trivy image <image_name>

Scan an image

Arguments

NameDescription
image_name

Subcommands

NameDescription
--template, -tOutput template [$TRIVY_TEMPLATE]
--format, -fFormat (table, json, sarif, template) (default: "table") [$TRIVY_FORMAT]
--severity, -sSeverities of vulnerabilities to be displayed (comma separated) (default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL") [$TRIVY_SEVERITY]
--output, -oOutput file name [$TRIVY_OUTPUT]
--exit-codeExit code when vulnerabilities were found (default: 0) [$TRIVY_EXIT_CODE]
--clear-cache, -cClear image caches without scanning [$TRIVY_CLEAR_CACHE]
--vuln-typeComma-separated list of vulnerability types (os,library) (default: "os,library") [$TRIVY_VULN_TYPE]
--security-checksComma-separated list of what security issues to detect (vuln,config) (default: "vuln") [$TRIVY_SECURITY_CHECKS]
--ignorefileSpecify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]]
--timeoutTimeout (default: 5m0s) [$TRIVY_TIMEOUT]
--ignore-policySpecify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
--list-all-pkgsEnabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
--cache-backendCache backend (e.g. redis://localhost:6379) (default: "fs") [$TRIVY_CACHE_BACKEND]
--no-progressSuppress progress bar [$TRIVY_NO_PROGRESS]
--offline-scanDo not issue API requests to identify dependencies [$TRIVY_OFFLINE_SCAN]
--skip-filesSpecify the file paths to skip traversal [$TRIVY_SKIP_FILES]
--skip-dirsAllow insecure server connections when using SSL [$TRIVY_INSECURE]
--skip-db-update, --skip-updateSkip updating vulnerability database [$TRIVY_SKIP_UPDATE, $TRIVY_SKIP_DB_UPDATE]
--removed-pkgsDetect vulnerabilities of removed packages (default: false) [$TRIVY_REMOVED_PKGS]
--input, -iInput file path instead of image name [$TRIVY_INPUT]
--download-db-onlyDownload/update vulnerability database but don't run a scan [$TRIVY_DOWNLOAD_DB_ONLY]
--resetRemove all caches and database [$TRIVY_RESET]
--ignore-unfixedDisplay only fixed vulnerabilities [$TRIVY_IGNORE_UNFIXED]
--lightDeprecated [$TRIVY_LIGHT]
--insecureAllow insecure server connections when using SSL [$TRIVY_INSECURE]