mirror of https://github.com/docker/docs.git
vendor: github.com/docker/scout-cli v1.3.0
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson
parent
1da0617fa5
commit
32a5565693
|
|
@ -64,7 +64,7 @@ options:
|
||||||
- option: format
|
- option: format
|
||||||
value_type: string
|
value_type: string
|
||||||
default_value: packages
|
default_value: packages
|
||||||
description: "Output format of the generated vulnerability report:\n- packages: default output, plain text with vulnerabilities grouped by packages\n- sarif: json Sarif output\n- spdx: json SPDX output \n- markdown: markdown output (including some html tags like collapsible sections)"
|
description: "Output format of the generated vulnerability report:\n- packages: default output, plain text with vulnerabilities grouped by packages\n- sarif: json Sarif output\n- spdx: json SPDX output \n- markdown: markdown output (including some html tags like collapsible sections)\n- sbom: json SBOM output"
|
||||||
deprecated: false
|
deprecated: false
|
||||||
hidden: false
|
hidden: false
|
||||||
experimental: false
|
experimental: false
|
||||||
|
|
|
||||||
|
|
@ -9,31 +9,31 @@ Display CVEs identified in a software artifact
|
||||||
|
|
||||||
### Options
|
### Options
|
||||||
|
|
||||||
| Name | Type | Default | Description |
|
| Name | Type | Default | Description |
|
||||||
|:-----------------------|:--------------|:-----------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
|:-----------------------|:--------------|:-----------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||||
| `--details` | | | Print details on default text output |
|
| `--details` | | | Print details on default text output |
|
||||||
| `--env` | `string` | | Name of environment |
|
| `--env` | `string` | | Name of environment |
|
||||||
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
|
| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
|
||||||
| `--format` | `string` | `packages` | Output format of the generated vulnerability report:<br>- packages: default output, plain text with vulnerabilities grouped by packages<br>- sarif: json Sarif output<br>- spdx: json SPDX output <br>- markdown: markdown output (including some html tags like collapsible sections)<br> |
|
| `--format` | `string` | `packages` | Output format of the generated vulnerability report:<br>- packages: default output, plain text with vulnerabilities grouped by packages<br>- sarif: json Sarif output<br>- spdx: json SPDX output <br>- markdown: markdown output (including some html tags like collapsible sections)<br>- sbom: json SBOM output<br> |
|
||||||
| `--ignore-base` | | | Filter out CVEs introduced from base image |
|
| `--ignore-base` | | | Filter out CVEs introduced from base image |
|
||||||
| `--locations` | | | Print package locations including file paths and layer diff_id |
|
| `--locations` | | | Print package locations including file paths and layer diff_id |
|
||||||
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
|
| `--multi-stage` | | | Show packages from multi-stage Docker builds |
|
||||||
| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for |
|
| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for |
|
||||||
| `--only-fixed` | | | Filter to fixable CVEs |
|
| `--only-fixed` | | | Filter to fixable CVEs |
|
||||||
| `--only-metric` | `stringSlice` | | Comma separated list of CVSS metrics (like AV:N or PR:L) to filter CVEs by |
|
| `--only-metric` | `stringSlice` | | Comma separated list of CVSS metrics (like AV:N or PR:L) to filter CVEs by |
|
||||||
| `--only-package` | `stringSlice` | | Comma separated regular expressions to filter packages by |
|
| `--only-package` | `stringSlice` | | Comma separated regular expressions to filter packages by |
|
||||||
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
|
| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
|
||||||
| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
|
| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
|
||||||
| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
|
| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
|
||||||
| `--only-unfixed` | | | Filter to unfixed CVEs |
|
| `--only-unfixed` | | | Filter to unfixed CVEs |
|
||||||
| `--only-vex-affected` | | | Filter CVEs by VEX statements with status not affected |
|
| `--only-vex-affected` | | | Filter CVEs by VEX statements with status not affected |
|
||||||
| `--only-vuln-packages` | | | When used with --format=only-packages ignore packages with no vulnerabilities |
|
| `--only-vuln-packages` | | | When used with --format=only-packages ignore packages with no vulnerabilities |
|
||||||
| `--org` | `string` | | Namespace of the Docker organization |
|
| `--org` | `string` | | Namespace of the Docker organization |
|
||||||
| `-o`, `--output` | `string` | | Write the report to a file. |
|
| `-o`, `--output` | `string` | | Write the report to a file. |
|
||||||
| `--platform` | `string` | | Platform of image to analyze |
|
| `--platform` | `string` | | Platform of image to analyze |
|
||||||
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
|
| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
|
||||||
| `--vex-author` | `stringSlice` | | List of VEX statement authors to accept |
|
| `--vex-author` | `stringSlice` | | List of VEX statement authors to accept |
|
||||||
| `--vex-location` | `stringSlice` | | File location of directory or file containing VEX statements |
|
| `--vex-location` | `stringSlice` | | File location of directory or file containing VEX statements |
|
||||||
|
|
||||||
|
|
||||||
<!---MARKER_GEN_END-->
|
<!---MARKER_GEN_END-->
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
# github.com/moby/moby v24.0.8-0.20240109122856-854ca341c0f6+incompatible
|
# github.com/moby/moby v24.0.8-0.20240109122856-854ca341c0f6+incompatible
|
||||||
# github.com/moby/buildkit v0.13.0-beta1.0.20240116143623-28ce478b1fde
|
# github.com/moby/buildkit v0.13.0-beta1.0.20240116143623-28ce478b1fde
|
||||||
# github.com/docker/buildx v0.12.1
|
# github.com/docker/buildx v0.12.1
|
||||||
# github.com/docker/scout-cli v1.2.0
|
# github.com/docker/scout-cli v1.3.0
|
||||||
# github.com/docker/cli v25.0.0-rc.3+incompatible
|
# github.com/docker/cli v25.0.0-rc.3+incompatible
|
||||||
# github.com/docker/compose/v2 v2.24.1
|
# github.com/docker/compose/v2 v2.24.1
|
||||||
|
|
|
||||||
2
go.mod
2
go.mod
|
|
@ -8,7 +8,7 @@ require (
|
||||||
github.com/docker/buildx v0.12.1 // indirect
|
github.com/docker/buildx v0.12.1 // indirect
|
||||||
github.com/docker/cli v25.0.0-rc.3+incompatible // indirect
|
github.com/docker/cli v25.0.0-rc.3+incompatible // indirect
|
||||||
github.com/docker/compose/v2 v2.24.1 // indirect
|
github.com/docker/compose/v2 v2.24.1 // indirect
|
||||||
github.com/docker/scout-cli v1.2.0 // indirect
|
github.com/docker/scout-cli v1.3.0 // indirect
|
||||||
github.com/moby/buildkit v0.13.0-beta1.0.20240116143623-28ce478b1fde // indirect
|
github.com/moby/buildkit v0.13.0-beta1.0.20240116143623-28ce478b1fde // indirect
|
||||||
github.com/moby/moby v24.0.8-0.20240109122856-854ca341c0f6+incompatible // indirect
|
github.com/moby/moby v24.0.8-0.20240109122856-854ca341c0f6+incompatible // indirect
|
||||||
)
|
)
|
||||||
|
|
|
||||||
2
go.sum
2
go.sum
|
|
@ -119,6 +119,8 @@ github.com/docker/scout-cli v1.0.9 h1:P2Rs+HhVOIoSJZ1fcVuSDaxvV/8dCJTFdb3shrQtj5
|
||||||
github.com/docker/scout-cli v1.0.9/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
|
github.com/docker/scout-cli v1.0.9/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
|
||||||
github.com/docker/scout-cli v1.2.0 h1:cjtsf7s2f6NO9OxgXWPW3DGxaTKVU58JKmVtaVMc0RA=
|
github.com/docker/scout-cli v1.2.0 h1:cjtsf7s2f6NO9OxgXWPW3DGxaTKVU58JKmVtaVMc0RA=
|
||||||
github.com/docker/scout-cli v1.2.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
|
github.com/docker/scout-cli v1.2.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
|
||||||
|
github.com/docker/scout-cli v1.3.0 h1:mL9y1yB/DR/dAar71z0w8u8et9o2272Mrjxtb59ds3M=
|
||||||
|
github.com/docker/scout-cli v1.3.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
|
||||||
github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
|
github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
|
||||||
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
|
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
|
||||||
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue