Skip to content

Commit fe400ea

Browse files
knqyf263knqyf263
authored
docs(cli): improve flag value display format (#8560)
Signed-off-by: knqyf263 <[email protected]>
1 parent 1f05b45 commit fe400ea

File tree

10 files changed

+599
-95
lines changed

10 files changed

+599
-95
lines changed

docs/docs/references/configuration/cli/trivy_config.md

Lines changed: 23 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,18 @@ trivy config [flags] DIR
2121
--enable-modules strings [EXPERIMENTAL] module names to enable
2222
--exit-code int specify exit code when any security issues are found
2323
--file-patterns strings specify config file patterns
24-
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
24+
-f, --format string format
25+
Allowed values:
26+
- table
27+
- json
28+
- template
29+
- sarif
30+
- cyclonedx
31+
- spdx
32+
- spdx-json
33+
- github
34+
- cosign-vuln
35+
(default "table")
2536
--helm-api-versions strings Available API versions used for Capabilities.APIVersions. This flag is the same as the api-versions flag of the helm template command. (can specify multiple or separate values with commas: policy/v1/PodDisruptionBudget,apps/v1/Deployment)
2637
--helm-kube-version string Kubernetes version used for Capabilities.KubeVersion. This flag is the same as the kube-version flag of the helm template command.
2738
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
@@ -45,13 +56,20 @@ trivy config [flags] DIR
4556
--redis-key string redis key file location, if using redis as cache backend
4657
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
4758
--registry-token string registry token
48-
--render-cause strings specify configuration types for which the rendered causes will be shown in the table report (terraform)
49-
--report string specify a compliance report format for the output (all,summary) (default "all")
50-
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
59+
--render-cause strings specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform)
60+
--report string specify a compliance report format for the output (allowed values: all,summary) (default "all")
61+
-s, --severity strings severities of security issues to be displayed
62+
Allowed values:
63+
- UNKNOWN
64+
- LOW
65+
- MEDIUM
66+
- HIGH
67+
- CRITICAL
68+
(default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
5169
--skip-check-update skip fetching rego check updates
5270
--skip-dirs strings specify the directories or glob patterns to skip
5371
--skip-files strings specify the files or glob patterns to skip
54-
--table-mode strings [EXPERIMENTAL] tables that will be displayed in 'table' format (summary,detailed) (default [summary,detailed])
72+
--table-mode strings [EXPERIMENTAL] tables that will be displayed in 'table' format (allowed values: summary,detailed) (default [summary,detailed])
5573
-t, --template string output template
5674
--tf-exclude-downloaded-modules exclude misconfigurations for downloaded terraform modules
5775
--tf-vars strings specify paths to override the Terraform tfvars files

docs/docs/references/configuration/cli/trivy_convert.md

Lines changed: 23 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -22,18 +22,36 @@ trivy convert [flags] RESULT_JSON
2222
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
2323
--exit-code int specify exit code when any security issues are found
2424
--exit-on-eol int exit with the specified code when the OS reaches end of service/life
25-
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
25+
-f, --format string format
26+
Allowed values:
27+
- table
28+
- json
29+
- template
30+
- sarif
31+
- cyclonedx
32+
- spdx
33+
- spdx-json
34+
- github
35+
- cosign-vuln
36+
(default "table")
2637
-h, --help help for convert
2738
--ignore-policy string specify the Rego file path to evaluate each vulnerability
2839
--ignorefile string specify .trivyignore file (default ".trivyignore")
2940
--list-all-pkgs output all packages in the JSON report regardless of vulnerability
3041
-o, --output string output file name
3142
--output-plugin-arg string [EXPERIMENTAL] output plugin arguments
32-
--report string specify a report format for the output (all,summary) (default "all")
33-
--scanners strings List of scanners included when generating the json report. Used only for rendering the summary table. (vuln,misconfig,secret,license)
34-
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
43+
--report string specify a report format for the output (allowed values: all,summary) (default "all")
44+
--scanners strings List of scanners included when generating the json report. Used only for rendering the summary table. (allowed values: vuln,misconfig,secret,license)
45+
-s, --severity strings severities of security issues to be displayed
46+
Allowed values:
47+
- UNKNOWN
48+
- LOW
49+
- MEDIUM
50+
- HIGH
51+
- CRITICAL
52+
(default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
3553
--show-suppressed [EXPERIMENTAL] show suppressed vulnerabilities
36-
--table-mode strings [EXPERIMENTAL] tables that will be displayed in 'table' format (summary,detailed) (default [summary,detailed])
54+
--table-mode strings [EXPERIMENTAL] tables that will be displayed in 'table' format (allowed values: summary,detailed) (default [summary,detailed])
3755
-t, --template string output template
3856
```
3957

docs/docs/references/configuration/cli/trivy_filesystem.md

Lines changed: 76 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -34,14 +34,25 @@ trivy filesystem [flags] PATH
3434
--detection-priority string specify the detection priority:
3535
- "precise": Prioritizes precise by minimizing false positives.
3636
- "comprehensive": Aims to detect more security findings at the cost of potential false positives.
37-
(precise,comprehensive) (default "precise")
37+
(allowed values: precise,comprehensive) (default "precise")
3838
--distro string [EXPERIMENTAL] specify a distribution, <family>/<version>
3939
--download-db-only download/update vulnerability database but don't run a scan
4040
--download-java-db-only download/update Java index database but don't run a scan
4141
--enable-modules strings [EXPERIMENTAL] module names to enable
4242
--exit-code int specify exit code when any security issues are found
4343
--file-patterns strings specify config file patterns
44-
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
44+
-f, --format string format
45+
Allowed values:
46+
- table
47+
- json
48+
- template
49+
- sarif
50+
- cyclonedx
51+
- spdx
52+
- spdx-json
53+
- github
54+
- cosign-vuln
55+
(default "table")
4556
--helm-api-versions strings Available API versions used for Capabilities.APIVersions. This flag is the same as the api-versions flag of the helm template command. (can specify multiple or separate values with commas: policy/v1/PodDisruptionBudget,apps/v1/Deployment)
4657
--helm-kube-version string Kubernetes version used for Capabilities.KubeVersion. This flag is the same as the kube-version flag of the helm template command.
4758
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
@@ -50,7 +61,16 @@ trivy filesystem [flags] PATH
5061
--helm-values strings specify paths to override the Helm values.yaml files
5162
-h, --help help for filesystem
5263
--ignore-policy string specify the Rego file path to evaluate each vulnerability
53-
--ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life)
64+
--ignore-status strings comma-separated list of vulnerability status to ignore
65+
Allowed values:
66+
- unknown
67+
- not_affected
68+
- affected
69+
- fixed
70+
- under_investigation
71+
- will_not_fix
72+
- fix_deferred
73+
- end_of_life
5474
--ignore-unfixed display only fixed vulnerabilities
5575
--ignored-licenses strings specify a list of license to ignore
5676
--ignorefile string specify .trivyignore file (default ".trivyignore")
@@ -70,29 +90,43 @@ trivy filesystem [flags] PATH
7090
--parallel int number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
7191
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
7292
--password-stdin password from stdin. Comma-separated passwords are not supported.
73-
--pkg-relationships strings list of package relationships (unknown,root,workspace,direct,indirect) (default [unknown,root,workspace,direct,indirect])
74-
--pkg-types strings list of package types (os,library) (default [os,library])
93+
--pkg-relationships strings list of package relationships
94+
Allowed values:
95+
- unknown
96+
- root
97+
- workspace
98+
- direct
99+
- indirect
100+
(default [unknown,root,workspace,direct,indirect])
101+
--pkg-types strings list of package types (allowed values: os,library) (default [os,library])
75102
--redis-ca string redis ca file location, if using redis as cache backend
76103
--redis-cert string redis certificate file location, if using redis as cache backend
77104
--redis-key string redis key file location, if using redis as cache backend
78105
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
79106
--registry-token string registry token
80107
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
81-
--render-cause strings specify configuration types for which the rendered causes will be shown in the table report (terraform)
82-
--report string specify a compliance report format for the output (all,summary) (default "all")
83-
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
84-
--scanners strings comma-separated list of what security issues to detect (vuln,misconfig,secret,license) (default [vuln,secret])
108+
--render-cause strings specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform)
109+
--report string specify a compliance report format for the output (allowed values: all,summary) (default "all")
110+
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (allowed values: oci,rekor)
111+
--scanners strings comma-separated list of what security issues to detect (allowed values: vuln,misconfig,secret,license) (default [vuln,secret])
85112
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
86113
--server string server address in client mode
87-
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
114+
-s, --severity strings severities of security issues to be displayed
115+
Allowed values:
116+
- UNKNOWN
117+
- LOW
118+
- MEDIUM
119+
- HIGH
120+
- CRITICAL
121+
(default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
88122
--show-suppressed [EXPERIMENTAL] show suppressed vulnerabilities
89123
--skip-check-update skip fetching rego check updates
90124
--skip-db-update skip updating vulnerability database
91125
--skip-dirs strings specify the directories or glob patterns to skip
92126
--skip-files strings specify the files or glob patterns to skip
93127
--skip-java-db-update skip updating Java index database
94128
--skip-vex-repo-update [EXPERIMENTAL] Skip VEX Repository update
95-
--table-mode strings [EXPERIMENTAL] tables that will be displayed in 'table' format (summary,detailed) (default [summary,detailed])
129+
--table-mode strings [EXPERIMENTAL] tables that will be displayed in 'table' format (allowed values: summary,detailed) (default [summary,detailed])
96130
-t, --template string output template
97131
--tf-exclude-downloaded-modules exclude misconfigurations for downloaded terraform modules
98132
--tf-vars strings specify paths to override the Terraform tfvars files
@@ -101,7 +135,37 @@ trivy filesystem [flags] PATH
101135
--trace enable more verbose trace output for custom queries
102136
--username strings username. Comma-separated usernames allowed.
103137
--vex strings [EXPERIMENTAL] VEX sources ("repo", "oci" or file path)
104-
--vuln-severity-source strings order of data sources for selecting vulnerability severity level (nvd,redhat,redhat-oval,debian,ubuntu,alpine,amazon,oracle-oval,suse-cvrf,photon,arch-linux,alma,rocky,cbl-mariner,azure,ruby-advisory-db,php-security-advisories,nodejs-security-wg,ghsa,glad,aqua,osv,k8s,wolfi,chainguard,bitnami,govulndb,auto) (default [auto])
138+
--vuln-severity-source strings order of data sources for selecting vulnerability severity level
139+
Allowed values:
140+
- nvd
141+
- redhat
142+
- redhat-oval
143+
- debian
144+
- ubuntu
145+
- alpine
146+
- amazon
147+
- oracle-oval
148+
- suse-cvrf
149+
- photon
150+
- arch-linux
151+
- alma
152+
- rocky
153+
- cbl-mariner
154+
- azure
155+
- ruby-advisory-db
156+
- php-security-advisories
157+
- nodejs-security-wg
158+
- ghsa
159+
- glad
160+
- aqua
161+
- osv
162+
- k8s
163+
- wolfi
164+
- chainguard
165+
- bitnami
166+
- govulndb
167+
- auto
168+
(default [auto])
105169
```
106170

107171
### Options inherited from parent commands

0 commit comments

Comments
 (0)