| 60 | } |
| 61 | |
| 62 | func ParseOptions() (*Options, error) { |
| 63 | options := &Options{ |
| 64 | Threads: flag.Int("threads", 0, "Number of concurrent threads (default number of logical CPUs)"), |
| 65 | Debug: flag.Bool("debug", false, "enable debug logs"), |
| 66 | MaximumFileSize: flag.Uint("maximum-file-size", 256, "Maximum file size to process in KB"), |
| 67 | TempDirectory: flag.String("temp-directory", os.TempDir(), "Directory to process and store repositories/matches"), |
| 68 | Local: flag.String("local", "", "Specify local directory (absolute path) which to scan. Scans only given directory recursively."), |
| 69 | HostMountPath: flag.String("host-mount-path", "", "If scanning the host, specify the host mount path for path exclusions to work correctly."), |
| 70 | ConfigPath: flag.String("config-path", "", "yaml config path"), |
| 71 | RulesPath: flag.String("rules-path", "/home/deepfence/usr", "yara rules path"), |
| 72 | FailOnCompileWarning: flag.Bool("fail-warning", false, "fail if compilation warning"), |
| 73 | EnableUpdater: flag.Bool("enable-updater", false, "Download rules at runtime if not present (Default: false)"), |
| 74 | MergeConfigs: flag.Bool("merge-configs", false, "Merge config files specified by --config-path into the default config"), |
| 75 | ImageName: flag.String("image-name", "", "Name of the image along with tag to scan for secrets"), |
| 76 | MultipleMatch: flag.Bool("multi-match", false, "Output multiple matches of same pattern in one file. By default, only one match of a pattern is output for a file for better performance"), |
| 77 | MaxMultiMatch: flag.Uint("max-multi-match", 3, "Maximum number of matches of same pattern in one file. This is used only when multi-match option is enabled."), |
| 78 | MaxSecrets: flag.Uint("max-secrets", 1000, "Maximum number of secrets to find in one container image or file system."), |
| 79 | ContainerID: flag.String("container-id", "", "Id of existing container ID"), |
| 80 | ContainerNS: flag.String("container-ns", "", "Namespace of existing container to scan, empty for docker runtime"), |
| 81 | WorkersPerScan: flag.Int("workers-per-scan", 1, "Number of concurrent workers per scan"), |
| 82 | InactiveThreshold: flag.Int("inactive-threshold", 600, "Threshold for Inactive scan in seconds"), |
| 83 | OutFormat: flag.String("output", TableOutput, "Output format: json or table"), |
| 84 | ConsoleURL: flag.String("console-url", "", "Deepfence Management Console URL"), |
| 85 | ConsolePort: flag.Int("console-port", 443, "Deepfence Management Console Port"), |
| 86 | DeepfenceKey: flag.String("deepfence-key", "", "Deepfence key for auth"), |
| 87 | FailOnCount: flag.Int("fail-on-count", -1, "Exit with status 1 if number of secrets found is >= this value (Default: -1)"), |
| 88 | FailOnHighCount: flag.Int("fail-on-high-count", -1, "Exit with status 1 if number of high secrets found is >= this value (Default: -1)"), |
| 89 | FailOnMediumCount: flag.Int("fail-on-medium-count", -1, "Exit with status 1 if number of medium secrets found is >= this value (Default: -1)"), |
| 90 | FailOnLowCount: flag.Int("fail-on-low-count", -1, "Exit with status 1 if number of low secrets found is >= this value (Default: -1)"), |
| 91 | } |
| 92 | flag.Parse() |
| 93 | return options, nil |
| 94 | } |