |
| 279 | flag.NewSecretFlagGroup(), |
| 280 | flag.NewVulnerabilityFlagGroup(), |
| 281 | } |
| 282 | |
| 283 | cmd := &cobra.Command{ |
| 284 | Use: "image [flags] IMAGE_NAME", |
| 285 | Aliases: []string{"i"}, |
| 286 | GroupID: groupScanning, |
| 287 | Short: "Scan a container image", |
| 288 | Example: ` # Scan a container image |
| 289 | $ trivy image python:3.4-alpine |
| 290 | |
| 291 | # Scan a container image from a tar archive |
| 292 | $ trivy image --input ruby-3.1.tar |
| 293 | |
| 294 | # Filter by severities |
| 295 | $ trivy image --severity HIGH,CRITICAL alpine:3.15 |
| 296 | |
| 297 | # Ignore unfixed/unpatched vulnerabilities |
| 298 | $ trivy image --ignore-unfixed alpine:3.15 |
| 299 | |
| 300 | # Scan a container image in client mode |
| 301 | $ trivy image --server http://127.0.0.1:4954 alpine:latest |
| 302 | |
| 303 | # Generate json result |
| 304 | $ trivy image --format json --output result.json alpine:3.15 |
no test coverage detected
searching dependent graphs…