trivy sbom
Generate SBOM for an artifact
Subcommands
| Name | Description |
|---|---|
--output, -o | Output file name [$TRIVY_OUTPUT] |
--clear-cache, -c | Clear image caches without scanning [$TRIVY_CLEAR_CACHE] |
--ignorefile | Specify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]] |
--timeout | Timeout (default: 5m0s) [$TRIVY_TIMEOUT] |
--severity, -s | Severities of vulnerabilities to be displayed (comma separated) (default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL") [$TRIVY_SEVERITY] |
--offline-scan | Do not issue API requests to identify dependencies [$TRIVY_OFFLINE_SCAN] |
--skip-files | Specify the file paths to skip traversal [$TRIVY_SKIP_FILES] |
--skip-dirs | Allow insecure server connections when using SSL [$TRIVY_INSECURE] |
--artifact-type, --type | Input artifact type (image, fs, repo, archive) (default: "image") [$TRIVY_ARTIFACT_TYPE] |
--sbom-format, --format | SBOM format (cyclonedx) (default: "cyclonedx") [$TRIVY_SBOM_FORMAT] |