trivy filesystem <path>

Scan local filesystem for language-specific dependencies and config files

Arguments

Name	Description
`path`	filepaths

Subcommands

Name	Description
`--template, -t`	Output template [$TRIVY_TEMPLATE]
`--format, -f`	Format (table, json, sarif, template) (default: "table") [$TRIVY_FORMAT]
`--severity, -s`	Severities of vulnerabilities to be displayed (comma separated) (default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL") [$TRIVY_SEVERITY]
`--output, -o`	Output file name [$TRIVY_OUTPUT]
`--exit-code`	Exit code when vulnerabilities were found (default: 0) [$TRIVY_EXIT_CODE]
`--clear-cache, -c`	Clear image caches without scanning [$TRIVY_CLEAR_CACHE]
`--vuln-type`	Comma-separated list of vulnerability types (os,library) (default: "os,library") [$TRIVY_VULN_TYPE]
`--security-checks`	Comma-separated list of what security issues to detect (vuln,config) (default: "vuln") [$TRIVY_SECURITY_CHECKS]
`--ignorefile`	Specify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]]
`--timeout`	Timeout (default: 5m0s) [$TRIVY_TIMEOUT]
`--ignore-policy`	Specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
`--list-all-pkgs`	Enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
`--cache-backend`	Cache backend (e.g. redis://localhost:6379) (default: "fs") [$TRIVY_CACHE_BACKEND]
`--no-progress`	Suppress progress bar [$TRIVY_NO_PROGRESS]
`--offline-scan`	Do not issue API requests to identify dependencies [$TRIVY_OFFLINE_SCAN]
`--skip-files`	Specify the file paths to skip traversal [$TRIVY_SKIP_FILES]
`--skip-dirs`	Allow insecure server connections when using SSL [$TRIVY_INSECURE]
`--skip-policy-update`	Skip updating built-in policies [$TRIVY_SKIP_POLICY_UPDATE]
`--ignore-unfixed`	Display only fixed vulnerabilities [$TRIVY_IGNORE_UNFIXED]
`--config-policy`	Specify paths to the Rego policy files directory, applying config files [$TRIVY_CONFIG_POLICY]
`--config-data`	Specify paths from which data for the Rego policies will be recursively loaded [$TRIVY_CONFIG_DATA]
`--policy-namespaces, --namespaces`	Rego namespaces (default: "users") [$TRIVY_POLICY_NAMESPACES]
`--skip-db-update, --skip-update`	Skip updating vulnerability database [$TRIVY_SKIP_UPDATE, $TRIVY_SKIP_DB_UPDATE]
`--server`	Server address [$TRIVY_SERVER]
`--token`	For authentication in client/server mode [$TRIVY_TOKEN]
`--token-header`	Specify a header name for token in client/server mode (default: "Trivy-Token") [$TRIVY_TOKEN_HEADER]
`--custom-headers`	Custom headers in client/server mode [$TRIVY_CUSTOM_HEADERS]