MCPcopy
hub / github.com/aquasecurity/trivy / NewImageCommand

Function NewImageCommand

pkg/commands/app.go:247–338  ·  view source on GitHub ↗
(globalFlags *flag.GlobalFlagGroup)

Source from the content-addressed store, hash-verified

245}
246
247func NewImageCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
248 reportFlagGroup := flag.NewReportFlagGroup()
249 report := flag.ReportFormatFlag.Clone()
250 report.Default = "summary" // override the default value as the summary is preferred for the compliance report
251 report.Usage = "specify a format for the compliance report." // "--report" works only with "--compliance"
252 reportFlagGroup.ReportFormat = report
253
254 compliance := flag.ComplianceFlag.Clone()
255 compliance.Usage = fmt.Sprintf("%s (built-in compliance's: %s)", compliance.Usage, types.ComplianceDockerCIS160)
256 reportFlagGroup.Compliance = compliance // override usage as the accepted values differ for each subcommand.
257
258 packageFlagGroup := flag.NewPackageFlagGroup()
259 packageFlagGroup.IncludeDevDeps = nil // disable '--include-dev-deps'
260
261 misconfFlagGroup := flag.NewMisconfFlagGroup()
262 misconfFlagGroup.CloudformationParamVars = nil // disable '--cf-params'
263 misconfFlagGroup.TerraformTFVars = nil // disable '--tf-vars'
264
265 imageFlags := flag.Flags{
266 globalFlags,
267 flag.NewCacheFlagGroup(),
268 flag.NewDBFlagGroup(),
269 flag.NewImageFlagGroup(), // container image specific flags
270 flag.NewLicenseFlagGroup(),
271 misconfFlagGroup,
272 flag.NewModuleFlagGroup(),
273 packageFlagGroup,
274 flag.NewClientFlags(),
275 flag.NewRegistryFlagGroup(),
276 flag.NewRegoFlagGroup(),
277 reportFlagGroup,
278 flag.NewScanFlagGroup(),
279 flag.NewSecretFlagGroup(),
280 flag.NewVulnerabilityFlagGroup(),
281 }
282
283 cmd := &cobra.Command{
284 Use: "image [flags] IMAGE_NAME",
285 Aliases: []string{"i"},
286 GroupID: groupScanning,
287 Short: "Scan a container image",
288 Example: ` # Scan a container image
289 $ trivy image python:3.4-alpine
290
291 # Scan a container image from a tar archive
292 $ trivy image --input ruby-3.1.tar
293
294 # Filter by severities
295 $ trivy image --severity HIGH,CRITICAL alpine:3.15
296
297 # Ignore unfixed/unpatched vulnerabilities
298 $ trivy image --ignore-unfixed alpine:3.15
299
300 # Scan a container image in client mode
301 $ trivy image --server http://127.0.0.1:4954 alpine:latest
302
303 # Generate json result
304 $ trivy image --format json --output result.json alpine:3.15

Callers 1

NewAppFunction · 0.85

Calls 15

BindMethod · 0.95
ToOptionsMethod · 0.95
AddFlagsMethod · 0.95
UsagesMethod · 0.95
NewReportFlagGroupFunction · 0.92
NewPackageFlagGroupFunction · 0.92
NewMisconfFlagGroupFunction · 0.92
NewCacheFlagGroupFunction · 0.92
NewDBFlagGroupFunction · 0.92
NewImageFlagGroupFunction · 0.92
NewLicenseFlagGroupFunction · 0.92
NewModuleFlagGroupFunction · 0.92

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…