Filesystem

  1. NAME:
  2.    trivy filesystem - scan local filesystem
  4. USAGE:
  5.    trivy filesystem [command options] dir
  7. OPTIONS:
  8.    --template value, -t value                     output template [$TRIVY_TEMPLATE]
  9.    --format value, -f value                       format (table, json, template) (default: "table") [$TRIVY_FORMAT]
  10.    --severity value, -s value                     severities of vulnerabilities to be displayed (comma separated) (default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL") [$TRIVY_SEVERITY]
  11.    --output value, -o value                       output file name [$TRIVY_OUTPUT]
  12.    --exit-code value                              Exit code when vulnerabilities were found (default: 0) [$TRIVY_EXIT_CODE]
  13.    --skip-db-update, --skip-update                skip updating vulnerability database (default: false) [$TRIVY_SKIP_UPDATE, $TRIVY_SKIP_DB_UPDATE]
  14.    --skip-policy-update                           skip updating built-in policies (default: false) [$TRIVY_SKIP_POLICY_UPDATE]
  15.    --clear-cache, -c                              clear image caches without scanning (default: false) [$TRIVY_CLEAR_CACHE]
  16.    --ignore-unfixed                               display only fixed vulnerabilities (default: false) [$TRIVY_IGNORE_UNFIXED]
  17.    --vuln-type value                              comma-separated list of vulnerability types (os,library) (default: "os,library") [$TRIVY_VULN_TYPE]
  18.    --security-checks value                        comma-separated list of what security issues to detect (vuln,config) (default: "vuln") [$TRIVY_SECURITY_CHECKS]
  19.    --ignorefile value                             specify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]
  20.    --cache-backend value                          cache backend (e.g. redis://localhost:6379) (default: "fs") [$TRIVY_CACHE_BACKEND]
  21.    --timeout value                                timeout (default: 5m0s) [$TRIVY_TIMEOUT]
  22.    --no-progress                                  suppress progress bar (default: false) [$TRIVY_NO_PROGRESS]
  23.    --ignore-policy value                          specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
  24.    --list-all-pkgs                                enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
  25.    --offline-scan                                 do not issue API requests to identify dependencies (default: false) [$TRIVY_OFFLINE_SCAN]
  26.    --skip-files value                             specify the file paths to skip traversal [$TRIVY_SKIP_FILES]
  27.    --skip-dirs value                              specify the directories where the traversal is skipped [$TRIVY_SKIP_DIRS]
  28.    --config-policy value                          specify paths to the Rego policy files directory, applying config files [$TRIVY_CONFIG_POLICY]
  29.    --config-data value                            specify paths from which data for the Rego policies will be recursively loaded [$TRIVY_CONFIG_DATA]
  30.    --policy-namespaces value, --namespaces value  Rego namespaces (default: "users") [$TRIVY_POLICY_NAMESPACES]
  31.    --help, -h                                     show help (default: false)