trivy filesystem <path>

Scan local filesystem for language-specific dependencies and config files

Arguments

NameDescription
pathfilepaths

Subcommands

NameDescription
--template, -tOutput template [$TRIVY_TEMPLATE]
--format, -fFormat (table, json, sarif, template) (default: "table") [$TRIVY_FORMAT]
--severity, -sSeverities of vulnerabilities to be displayed (comma separated) (default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL") [$TRIVY_SEVERITY]
--output, -oOutput file name [$TRIVY_OUTPUT]
--exit-codeExit code when vulnerabilities were found (default: 0) [$TRIVY_EXIT_CODE]
--clear-cache, -cClear image caches without scanning [$TRIVY_CLEAR_CACHE]
--vuln-typeComma-separated list of vulnerability types (os,library) (default: "os,library") [$TRIVY_VULN_TYPE]
--security-checksComma-separated list of what security issues to detect (vuln,config) (default: "vuln") [$TRIVY_SECURITY_CHECKS]
--ignorefileSpecify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]]
--timeoutTimeout (default: 5m0s) [$TRIVY_TIMEOUT]
--ignore-policySpecify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
--list-all-pkgsEnabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
--cache-backendCache backend (e.g. redis://localhost:6379) (default: "fs") [$TRIVY_CACHE_BACKEND]
--no-progressSuppress progress bar [$TRIVY_NO_PROGRESS]
--offline-scanDo not issue API requests to identify dependencies [$TRIVY_OFFLINE_SCAN]
--skip-filesSpecify the file paths to skip traversal [$TRIVY_SKIP_FILES]
--skip-dirsAllow insecure server connections when using SSL [$TRIVY_INSECURE]
--skip-policy-updateSkip updating built-in policies [$TRIVY_SKIP_POLICY_UPDATE]
--ignore-unfixedDisplay only fixed vulnerabilities [$TRIVY_IGNORE_UNFIXED]
--config-policySpecify paths to the Rego policy files directory, applying config files [$TRIVY_CONFIG_POLICY]
--config-dataSpecify paths from which data for the Rego policies will be recursively loaded [$TRIVY_CONFIG_DATA]
--policy-namespaces, --namespacesRego namespaces (default: "users") [$TRIVY_POLICY_NAMESPACES]
--skip-db-update, --skip-updateSkip updating vulnerability database [$TRIVY_SKIP_UPDATE, $TRIVY_SKIP_DB_UPDATE]
--serverServer address [$TRIVY_SERVER]
--tokenFor authentication in client/server mode [$TRIVY_TOKEN]
--token-headerSpecify a header name for token in client/server mode (default: "Trivy-Token") [$TRIVY_TOKEN_HEADER]
--custom-headersCustom headers in client/server mode [$TRIVY_CUSTOM_HEADERS]