Image

  1. NAME:
  2.    trivy image - scan an image
  4. USAGE:
  5.    trivy image [command options] image_name
  7. OPTIONS:
  8.    --template value, -t value  output template [$TRIVY_TEMPLATE]
  9.    --format value, -f value    format (table, json, template) (default: "table") [$TRIVY_FORMAT]
  10.    --input value, -i value     input file path instead of image name [$TRIVY_INPUT]
  11.    --severity value, -s value  severities of vulnerabilities to be displayed (comma separated) (default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL") [$TRIVY_SEVERITY]
  12.    --output value, -o value    output file name [$TRIVY_OUTPUT]
  13.    --exit-code value           Exit code when vulnerabilities were found (default: 0) [$TRIVY_EXIT_CODE]
  14.    --skip-update               skip db update (default: false) [$TRIVY_SKIP_UPDATE]
  15.    --download-db-only          download/update vulnerability database but don't run a scan (default: false) [$TRIVY_DOWNLOAD_DB_ONLY]
  16.    --reset                     remove all caches and database (default: false) [$TRIVY_RESET]
  17.    --clear-cache, -c           clear image caches without scanning (default: false) [$TRIVY_CLEAR_CACHE]
  18.    --no-progress               suppress progress bar (default: false) [$TRIVY_NO_PROGRESS]
  19.    --ignore-unfixed            display only fixed vulnerabilities (default: false) [$TRIVY_IGNORE_UNFIXED]
  20.    --removed-pkgs              detect vulnerabilities of removed packages (only for Alpine) (default: false) [$TRIVY_REMOVED_PKGS]
  21.    --vuln-type value           comma-separated list of vulnerability types (os,library) (default: "os,library") [$TRIVY_VULN_TYPE]
  22.    --ignorefile value          specify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]
  23.    --timeout value             timeout (default: 5m0s) [$TRIVY_TIMEOUT]
  24.    --light                     light mode: it's faster, but vulnerability descriptions and references are not displayed (default: false) [$TRIVY_LIGHT]
  25.    --ignore-policy value       specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
  26.    --list-all-pkgs             enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
  27.    --offline-scan              do not issue API requests to identify dependencies (default: false) [$TRIVY_OFFLINE_SCAN]
  28.    --skip-files value          specify the file path to skip traversal [$TRIVY_SKIP_FILES]
  29.    --skip-dirs value           specify the directory where the traversal is skipped [$TRIVY_SKIP_DIRS]
  30.    --cache-backend value       cache backend (e.g. redis://localhost:6379) (default: "fs") [$TRIVY_CACHE_BACKEND]
  31.    --help, -h                  show help (default: false)