trivy repository
Scan remote repository
Subcommands
| Name | Description |
|---|---|
--template, -t | Output template [$TRIVY_TEMPLATE] |
--format, -f | Format (table, json, sarif, template) (default: "table") [$TRIVY_FORMAT] |
--severity, -s | Severities of vulnerabilities to be displayed (comma separated) (default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL") [$TRIVY_SEVERITY] |
--output, -o | Output file name [$TRIVY_OUTPUT] |
--exit-code | Exit code when vulnerabilities were found (default: 0) [$TRIVY_EXIT_CODE] |
--clear-cache, -c | Clear image caches without scanning [$TRIVY_CLEAR_CACHE] |
--vuln-type | Comma-separated list of vulnerability types (os,library) (default: "os,library") [$TRIVY_VULN_TYPE] |
--security-checks | Comma-separated list of what security issues to detect (vuln,config) (default: "vuln") [$TRIVY_SECURITY_CHECKS] |
--ignorefile | Specify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]] |
--timeout | Timeout (default: 5m0s) [$TRIVY_TIMEOUT] |
--ignore-policy | Specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY] |
--list-all-pkgs | Enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS] |
--cache-backend | Cache backend (e.g. redis://localhost:6379) (default: "fs") [$TRIVY_CACHE_BACKEND] |
--no-progress | Suppress progress bar [$TRIVY_NO_PROGRESS] |
--offline-scan | Do not issue API requests to identify dependencies [$TRIVY_OFFLINE_SCAN] |
--skip-files | Specify the file paths to skip traversal [$TRIVY_SKIP_FILES] |
--skip-dirs | Allow insecure server connections when using SSL [$TRIVY_INSECURE] |
--skip-policy-update | Skip updating built-in policies [$TRIVY_SKIP_POLICY_UPDATE] |
--skip-db-update, --skip-update | Skip updating vulnerability database [$TRIVY_SKIP_UPDATE, $TRIVY_SKIP_DB_UPDATE] |
--ignore-unfixed | Display only fixed vulnerabilities [$TRIVY_IGNORE_UNFIXED] |
--removed-pkgs | Detect vulnerabilities of removed packages (default: false) [$TRIVY_REMOVED_PKGS] |
--input, -i | Input file path instead of image name [$TRIVY_INPUT] |
--quiet, -q | Suppress progress bar and log output [$TRIVY_QUIET] |
--insecure | Allow insecure server connections when using SSL [$TRIVY_INSECURE] |