github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/flag/scan_flags.go (about) 1 package flag 2 3 import ( 4 "runtime" 5 6 "github.com/devseccon/trivy/pkg/log" 7 "github.com/devseccon/trivy/pkg/types" 8 xstrings "github.com/devseccon/trivy/pkg/x/strings" 9 ) 10 11 var ( 12 SkipDirsFlag = Flag{ 13 Name: "skip-dirs", 14 ConfigName: "scan.skip-dirs", 15 Default: []string{}, 16 Usage: "specify the directories or glob patterns to skip", 17 } 18 SkipFilesFlag = Flag{ 19 Name: "skip-files", 20 ConfigName: "scan.skip-files", 21 Default: []string{}, 22 Usage: "specify the files or glob patterns to skip", 23 } 24 OfflineScanFlag = Flag{ 25 Name: "offline-scan", 26 ConfigName: "scan.offline", 27 Default: false, 28 Usage: "do not issue API requests to identify dependencies", 29 } 30 ScannersFlag = Flag{ 31 Name: "scanners", 32 ConfigName: "scan.scanners", 33 Default: xstrings.ToStringSlice(types.Scanners{ 34 types.VulnerabilityScanner, 35 types.SecretScanner, 36 }), 37 Values: xstrings.ToStringSlice(types.Scanners{ 38 types.VulnerabilityScanner, 39 types.MisconfigScanner, 40 types.SecretScanner, 41 types.LicenseScanner, 42 }), 43 ValueNormalize: func(s string) string { 44 switch s { 45 case "vulnerability": 46 return string(types.VulnerabilityScanner) 47 case "misconf", "misconfiguration": 48 return string(types.MisconfigScanner) 49 case "config": 50 log.Logger.Warn("'--scanner config' is deprecated. Use '--scanner misconfig' instead. See https://github.com/devseccon/trivy/discussions/5586 for the detail.") 51 return string(types.MisconfigScanner) 52 } 53 return s 54 }, 55 Aliases: []Alias{ 56 { 57 Name: "security-checks", 58 ConfigName: "scan.security-checks", 59 Deprecated: true, // --security-checks was renamed to --scanners 60 }, 61 }, 62 Usage: "comma-separated list of what security issues to detect", 63 } 64 FilePatternsFlag = Flag{ 65 Name: "file-patterns", 66 ConfigName: "scan.file-patterns", 67 Default: []string{}, 68 Usage: "specify config file patterns", 69 } 70 SlowFlag = Flag{ 71 Name: "slow", 72 ConfigName: "scan.slow", 73 Default: false, 74 Usage: "scan over time with lower CPU and memory utilization", 75 Deprecated: true, 76 } 77 ParallelFlag = Flag{ 78 Name: "parallel", 79 ConfigName: "scan.parallel", 80 Default: 5, 81 Usage: "number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism", 82 } 83 SBOMSourcesFlag = Flag{ 84 Name: "sbom-sources", 85 ConfigName: "scan.sbom-sources", 86 Default: []string{}, 87 Values: []string{"oci", "rekor"}, 88 Usage: "[EXPERIMENTAL] try to retrieve SBOM from the specified sources", 89 } 90 RekorURLFlag = Flag{ 91 Name: "rekor-url", 92 ConfigName: "scan.rekor-url", 93 Default: "https://rekor.sigstore.dev", 94 Usage: "[EXPERIMENTAL] address of rekor STL server", 95 } 96 IncludeDevDepsFlag = Flag{ 97 Name: "include-dev-deps", 98 ConfigName: "include-dev-deps", 99 Default: false, 100 Usage: "include development dependencies in the report (supported: npm, yarn)", 101 } 102 ) 103 104 type ScanFlagGroup struct { 105 SkipDirs *Flag 106 SkipFiles *Flag 107 OfflineScan *Flag 108 Scanners *Flag 109 FilePatterns *Flag 110 Slow *Flag // deprecated 111 Parallel *Flag 112 SBOMSources *Flag 113 RekorURL *Flag 114 IncludeDevDeps *Flag 115 } 116 117 type ScanOptions struct { 118 Target string 119 SkipDirs []string 120 SkipFiles []string 121 OfflineScan bool 122 Scanners types.Scanners 123 FilePatterns []string 124 Parallel int 125 SBOMSources []string 126 RekorURL string 127 IncludeDevDeps bool 128 } 129 130 func NewScanFlagGroup() *ScanFlagGroup { 131 return &ScanFlagGroup{ 132 SkipDirs: &SkipDirsFlag, 133 SkipFiles: &SkipFilesFlag, 134 OfflineScan: &OfflineScanFlag, 135 Scanners: &ScannersFlag, 136 FilePatterns: &FilePatternsFlag, 137 Parallel: &ParallelFlag, 138 SBOMSources: &SBOMSourcesFlag, 139 RekorURL: &RekorURLFlag, 140 IncludeDevDeps: &IncludeDevDepsFlag, 141 Slow: &SlowFlag, 142 } 143 } 144 145 func (f *ScanFlagGroup) Name() string { 146 return "Scan" 147 } 148 149 func (f *ScanFlagGroup) Flags() []*Flag { 150 return []*Flag{ 151 f.SkipDirs, 152 f.SkipFiles, 153 f.OfflineScan, 154 f.Scanners, 155 f.FilePatterns, 156 f.Slow, 157 f.Parallel, 158 f.SBOMSources, 159 f.RekorURL, 160 f.IncludeDevDeps, 161 } 162 } 163 164 func (f *ScanFlagGroup) ToOptions(args []string) (ScanOptions, error) { 165 var target string 166 if len(args) == 1 { 167 target = args[0] 168 } 169 170 parallel := getInt(f.Parallel) 171 if f.Parallel != nil && parallel == 0 { 172 log.Logger.Infof("Set '--parallel' to the number of CPUs (%d)", runtime.NumCPU()) 173 parallel = runtime.NumCPU() 174 } 175 176 return ScanOptions{ 177 Target: target, 178 SkipDirs: getStringSlice(f.SkipDirs), 179 SkipFiles: getStringSlice(f.SkipFiles), 180 OfflineScan: getBool(f.OfflineScan), 181 Scanners: getUnderlyingStringSlice[types.Scanner](f.Scanners), 182 FilePatterns: getStringSlice(f.FilePatterns), 183 Parallel: parallel, 184 SBOMSources: getStringSlice(f.SBOMSources), 185 RekorURL: getString(f.RekorURL), 186 IncludeDevDeps: getBool(f.IncludeDevDeps), 187 }, nil 188 }