From e38bd7b4324f95d59c06e08dfcff1c14184f6d60 Mon Sep 17 00:00:00 2001 From: afdesk Date: Tue, 30 Jul 2024 15:15:33 +0600 Subject: [PATCH 01/27] feat(docs): add auto-generated config --- .../references/configuration/config-file.md | 589 +----------------- magefiles/docs.go | 114 ++++ 2 files changed, 144 insertions(+), 559 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index d90ae7b26384..90f98e74bd44 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -5,605 +5,76 @@ The config path can be overridden by the `--config` flag. An example is [here][example]. -## Global Options +## Output options ```yaml -# Same as '--quiet' -# Default is false -quiet: false - -# Same as '--debug' -# Default is false -debug: false - -# Same as '--insecure' -# Default is false -insecure: false - -# Same as '--timeout' -# Default is '5m' -timeout: 10m - -# Same as '--cache-dir' -# Default is your system cache dir -cache: - dir: $HOME/.cache/trivy +output: ``` -## Report Options +## Format options ```yaml -# Same as '--format' -# Default is 'table' format: table +``` -# Same as '--report' (available with 'trivy k8s') -# Default is all -report: all - -# Same as '--template' -# Default is empty -template: - -# Same as '--dependency-tree' -# Default is false -dependency-tree: false - -# Same as '--list-all-pkgs' -# Default is false -list-all-pkgs: false +## Ignorefile options -# Same as '--ignorefile' -# Default is '.trivyignore' +```yaml ignorefile: .trivyignore - -# Same as '--ignore-policy' -# Default is empty -ignore-policy: - -# Same as '--exit-code' -# Default is 0 -exit-code: 0 - -# Same as '--exit-on-eol' -# Default is 0 -exit-on-eol: 0 - -# Same as '--output' -# Default is empty (stdout) -output: - -# Same as '--severity' -# Default is all severities -severity: - - UNKNOWN - - LOW - - MEDIUM - - HIGH - - CRITICAL - -# Same as '--pkg-types' -# Default is 'os,library' -pkg-types: - - os - - library - - -scan: - # Same as '--compliance' - # Default is empty - compliance: - - # Same as '--show-suppressed' - # Default is false - show-suppressed: false ``` -## Scan Options -Available in client/server mode +## Ignore-Policy options ```yaml -scan: - # Same as '--file-patterns' - # Default is empty - file-patterns: - - - - # Same as '--skip-dirs' - # Default is empty - skip-dirs: - - usr/local/ - - etc/ - - # Same as '--skip-files' - # Default is empty - skip-files: - - package-dev.json - - # Same as '--offline-scan' - # Default is false - offline: false - - # Same as '--scanners' - # Default depends on subcommand - scanners: - - vuln - - misconfig - - secret - - license - - - # Same as '--parallel' - # Default is 5 - parallel: 1 - - # Same as '--sbom-sources' - # Default is empty - sbom-sources: - - oci - - rekor - - # Same as '--rekor-url' - # Default is 'https://rekor.sigstore.dev' - rekor-url: https://rekor.sigstore.dev - - # Same as '--include-dev-deps' - # Default is false - include-dev-deps: false +ignore-policy: ``` -## Cache Options +## Template options ```yaml -cache: - # Same as '--cache-backend' - # Default is 'fs' - backend: 'fs' - - # Same as '--cache-ttl' - # Default is 0 (no ttl) - ttl: 0 - - # Redis options - redis: - # Same as '--redis-tls' - # Default is false - tls: - # Same as '--redis-ca' - # Default is empty - ca: - - # Same as '--redis-cert' - # Default is empty - cert: - - # Same as '--redis-key' - # Default is empty - key: +template: ``` -## DB Options +## Output-Plugin-Arg options ```yaml -db: - # Same as '--no-progress' - # Default is false - no-progress: false - - # Same as '--skip-db-update' - # Default is false - skip-update: false - - # Same as '--db-repository' - # Default is 'ghcr.io/aquasecurity/trivy-db:2' - repository: ghcr.io/aquasecurity/trivy-db:2 - - # Same as '--skip-java-db-update' - # Default is false - java-skip-update: false - - # Same as '--java-db-repository' - # Default is 'ghcr.io/aquasecurity/trivy-java-db:1' - java-repository: ghcr.io/aquasecurity/trivy-java-db:1 +output-plugin-arg: ``` -## Registry Options +## Scan options ```yaml -registry: - # Same as '--username' - # Default is empty - username: - - # Same as '--password' - # Default is empty - password: - - # Same as '--registry-token' - # Default is empty - registry-token: +scan: + compliance: ``` -## Image Options -Available with container image scanning +## Image options ```yaml image: - # Same as '--input' (available with 'trivy image') - # Default is empty - input: - - # Same as '--removed-pkgs' - # Default is false - removed-pkgs: false - - # Same as '--platform' - # Default is empty - platform: - - # Same as '--image-src' - # Default is 'docker,containerd,podman,remote' - source: - - podman - - docker - - # Same as '--image-config-scanners' - # Default is empty - image-config-scanners: - - misconfig - - secret - - docker: - # Same as '--docker-host' - # Default is empty - host: - podman: - # Same as '--podman-host' - # Default is empty + host: + input: + platform: + docker: host: ``` -## Vulnerability Options -Available with vulnerability scanning - -```yaml -vulnerability: - # Same as '--ignore-unfixed' - # Default is false - ignore-unfixed: false - - # Same as '--ignore-unfixed' - # Default is empty - ignore-status: - - end_of_life -``` - -## License Options -Available with license scanning - -```yaml -license: - # Same as '--license-full' - # Default is false - full: false - - # Same as '--ignored-licenses' - # Default is empty - ignored: - - MPL-2.0 - - MIT - - # Same as '--license-confidence-level' - # Default is 0.9 - confidenceLevel: 0.9 - - # Set list of forbidden licenses - # Default is https://github.com/aquasecurity/trivy/blob/164b025413c5fb9c6759491e9a306b46b869be93/pkg/licensing/category.go#L171 - forbidden: - - AGPL-1.0 - - AGPL-3.0 - - # Set list of restricted licenses - # Default is https://github.com/aquasecurity/trivy/blob/164b025413c5fb9c6759491e9a306b46b869be93/pkg/licensing/category.go#L199 - restricted: - - AGPL-1.0 - - AGPL-3.0 - - # Set list of reciprocal licenses - # Default is https://github.com/aquasecurity/trivy/blob/164b025413c5fb9c6759491e9a306b46b869be93/pkg/licensing/category.go#L238 - reciprocal: - - AGPL-1.0 - - AGPL-3.0 - - # Set list of notice licenses - # Default is https://github.com/aquasecurity/trivy/blob/164b025413c5fb9c6759491e9a306b46b869be93/pkg/licensing/category.go#L260 - notice: - - AGPL-1.0 - - AGPL-3.0 - - # Set list of permissive licenses - # Default is empty - permissive: - - AGPL-1.0 - - AGPL-3.0 - - # Set list of unencumbered licenses - # Default is https://github.com/aquasecurity/trivy/blob/164b025413c5fb9c6759491e9a306b46b869be93/pkg/licensing/category.go#L334 - unencumbered: - - AGPL-1.0 - - AGPL-3.0 -``` - -## Secret Options -Available with secret scanning - -```yaml -secret: - # Same as '--secret-config' - # Default is 'trivy-secret.yaml' - config: config/trivy/secret.yaml -``` - -## Rego Options - -```yaml -rego: - # Same as '--trace' - # Default is false - trace: false - - # Same as '--skip-check-update' - # Default is false - skip-check-update: false - - # Same as '--config-policy' - # Default is empty - policy: - - policy/repository - - policy/custom - - policy/some-policy.rego - - # Same as '--config-data' - # Default is empty - data: - - data/ - - # Same as '--policy-namespaces' - # Default is empty - namespaces: - - opa.examples - - users -``` - -## Misconfiguration Options -Available with misconfiguration scanning - -```yaml -misconfiguration: - # Same as '--include-non-failures' - # Default is false - include-non-failures: false - - # Same as '--include-deprecated-checks' - # Default is false - include-deprecated-checks: false - - # Same as '--check-bundle-repository' and '--policy-bundle-repository' - # Default is 'ghcr.io/aquasecurity/trivy-checks:0' - check-bundle-repository: ghcr.io/aquasecurity/trivy-checks:0 - - # Same as '--miconfig-scanners' - # Default is all scanners - scanners: - - dockerfile - - terraform - - # helm value override configurations - helm: - # set individual values - set: - - securityContext.runAsUser=10001 - - # set values with file - values: - - overrides.yaml - - # set specific values from specific files - set-file: - - image=dev-overrides.yaml - - # set as string and preserve type - set-string: - - name=true - - # Available API versions used for Capabilities.APIVersions. This flag is the same as the api-versions flag of the helm template command. - api-versions: - - policy/v1/PodDisruptionBudget - - apps/v1/Deployment - - # Kubernetes version used for Capabilities.KubeVersion. This flag is the same as the kube-version flag of the helm template command. - kube-version: "v1.21.0" - - # terraform tfvars overrrides - terraform: - vars: - - dev-terraform.tfvars - - common-terraform.tfvars - - # Same as '--tf-exclude-downloaded-modules' - # Default is false - exclude-downloaded-modules: false - - # Same as '--cf-params' - # Default is false - cloudformation: - params: - - params.json -``` - -## Kubernetes Options -Available with Kubernetes scanning - -```yaml -kubernetes: - # Same as '--context' - # Default is empty - context: - - # Same as '--namespace' - # Default is empty - namespace: - - # Same as '--kubeconfig' - # Default is empty - kubeconfig: ~/.kube/config2 - - # Same as '--components' - # Default is 'workload,infra' - components: - - workload - - infra - - # Same as '--k8s-version' - # Default is empty - k8s-version: 1.21.0 - - # Same as '--tolerations' - # Default is empty - tolerations: - - key1=value1:NoExecute - - key2=value2:NoSchedule - - # Same as '--all-namespaces' - # Default is false - all-namespaces: false - - node-collector: - # Same as '--node-collector-namespace' - # Default is 'trivy-temp' - namespace: ~/.kube/config2 - - # Same as '--node-collector-imageref' - # Default is 'ghcr.io/aquasecurity/node-collector:0.0.9' - imageref: ghcr.io/aquasecurity/node-collector:0.0.9 - - exclude: - # Same as '--exclude-owned' - # Default is false - owned: true - - # Same as '--exclude-nodes' - # Default is empty - nodes: - - kubernetes.io/arch:arm64 - - team:dev - - # Same as '--qps' - # Default is 5.0 - qps: 5.0 - - # Same as '--burst' - # Default is 10 - burst: 10 -``` - -## Repository Options -Available with git repository scanning (`trivy repo`) - -```yaml -repository: - # Same as '--branch' - # Default is empty - branch: - - # Same as '--commit' - # Default is empty - commit: - - # Same as '--tag' - # Default is empty - tag: -``` - -## Client/Server Options -Available in client/server mode - -```yaml -server: - # Same as '--server' (available in client mode) - # Default is empty - addr: http://localhost:4954 - - # Same as '--token' - # Default is empty - token: "something-secret" - - # Same as '--token-header' - # Default is 'Trivy-Token' - token-header: 'My-Token-Header' - - # Same as '--custom-headers' - # Default is empty - custom-headers: - - scanner: trivy - - x-api-token: xxx - - # Same as '--listen' (available in server mode) - # Default is 'localhost:4954' - listen: 0.0.0.0:10000 -``` - -## Cloud Options - -Available for cloud scanning (currently only `trivy aws`) +## Cache options ```yaml -cloud: - # whether to force a cache update for every scan - update-cache: false - - # how old cached results can be before being invalidated - max-cache-age: 24h - - # aws-specific cloud settings - aws: - # the aws region to use - region: us-east-1 - - # the aws endpoint to use (not required for general use) - endpoint: https://my.custom.aws.endpoint - - # the aws account to use (this will be determined from your environment when not set) - account: 123456789012 - - # the aws specific services - service: - - s3 - - ec2 - - # the aws specific arn - arn: arn:aws:s3:::example-bucket - - # skip the aws specific services - skip-service: - - s3 - - ec2 +cache: + backend: fs + redis: + key: + ca: + cert: ``` -## Module Options -Available for modules +## Report options ```yaml -module: - # Same as '--module-dir' - # Default is '$HOME/.trivy/modules' - dir: $HOME/.trivy/modules - - # Same as '--enable-modules' - # Default is empty - enable-modules: - - trivy-module-spring4shell - - trivy-module-wordpress +report: all ``` -[example]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/examples/trivy-conf/trivy.yaml +[example]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/examples/trivy-conf/trivy.yaml \ No newline at end of file diff --git a/magefiles/docs.go b/magefiles/docs.go index 1a59007de229..d219e95ef4da 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -3,7 +3,13 @@ package main import ( + "fmt" "os" + "reflect" + "strings" + + "golang.org/x/text/cases" + "golang.org/x/text/language" "github.com/spf13/cobra/doc" @@ -12,6 +18,14 @@ import ( "github.com/aquasecurity/trivy/pkg/log" ) +const ( + title = "Config file" + description = "Trivy can be customized by tweaking a `trivy.yaml` file.\n" + + "The config path can be overridden by the `--config` flag.\n\n" + + "An example is [here][example].\n" + footer = "[example]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/examples/trivy-conf/trivy.yaml" +) + // Generate CLI references func main() { // Set a dummy path for the documents @@ -26,4 +40,104 @@ func main() { if err := doc.GenMarkdownTree(cmd, "./docs/docs/references/configuration/cli"); err != nil { log.Fatal("Fatal error", log.Err(err)) } + if err := generateConfigDocs("./docs/docs/references/configuration/config-file.md"); err != nil { + log.Fatal("Fatal error in config file generation", log.Err(err)) + } +} + +// generateConfigDocs creates custom markdown output. +func generateConfigDocs(filename string) error { + f, err := os.Create(filename) + if err != nil { + return err + } + defer f.Close() + f.WriteString("# " + title + "\n\n") + f.WriteString(description + "\n") + + flagsMetadata := buildFlagsTree() + genMarkdown(flagsMetadata, 0, f) + + f.WriteString(footer) + return nil +} + +type flagMetadata struct { + name string + configName string + defaultValue any +} + +func getFlagMetadata(flagGroup any) []*flagMetadata { + result := []*flagMetadata{} + val := reflect.ValueOf(flagGroup) + for i := 0; i < val.NumField(); i++ { + p, ok := val.Field(i).Interface().(*flag.Flag[string]) + if !ok { + continue + } + result = append(result, &flagMetadata{ + name: p.Name, + configName: p.ConfigName, + defaultValue: p.Default, + }) + } + return result +} + +func addToMap(m map[string]any, parts []string, defaultValue any) { + if len(parts) == 0 { + return + } + if len(parts) == 1 { + m[parts[0]] = defaultValue + return + } + + if _, exists := m[parts[0]]; !exists { + m[parts[0]] = make(map[string]any) + } + + subMap, ok := m[parts[0]].(map[string]any) + if !ok { + subMap = make(map[string]any) + m[parts[0]] = subMap + } + + addToMap(subMap, parts[1:], defaultValue) +} + +func buildFlagsTree() map[string]any { + res := map[string]any{} + metadata := getFlagMetadata(*flag.NewImageFlagGroup()) + metadata = append(metadata, getFlagMetadata(*flag.NewCacheFlagGroup())...) + metadata = append(metadata, getFlagMetadata(*flag.NewReportFlagGroup())...) + + for _, m := range metadata { + addToMap(res, strings.Split(m.configName, "."), m.defaultValue) + } + return res +} + +var caser = cases.Title(language.English) + +func genMarkdown(m map[string]any, indent int, w *os.File) { + indentation := strings.Repeat(" ", indent) + for key, value := range m { + if indent == 0 { + w.WriteString("## " + caser.String(key) + " options\n\n") + w.WriteString("```yaml\n") + } + + switch v := value.(type) { + case map[string]any: + w.WriteString(fmt.Sprintf("%s%s:\n", indentation, key)) + genMarkdown(v, indent+1, w) + default: + w.WriteString(fmt.Sprintf("%s%s: %v\n", indentation, key, v)) + } + if indent == 0 { + w.WriteString("```\n\n") + } + } } From e8b1971297ede029a4aff752c590b8ac529fd070 Mon Sep 17 00:00:00 2001 From: afdesk Date: Tue, 30 Jul 2024 17:58:56 +0600 Subject: [PATCH 02/27] add sort and comments --- .../references/configuration/config-file.md | 117 +++++++++++++----- magefiles/docs.go | 30 +++-- 2 files changed, 110 insertions(+), 37 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index 90f98e74bd44..d455a94a151e 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -5,76 +5,137 @@ The config path can be overridden by the `--config` flag. An example is [here][example]. -## Output options +## Cache options ```yaml -output: -``` +cache: + # Same as '--cache-backend' + # Default is fs + backend: fs -## Format options + # Same as '--cache-dir' + # Default is /path/to/cache + dir: /path/to/cache -```yaml -format: table -``` + redis: + # Same as '--redis-ca' + # Default is + ca: -## Ignorefile options + # Same as '--redis-cert' + # Default is + cert: + + # Same as '--redis-key' + # Default is + key: -```yaml -ignorefile: .trivyignore ``` -## Ignore-Policy options +## Config options ```yaml -ignore-policy: +# Same as '--config' +# Default is trivy.yaml +config: trivy.yaml + ``` -## Template options +## Format options ```yaml -template: +# Same as '--format' +# Default is table +format: table + ``` -## Output-Plugin-Arg options +## Ignore-Policy options ```yaml -output-plugin-arg: +# Same as '--ignore-policy' +# Default is +ignore-policy: + ``` -## Scan options +## Ignorefile options ```yaml -scan: - compliance: +# Same as '--ignorefile' +# Default is .trivyignore +ignorefile: .trivyignore + ``` ## Image options ```yaml image: - podman: + docker: + # Same as '--docker-host' + # Default is host: + + # Same as '--input' + # Default is input: + + # Same as '--platform' + # Default is platform: - docker: + + podman: + # Same as '--podman-host' + # Default is host: + ``` -## Cache options +## Output options ```yaml -cache: - backend: fs - redis: - key: - ca: - cert: +# Same as '--output' +# Default is +output: + +``` + +## Output-Plugin-Arg options + +```yaml +# Same as '--output-plugin-arg' +# Default is +output-plugin-arg: + ``` ## Report options ```yaml +# Same as '--report' +# Default is all report: all + +``` + +## Scan options + +```yaml +scan: + # Same as '--compliance' + # Default is + compliance: + +``` + +## Template options + +```yaml +# Same as '--template' +# Default is +template: + ``` [example]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/examples/trivy-conf/trivy.yaml \ No newline at end of file diff --git a/magefiles/docs.go b/magefiles/docs.go index d219e95ef4da..b55aa1a18566 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -6,6 +6,7 @@ import ( "fmt" "os" "reflect" + "sort" "strings" "golang.org/x/text/cases" @@ -85,12 +86,12 @@ func getFlagMetadata(flagGroup any) []*flagMetadata { return result } -func addToMap(m map[string]any, parts []string, defaultValue any) { +func addToMap(m map[string]any, parts []string, value *flagMetadata) { if len(parts) == 0 { return } if len(parts) == 1 { - m[parts[0]] = defaultValue + m[parts[0]] = value return } @@ -104,7 +105,7 @@ func addToMap(m map[string]any, parts []string, defaultValue any) { m[parts[0]] = subMap } - addToMap(subMap, parts[1:], defaultValue) + addToMap(subMap, parts[1:], value) } func buildFlagsTree() map[string]any { @@ -112,9 +113,10 @@ func buildFlagsTree() map[string]any { metadata := getFlagMetadata(*flag.NewImageFlagGroup()) metadata = append(metadata, getFlagMetadata(*flag.NewCacheFlagGroup())...) metadata = append(metadata, getFlagMetadata(*flag.NewReportFlagGroup())...) + metadata = append(metadata, getFlagMetadata(*flag.NewGlobalFlagGroup())...) for _, m := range metadata { - addToMap(res, strings.Split(m.configName, "."), m.defaultValue) + addToMap(res, strings.Split(m.configName, "."), m) } return res } @@ -123,18 +125,28 @@ var caser = cases.Title(language.English) func genMarkdown(m map[string]any, indent int, w *os.File) { indentation := strings.Repeat(" ", indent) - for key, value := range m { + + // Extract and sort keys + keys := make([]string, 0, len(m)) + for key := range m { + keys = append(keys, key) + } + sort.Strings(keys) + + for _, key := range keys { if indent == 0 { w.WriteString("## " + caser.String(key) + " options\n\n") w.WriteString("```yaml\n") } - switch v := value.(type) { + switch v := m[key].(type) { case map[string]any: - w.WriteString(fmt.Sprintf("%s%s:\n", indentation, key)) + fmt.Fprintf(w, "%s%s:\n", indentation, key) genMarkdown(v, indent+1, w) - default: - w.WriteString(fmt.Sprintf("%s%s: %v\n", indentation, key, v)) + case *flagMetadata: + fmt.Fprintf(w, "%s# Same as '--%s'\n", indentation, v.name) + fmt.Fprintf(w, "%s# Default is %v\n", indentation, v.defaultValue) + fmt.Fprintf(w, "%s%s: %+v\n\n", indentation, key, v.defaultValue) } if indent == 0 { w.WriteString("```\n\n") From f958ae8ec70f8d6d93fae3f360de01d773437af3 Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 31 Jul 2024 13:26:05 +0600 Subject: [PATCH 03/27] add all flag types --- .../references/configuration/config-file.md | 170 +++++++++++------- magefiles/docs.go | 75 +++++--- 2 files changed, 154 insertions(+), 91 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index d455a94a151e..e25408dffd63 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -5,67 +5,108 @@ The config path can be overridden by the `--config` flag. An example is [here][example]. -## Cache options +## Global options ```yaml cache: - # Same as '--cache-backend' - # Default is fs - backend: fs - # Same as '--cache-dir' # Default is /path/to/cache dir: /path/to/cache - redis: - # Same as '--redis-ca' - # Default is - ca: +# Same as '--config' +# Default is trivy.yaml +config: trivy.yaml - # Same as '--redis-cert' - # Default is - cert: +# Same as '--debug' +# Default is false +debug: false - # Same as '--redis-key' - # Default is - key: +# Same as '--generate-default-config' +# Default is false +generate-default-config: false -``` +# Same as '--insecure' +# Default is false +insecure: false -## Config options +# Same as '--quiet' +# Default is false +quiet: false -```yaml -# Same as '--config' -# Default is trivy.yaml -config: trivy.yaml +# Same as '--timeout' +# Default is 5m0s +timeout: 5m0s + +# Same as '--version' +# Default is false +version: false ``` -## Format options +## Report options ```yaml +# Same as '--dependency-tree' +# Default is false +dependency-tree: false + +# Same as '--exit-code' +# Default is 0 +exit-code: 0 + +# Same as '--exit-on-eol' +# Default is 0 +exit-on-eol: 0 + # Same as '--format' # Default is table format: table -``` - -## Ignore-Policy options - -```yaml # Same as '--ignore-policy' # Default is ignore-policy: -``` - -## Ignorefile options - -```yaml # Same as '--ignorefile' # Default is .trivyignore ignorefile: .trivyignore +# Same as '--list-all-pkgs' +# Default is false +list-all-pkgs: false + +# Same as '--output' +# Default is +output: + +# Same as '--output-plugin-arg' +# Default is +output-plugin-arg: + +# Same as '--pkg-types' +# Default is [os library] +pkg-types: [os library] + +# Same as '--report' +# Default is all +report: all + +scan: + # Same as '--compliance' + # Default is + compliance: + + # Same as '--show-suppressed' + # Default is false + show-suppressed: false + +# Same as '--severity' +# Default is [UNKNOWN LOW MEDIUM HIGH CRITICAL] +severity: [UNKNOWN LOW MEDIUM HIGH CRITICAL] + +# Same as '--template' +# Default is +template: + ``` ## Image options @@ -77,6 +118,10 @@ image: # Default is host: + # Same as '--image-config-scanners' + # Default is [] + image-config-scanners: [] + # Same as '--input' # Default is input: @@ -90,51 +135,44 @@ image: # Default is host: -``` - -## Output options + # Same as '--removed-pkgs' + # Default is false + removed-pkgs: false -```yaml -# Same as '--output' -# Default is -output: + # Same as '--image-src' + # Default is [docker containerd podman remote] + source: [docker containerd podman remote] ``` -## Output-Plugin-Arg options - -```yaml -# Same as '--output-plugin-arg' -# Default is -output-plugin-arg: - -``` - -## Report options +## Cache options ```yaml -# Same as '--report' -# Default is all -report: all - -``` +cache: + # Same as '--cache-backend' + # Default is fs + backend: fs -## Scan options + redis: + # Same as '--redis-ca' + # Default is + ca: -```yaml -scan: - # Same as '--compliance' - # Default is - compliance: + # Same as '--redis-cert' + # Default is + cert: -``` + # Same as '--redis-key' + # Default is + key: -## Template options + # Same as '--redis-tls' + # Default is false + tls: false -```yaml -# Same as '--template' -# Default is -template: + # Same as '--cache-ttl' + # Default is 0s + ttl: 0s ``` diff --git a/magefiles/docs.go b/magefiles/docs.go index b55aa1a18566..ec3b973d7b84 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -8,9 +8,7 @@ import ( "reflect" "sort" "strings" - - "golang.org/x/text/cases" - "golang.org/x/text/language" + "time" "github.com/spf13/cobra/doc" @@ -57,7 +55,7 @@ func generateConfigDocs(filename string) error { f.WriteString(description + "\n") flagsMetadata := buildFlagsTree() - genMarkdown(flagsMetadata, 0, f) + genMarkdown(flagsMetadata, -1, f) f.WriteString(footer) return nil @@ -69,18 +67,47 @@ type flagMetadata struct { defaultValue any } -func getFlagMetadata(flagGroup any) []*flagMetadata { +func getFlagMetadata(section string, flagGroup any) []*flagMetadata { result := []*flagMetadata{} val := reflect.ValueOf(flagGroup) for i := 0; i < val.NumField(); i++ { - p, ok := val.Field(i).Interface().(*flag.Flag[string]) - if !ok { + var name, configName string + var defaultValue any + switch p := val.Field(i).Interface().(type) { + case *flag.Flag[int]: + name = p.Name + configName = section + "." + p.ConfigName + defaultValue = p.Default + case *flag.Flag[bool]: + if p == nil { + continue + } + name = p.Name + configName = section + "." + p.ConfigName + defaultValue = p.Default + case *flag.Flag[string]: + name = p.Name + configName = section + "." + p.ConfigName + defaultValue = p.Default + case *flag.Flag[[]string]: + name = p.Name + configName = section + "." + p.ConfigName + defaultValue = p.Default + case *flag.Flag[time.Duration]: + name = p.Name + configName = section + "." + p.ConfigName + defaultValue = p.Default + case *flag.Flag[float64]: + name = p.Name + configName = section + "." + p.ConfigName + defaultValue = p.Default + default: continue } result = append(result, &flagMetadata{ - name: p.Name, - configName: p.ConfigName, - defaultValue: p.Default, + name: name, + configName: configName, + defaultValue: defaultValue, }) } return result @@ -110,20 +137,26 @@ func addToMap(m map[string]any, parts []string, value *flagMetadata) { func buildFlagsTree() map[string]any { res := map[string]any{} - metadata := getFlagMetadata(*flag.NewImageFlagGroup()) - metadata = append(metadata, getFlagMetadata(*flag.NewCacheFlagGroup())...) - metadata = append(metadata, getFlagMetadata(*flag.NewReportFlagGroup())...) - metadata = append(metadata, getFlagMetadata(*flag.NewGlobalFlagGroup())...) - + metadata := getFlagMetadata("Global", *flag.NewGlobalFlagGroup()) + metadata = append(metadata, getFlagMetadata("Report", *flag.NewReportFlagGroup())...) + metadata = append(metadata, getFlagMetadata("Image", *flag.NewImageFlagGroup())...) + metadata = append(metadata, getFlagMetadata("Cache", *flag.NewCacheFlagGroup())...) for _, m := range metadata { addToMap(res, strings.Split(m.configName, "."), m) } return res } -var caser = cases.Title(language.English) - func genMarkdown(m map[string]any, indent int, w *os.File) { + if indent == -1 { + for k, v := range m { + w.WriteString("## " + k + " options\n\n") + w.WriteString("```yaml\n") + genMarkdown(v.(map[string]any), 0, w) + w.WriteString("```\n\n") + } + return + } indentation := strings.Repeat(" ", indent) // Extract and sort keys @@ -134,11 +167,6 @@ func genMarkdown(m map[string]any, indent int, w *os.File) { sort.Strings(keys) for _, key := range keys { - if indent == 0 { - w.WriteString("## " + caser.String(key) + " options\n\n") - w.WriteString("```yaml\n") - } - switch v := m[key].(type) { case map[string]any: fmt.Fprintf(w, "%s%s:\n", indentation, key) @@ -148,8 +176,5 @@ func genMarkdown(m map[string]any, indent int, w *os.File) { fmt.Fprintf(w, "%s# Default is %v\n", indentation, v.defaultValue) fmt.Fprintf(w, "%s%s: %+v\n\n", indentation, key, v.defaultValue) } - if indent == 0 { - w.WriteString("```\n\n") - } } } From dcf419a0f35390b05093b01561a6cb54ef30d143 Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 31 Jul 2024 14:57:39 +0600 Subject: [PATCH 04/27] add flags --- .../references/configuration/config-file.md | 345 +++++++++++++++++- magefiles/docs.go | 14 + 2 files changed, 340 insertions(+), 19 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index e25408dffd63..e4477d467065 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -43,6 +43,143 @@ version: false ``` +## DB options + +```yaml +db: + # Same as '--download-java-db-only' + # Default is false + download-java-only: false + + # Same as '--download-db-only' + # Default is false + download-only: false + + # Same as '--java-db-repository' + # Default is ghcr.io/aquasecurity/trivy-java-db:1 + java-repository: ghcr.io/aquasecurity/trivy-java-db:1 + + # Same as '--skip-java-db-update' + # Default is false + java-skip-update: false + + # Same as '--light' + # Default is false + light: false + + # Same as '--no-progress' + # Default is false + no-progress: false + + # Same as '--db-repository' + # Default is ghcr.io/aquasecurity/trivy-db:2 + repository: ghcr.io/aquasecurity/trivy-db:2 + + # Same as '--skip-db-update' + # Default is false + skip-update: false + +# Same as '--reset' +# Default is false +reset: false + +``` + +## Cache options + +```yaml +cache: + # Same as '--cache-backend' + # Default is fs + backend: fs + + redis: + # Same as '--redis-ca' + # Default is + ca: + + # Same as '--redis-cert' + # Default is + cert: + + # Same as '--redis-key' + # Default is + key: + + # Same as '--redis-tls' + # Default is false + tls: false + + # Same as '--cache-ttl' + # Default is 0s + ttl: 0s + +``` + +## Scan options + +```yaml +scan: + # Same as '--file-patterns' + # Default is [] + file-patterns: [] + + # Same as '--include-dev-deps' + # Default is false + include-dev-deps: false + + # Same as '--offline-scan' + # Default is false + offline: false + + # Same as '--parallel' + # Default is 5 + parallel: 5 + + # Same as '--rekor-url' + # Default is https://rekor.sigstore.dev + rekor-url: https://rekor.sigstore.dev + + # Same as '--sbom-sources' + # Default is [] + sbom-sources: [] + + # Same as '--scanners' + # Default is [vuln secret] + scanners: [vuln secret] + + # Same as '--skip-dirs' + # Default is [] + skip-dirs: [] + + # Same as '--skip-files' + # Default is [] + skip-files: [] + + # Same as '--slow' + # Default is false + slow: false + +``` + +## Registry options + +```yaml +registry: + # Same as '--password' + # Default is [] + password: [] + + # Same as '--registry-token' + # Default is + token: + + # Same as '--username' + # Default is [] + username: [] + +``` + ## Report options ```yaml @@ -109,6 +246,58 @@ template: ``` +## Rego options + +```yaml +rego: + # Same as '--config-check' + # Default is [] + check: [] + + # Same as '--config-data' + # Default is [] + data: [] + + # Same as '--include-deprecated-checks' + # Default is false + include-deprecated-checks: false + + # Same as '--check-namespaces' + # Default is [] + namespaces: [] + + # Same as '--skip-check-update' + # Default is false + skip-check-update: false + + # Same as '--trace' + # Default is false + trace: false + +``` + +## Vulnerability options + +```yaml +vulnerability: + # Same as '--ignore-status' + # Default is [] + ignore-status: [] + + # Same as '--ignore-unfixed' + # Default is false + ignore-unfixed: false + + # Same as '--skip-vex-repo-update' + # Default is false + skip-vex-repo-update: false + + # Same as '--vex' + # Default is [] + vex: [] + +``` + ## Image options ```yaml @@ -145,34 +334,152 @@ image: ``` -## Cache options +## Client/server options ```yaml -cache: - # Same as '--cache-backend' - # Default is fs - backend: fs +server: + # Same as '--server' + # Default is + addr: - redis: - # Same as '--redis-ca' - # Default is - ca: + # Same as '--custom-headers' + # Default is [] + custom-headers: [] - # Same as '--redis-cert' - # Default is - cert: + # Same as '--token' + # Default is + token: - # Same as '--redis-key' + # Same as '--token-header' + # Default is Trivy-Token + token-header: Trivy-Token + +``` + +## Secret options + +```yaml +secret: + # Same as '--secret-config' + # Default is trivy-secret.yaml + config: trivy-secret.yaml + +``` + +## License options + +```yaml +license: + # Same as '--license-confidence-level' + # Default is 0.9 + confidenceLevel: 0.9 + + # Same as '--' + # Default is [AGPL-1.0 AGPL-3.0 CC-BY-NC-1.0 CC-BY-NC-2.0 CC-BY-NC-2.5 CC-BY-NC-3.0 CC-BY-NC-4.0 CC-BY-NC-ND-1.0 CC-BY-NC-ND-2.0 CC-BY-NC-ND-2.5 CC-BY-NC-ND-3.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-1.0 CC-BY-NC-SA-2.0 CC-BY-NC-SA-2.5 CC-BY-NC-SA-3.0 CC-BY-NC-SA-4.0 Commons-Clause Facebook-2-Clause Facebook-3-Clause Facebook-Examples WTFPL] + forbidden: [AGPL-1.0 AGPL-3.0 CC-BY-NC-1.0 CC-BY-NC-2.0 CC-BY-NC-2.5 CC-BY-NC-3.0 CC-BY-NC-4.0 CC-BY-NC-ND-1.0 CC-BY-NC-ND-2.0 CC-BY-NC-ND-2.5 CC-BY-NC-ND-3.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-1.0 CC-BY-NC-SA-2.0 CC-BY-NC-SA-2.5 CC-BY-NC-SA-3.0 CC-BY-NC-SA-4.0 Commons-Clause Facebook-2-Clause Facebook-3-Clause Facebook-Examples WTFPL] + + # Same as '--license-full' + # Default is false + full: false + + # Same as '--ignored-licenses' + # Default is [] + ignored: [] + + # Same as '--' + # Default is [AFL-1.1 AFL-1.2 AFL-2.0 AFL-2.1 AFL-3.0 Apache-1.0 Apache-1.1 Apache-2.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-1.0 Artistic-2.0 BSL-1.0 BSD-2-Clause-FreeBSD BSD-2-Clause-NetBSD BSD-2-Clause BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause BSD-4-Clause BSD-4-Clause-UC BSD-Protection CC-BY-1.0 CC-BY-2.0 CC-BY-2.5 CC-BY-3.0 CC-BY-4.0 FTL ISC ImageMagick Libpng Lil-1.0 Linux-OpenIB LPL-1.02 LPL-1.0 MS-PL MIT NCSA OpenSSL PHP-3.01 PHP-3.0 PIL Python-2.0 Python-2.0-complete PostgreSQL SGI-B-1.0 SGI-B-1.1 SGI-B-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 W3C-19980720 W3C-20150513 W3C X11 Xnet Zend-2.0 zlib-acknowledgement Zlib ZPL-1.1 ZPL-2.0 ZPL-2.1] + notice: [AFL-1.1 AFL-1.2 AFL-2.0 AFL-2.1 AFL-3.0 Apache-1.0 Apache-1.1 Apache-2.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-1.0 Artistic-2.0 BSL-1.0 BSD-2-Clause-FreeBSD BSD-2-Clause-NetBSD BSD-2-Clause BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause BSD-4-Clause BSD-4-Clause-UC BSD-Protection CC-BY-1.0 CC-BY-2.0 CC-BY-2.5 CC-BY-3.0 CC-BY-4.0 FTL ISC ImageMagick Libpng Lil-1.0 Linux-OpenIB LPL-1.02 LPL-1.0 MS-PL MIT NCSA OpenSSL PHP-3.01 PHP-3.0 PIL Python-2.0 Python-2.0-complete PostgreSQL SGI-B-1.0 SGI-B-1.1 SGI-B-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 W3C-19980720 W3C-20150513 W3C X11 Xnet Zend-2.0 zlib-acknowledgement Zlib ZPL-1.1 ZPL-2.0 ZPL-2.1] + + # Same as '--' + # Default is [] + permissive: [] + + # Same as '--' + # Default is [APSL-1.0 APSL-1.1 APSL-1.2 APSL-2.0 CDDL-1.0 CDDL-1.1 CPL-1.0 EPL-1.0 EPL-2.0 FreeImage IPL-1.0 MPL-1.0 MPL-1.1 MPL-2.0 Ruby] + reciprocal: [APSL-1.0 APSL-1.1 APSL-1.2 APSL-2.0 CDDL-1.0 CDDL-1.1 CPL-1.0 EPL-1.0 EPL-2.0 FreeImage IPL-1.0 MPL-1.0 MPL-1.1 MPL-2.0 Ruby] + + # Same as '--' + # Default is [BCL CC-BY-ND-1.0 CC-BY-ND-2.0 CC-BY-ND-2.5 CC-BY-ND-3.0 CC-BY-ND-4.0 CC-BY-SA-1.0 CC-BY-SA-2.0 CC-BY-SA-2.5 CC-BY-SA-3.0 CC-BY-SA-4.0 GPL-1.0 GPL-2.0 GPL-2.0-with-autoconf-exception GPL-2.0-with-bison-exception GPL-2.0-with-classpath-exception GPL-2.0-with-font-exception GPL-2.0-with-GCC-exception GPL-3.0 GPL-3.0-with-autoconf-exception GPL-3.0-with-GCC-exception LGPL-2.0 LGPL-2.1 LGPL-3.0 NPL-1.0 NPL-1.1 OSL-1.0 OSL-1.1 OSL-2.0 OSL-2.1 OSL-3.0 QPL-1.0 Sleepycat] + restricted: [BCL CC-BY-ND-1.0 CC-BY-ND-2.0 CC-BY-ND-2.5 CC-BY-ND-3.0 CC-BY-ND-4.0 CC-BY-SA-1.0 CC-BY-SA-2.0 CC-BY-SA-2.5 CC-BY-SA-3.0 CC-BY-SA-4.0 GPL-1.0 GPL-2.0 GPL-2.0-with-autoconf-exception GPL-2.0-with-bison-exception GPL-2.0-with-classpath-exception GPL-2.0-with-font-exception GPL-2.0-with-GCC-exception GPL-3.0 GPL-3.0-with-autoconf-exception GPL-3.0-with-GCC-exception LGPL-2.0 LGPL-2.1 LGPL-3.0 NPL-1.0 NPL-1.1 OSL-1.0 OSL-1.1 OSL-2.0 OSL-2.1 OSL-3.0 QPL-1.0 Sleepycat] + + # Same as '--' + # Default is [CC0-1.0 Unlicense 0BSD] + unencumbered: [CC0-1.0 Unlicense 0BSD] + +``` + +## Misconfiguration options + +```yaml +misconfiguration: + # Same as '--checks-bundle-repository' + # Default is ghcr.io/aquasecurity/trivy-checks:0 + checks-bundle-repository: ghcr.io/aquasecurity/trivy-checks:0 + + cloudformation: + # Same as '--cf-params' + # Default is [] + params: [] + + helm: + # Same as '--helm-api-versions' + # Default is [] + api-versions: [] + + # Same as '--helm-kube-version' # Default is - key: + kube-version: - # Same as '--redis-tls' + # Same as '--helm-set' + # Default is [] + set: [] + + # Same as '--helm-set-file' + # Default is [] + set-file: [] + + # Same as '--helm-set-string' + # Default is [] + set-string: [] + + # Same as '--helm-values' + # Default is [] + values: [] + + # Same as '--include-non-failures' + # Default is false + include-non-failures: false + + # Same as '--reset-checks-bundle' + # Default is false + reset-checks-bundle: false + + # Same as '--misconfig-scanners' + # Default is [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot] + scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot] + + terraform: + # Same as '--tf-exclude-downloaded-modules' # Default is false - tls: false + exclude-downloaded-modules: false - # Same as '--cache-ttl' - # Default is 0s - ttl: 0s + # Same as '--tf-vars' + # Default is [] + vars: [] + +``` + +## Module options + +```yaml +module: + # Same as '--module-dir' + # Default is $HOME/.trivy/modules + dir: $HOME/.trivy/modules + + # Same as '--enable-modules' + # Default is [] + enable-modules: [] ``` diff --git a/magefiles/docs.go b/magefiles/docs.go index ec3b973d7b84..a0a517b31ada 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -86,6 +86,9 @@ func getFlagMetadata(section string, flagGroup any) []*flagMetadata { configName = section + "." + p.ConfigName defaultValue = p.Default case *flag.Flag[string]: + if p == nil { + continue + } name = p.Name configName = section + "." + p.ConfigName defaultValue = p.Default @@ -140,7 +143,18 @@ func buildFlagsTree() map[string]any { metadata := getFlagMetadata("Global", *flag.NewGlobalFlagGroup()) metadata = append(metadata, getFlagMetadata("Report", *flag.NewReportFlagGroup())...) metadata = append(metadata, getFlagMetadata("Image", *flag.NewImageFlagGroup())...) + metadata = append(metadata, getFlagMetadata("DB", *flag.NewDBFlagGroup())...) metadata = append(metadata, getFlagMetadata("Cache", *flag.NewCacheFlagGroup())...) + metadata = append(metadata, getFlagMetadata("License", *flag.NewLicenseFlagGroup())...) + metadata = append(metadata, getFlagMetadata("Misconfiguration", *flag.NewMisconfFlagGroup())...) + metadata = append(metadata, getFlagMetadata("Scan", *flag.NewScanFlagGroup())...) + metadata = append(metadata, getFlagMetadata("Module", *flag.NewModuleFlagGroup())...) + metadata = append(metadata, getFlagMetadata("Client/Server", *flag.NewClientFlags())...) + metadata = append(metadata, getFlagMetadata("Registry", *flag.NewRegistryFlagGroup())...) + metadata = append(metadata, getFlagMetadata("Rego", *flag.NewRegoFlagGroup())...) + metadata = append(metadata, getFlagMetadata("Secret", *flag.NewSecretFlagGroup())...) + metadata = append(metadata, getFlagMetadata("Vulnerability", *flag.NewVulnerabilityFlagGroup())...) + for _, m := range metadata { addToMap(res, strings.Split(m.configName, "."), m) } From ec09bd19c35eafc5b07722979590bb0328ce2032 Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 31 Jul 2024 15:04:13 +0600 Subject: [PATCH 05/27] add k8s and repo flags --- .../references/configuration/config-file.md | 516 ++++++++++-------- magefiles/docs.go | 2 + 2 files changed, 303 insertions(+), 215 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index e4477d467065..38c0664c437f 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -5,6 +5,170 @@ The config path can be overridden by the `--config` flag. An example is [here][example]. +## Module options + +```yaml +module: + # Same as '--module-dir' + # Default is $HOME/.trivy/modules + dir: $HOME/.trivy/modules + + # Same as '--enable-modules' + # Default is [] + enable-modules: [] + +``` + +## Vulnerability options + +```yaml +vulnerability: + # Same as '--ignore-status' + # Default is [] + ignore-status: [] + + # Same as '--ignore-unfixed' + # Default is false + ignore-unfixed: false + + # Same as '--skip-vex-repo-update' + # Default is false + skip-vex-repo-update: false + + # Same as '--vex' + # Default is [] + vex: [] + +``` + +## Kubernetes options + +```yaml +kubernetes: + # Same as '--burst' + # Default is 10 + burst: 10 + + # Same as '--disable-node-collector' + # Default is false + disableNodeCollector: false + + exclude: + # Same as '--exclude-nodes' + # Default is [] + nodes: [] + + # Same as '--exclude-owned' + # Default is false + owned: false + + # Same as '--exclude-kinds' + # Default is [] + excludeKinds: [] + + # Same as '--exclude-namespaces' + # Default is [] + excludeNamespaces: [] + + # Same as '--include-kinds' + # Default is [] + includeKinds: [] + + # Same as '--include-namespaces' + # Default is [] + includeNamespaces: [] + + # Same as '--k8s-version' + # Default is + k8s-version: + + # Same as '--kubeconfig' + # Default is + kubeconfig: + + node-collector: + # Same as '--node-collector-imageref' + # Default is ghcr.io/aquasecurity/node-collector:0.3.1 + imageref: ghcr.io/aquasecurity/node-collector:0.3.1 + + # Same as '--node-collector-namespace' + # Default is trivy-temp + namespace: trivy-temp + + # Same as '--qps' + # Default is 5 + qps: 5 + + # Same as '--skip-images' + # Default is false + skipImages: false + + # Same as '--tolerations' + # Default is [] + tolerations: [] + +``` + +## License options + +```yaml +license: + # Same as '--license-confidence-level' + # Default is 0.9 + confidenceLevel: 0.9 + + # Same as '--' + # Default is [AGPL-1.0 AGPL-3.0 CC-BY-NC-1.0 CC-BY-NC-2.0 CC-BY-NC-2.5 CC-BY-NC-3.0 CC-BY-NC-4.0 CC-BY-NC-ND-1.0 CC-BY-NC-ND-2.0 CC-BY-NC-ND-2.5 CC-BY-NC-ND-3.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-1.0 CC-BY-NC-SA-2.0 CC-BY-NC-SA-2.5 CC-BY-NC-SA-3.0 CC-BY-NC-SA-4.0 Commons-Clause Facebook-2-Clause Facebook-3-Clause Facebook-Examples WTFPL] + forbidden: [AGPL-1.0 AGPL-3.0 CC-BY-NC-1.0 CC-BY-NC-2.0 CC-BY-NC-2.5 CC-BY-NC-3.0 CC-BY-NC-4.0 CC-BY-NC-ND-1.0 CC-BY-NC-ND-2.0 CC-BY-NC-ND-2.5 CC-BY-NC-ND-3.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-1.0 CC-BY-NC-SA-2.0 CC-BY-NC-SA-2.5 CC-BY-NC-SA-3.0 CC-BY-NC-SA-4.0 Commons-Clause Facebook-2-Clause Facebook-3-Clause Facebook-Examples WTFPL] + + # Same as '--license-full' + # Default is false + full: false + + # Same as '--ignored-licenses' + # Default is [] + ignored: [] + + # Same as '--' + # Default is [AFL-1.1 AFL-1.2 AFL-2.0 AFL-2.1 AFL-3.0 Apache-1.0 Apache-1.1 Apache-2.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-1.0 Artistic-2.0 BSL-1.0 BSD-2-Clause-FreeBSD BSD-2-Clause-NetBSD BSD-2-Clause BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause BSD-4-Clause BSD-4-Clause-UC BSD-Protection CC-BY-1.0 CC-BY-2.0 CC-BY-2.5 CC-BY-3.0 CC-BY-4.0 FTL ISC ImageMagick Libpng Lil-1.0 Linux-OpenIB LPL-1.02 LPL-1.0 MS-PL MIT NCSA OpenSSL PHP-3.01 PHP-3.0 PIL Python-2.0 Python-2.0-complete PostgreSQL SGI-B-1.0 SGI-B-1.1 SGI-B-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 W3C-19980720 W3C-20150513 W3C X11 Xnet Zend-2.0 zlib-acknowledgement Zlib ZPL-1.1 ZPL-2.0 ZPL-2.1] + notice: [AFL-1.1 AFL-1.2 AFL-2.0 AFL-2.1 AFL-3.0 Apache-1.0 Apache-1.1 Apache-2.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-1.0 Artistic-2.0 BSL-1.0 BSD-2-Clause-FreeBSD BSD-2-Clause-NetBSD BSD-2-Clause BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause BSD-4-Clause BSD-4-Clause-UC BSD-Protection CC-BY-1.0 CC-BY-2.0 CC-BY-2.5 CC-BY-3.0 CC-BY-4.0 FTL ISC ImageMagick Libpng Lil-1.0 Linux-OpenIB LPL-1.02 LPL-1.0 MS-PL MIT NCSA OpenSSL PHP-3.01 PHP-3.0 PIL Python-2.0 Python-2.0-complete PostgreSQL SGI-B-1.0 SGI-B-1.1 SGI-B-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 W3C-19980720 W3C-20150513 W3C X11 Xnet Zend-2.0 zlib-acknowledgement Zlib ZPL-1.1 ZPL-2.0 ZPL-2.1] + + # Same as '--' + # Default is [] + permissive: [] + + # Same as '--' + # Default is [APSL-1.0 APSL-1.1 APSL-1.2 APSL-2.0 CDDL-1.0 CDDL-1.1 CPL-1.0 EPL-1.0 EPL-2.0 FreeImage IPL-1.0 MPL-1.0 MPL-1.1 MPL-2.0 Ruby] + reciprocal: [APSL-1.0 APSL-1.1 APSL-1.2 APSL-2.0 CDDL-1.0 CDDL-1.1 CPL-1.0 EPL-1.0 EPL-2.0 FreeImage IPL-1.0 MPL-1.0 MPL-1.1 MPL-2.0 Ruby] + + # Same as '--' + # Default is [BCL CC-BY-ND-1.0 CC-BY-ND-2.0 CC-BY-ND-2.5 CC-BY-ND-3.0 CC-BY-ND-4.0 CC-BY-SA-1.0 CC-BY-SA-2.0 CC-BY-SA-2.5 CC-BY-SA-3.0 CC-BY-SA-4.0 GPL-1.0 GPL-2.0 GPL-2.0-with-autoconf-exception GPL-2.0-with-bison-exception GPL-2.0-with-classpath-exception GPL-2.0-with-font-exception GPL-2.0-with-GCC-exception GPL-3.0 GPL-3.0-with-autoconf-exception GPL-3.0-with-GCC-exception LGPL-2.0 LGPL-2.1 LGPL-3.0 NPL-1.0 NPL-1.1 OSL-1.0 OSL-1.1 OSL-2.0 OSL-2.1 OSL-3.0 QPL-1.0 Sleepycat] + restricted: [BCL CC-BY-ND-1.0 CC-BY-ND-2.0 CC-BY-ND-2.5 CC-BY-ND-3.0 CC-BY-ND-4.0 CC-BY-SA-1.0 CC-BY-SA-2.0 CC-BY-SA-2.5 CC-BY-SA-3.0 CC-BY-SA-4.0 GPL-1.0 GPL-2.0 GPL-2.0-with-autoconf-exception GPL-2.0-with-bison-exception GPL-2.0-with-classpath-exception GPL-2.0-with-font-exception GPL-2.0-with-GCC-exception GPL-3.0 GPL-3.0-with-autoconf-exception GPL-3.0-with-GCC-exception LGPL-2.0 LGPL-2.1 LGPL-3.0 NPL-1.0 NPL-1.1 OSL-1.0 OSL-1.1 OSL-2.0 OSL-2.1 OSL-3.0 QPL-1.0 Sleepycat] + + # Same as '--' + # Default is [CC0-1.0 Unlicense 0BSD] + unencumbered: [CC0-1.0 Unlicense 0BSD] + +``` + +## Registry options + +```yaml +registry: + # Same as '--password' + # Default is [] + password: [] + + # Same as '--registry-token' + # Default is + token: + + # Same as '--username' + # Default is [] + username: [] + +``` + ## Global options ```yaml @@ -116,133 +280,25 @@ cache: ``` -## Scan options +## Client/Server options ```yaml -scan: - # Same as '--file-patterns' - # Default is [] - file-patterns: [] - - # Same as '--include-dev-deps' - # Default is false - include-dev-deps: false - - # Same as '--offline-scan' - # Default is false - offline: false - - # Same as '--parallel' - # Default is 5 - parallel: 5 - - # Same as '--rekor-url' - # Default is https://rekor.sigstore.dev - rekor-url: https://rekor.sigstore.dev - - # Same as '--sbom-sources' - # Default is [] - sbom-sources: [] - - # Same as '--scanners' - # Default is [vuln secret] - scanners: [vuln secret] - - # Same as '--skip-dirs' - # Default is [] - skip-dirs: [] - - # Same as '--skip-files' - # Default is [] - skip-files: [] - - # Same as '--slow' - # Default is false - slow: false - -``` - -## Registry options - -```yaml -registry: - # Same as '--password' - # Default is [] - password: [] - - # Same as '--registry-token' +server: + # Same as '--server' # Default is - token: + addr: - # Same as '--username' + # Same as '--custom-headers' # Default is [] - username: [] - -``` - -## Report options - -```yaml -# Same as '--dependency-tree' -# Default is false -dependency-tree: false - -# Same as '--exit-code' -# Default is 0 -exit-code: 0 - -# Same as '--exit-on-eol' -# Default is 0 -exit-on-eol: 0 - -# Same as '--format' -# Default is table -format: table - -# Same as '--ignore-policy' -# Default is -ignore-policy: - -# Same as '--ignorefile' -# Default is .trivyignore -ignorefile: .trivyignore - -# Same as '--list-all-pkgs' -# Default is false -list-all-pkgs: false - -# Same as '--output' -# Default is -output: - -# Same as '--output-plugin-arg' -# Default is -output-plugin-arg: - -# Same as '--pkg-types' -# Default is [os library] -pkg-types: [os library] - -# Same as '--report' -# Default is all -report: all + custom-headers: [] -scan: - # Same as '--compliance' + # Same as '--token' # Default is - compliance: - - # Same as '--show-suppressed' - # Default is false - show-suppressed: false - -# Same as '--severity' -# Default is [UNKNOWN LOW MEDIUM HIGH CRITICAL] -severity: [UNKNOWN LOW MEDIUM HIGH CRITICAL] + token: -# Same as '--template' -# Default is -template: + # Same as '--token-header' + # Default is Trivy-Token + token-header: Trivy-Token ``` @@ -276,25 +332,21 @@ rego: ``` -## Vulnerability options +## Repository options ```yaml -vulnerability: - # Same as '--ignore-status' - # Default is [] - ignore-status: [] - - # Same as '--ignore-unfixed' - # Default is false - ignore-unfixed: false +repository: + # Same as '--branch' + # Default is + branch: - # Same as '--skip-vex-repo-update' - # Default is false - skip-vex-repo-update: false + # Same as '--commit' + # Default is + commit: - # Same as '--vex' - # Default is [] - vex: [] + # Same as '--tag' + # Default is + tag: ``` @@ -334,80 +386,6 @@ image: ``` -## Client/server options - -```yaml -server: - # Same as '--server' - # Default is - addr: - - # Same as '--custom-headers' - # Default is [] - custom-headers: [] - - # Same as '--token' - # Default is - token: - - # Same as '--token-header' - # Default is Trivy-Token - token-header: Trivy-Token - -``` - -## Secret options - -```yaml -secret: - # Same as '--secret-config' - # Default is trivy-secret.yaml - config: trivy-secret.yaml - -``` - -## License options - -```yaml -license: - # Same as '--license-confidence-level' - # Default is 0.9 - confidenceLevel: 0.9 - - # Same as '--' - # Default is [AGPL-1.0 AGPL-3.0 CC-BY-NC-1.0 CC-BY-NC-2.0 CC-BY-NC-2.5 CC-BY-NC-3.0 CC-BY-NC-4.0 CC-BY-NC-ND-1.0 CC-BY-NC-ND-2.0 CC-BY-NC-ND-2.5 CC-BY-NC-ND-3.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-1.0 CC-BY-NC-SA-2.0 CC-BY-NC-SA-2.5 CC-BY-NC-SA-3.0 CC-BY-NC-SA-4.0 Commons-Clause Facebook-2-Clause Facebook-3-Clause Facebook-Examples WTFPL] - forbidden: [AGPL-1.0 AGPL-3.0 CC-BY-NC-1.0 CC-BY-NC-2.0 CC-BY-NC-2.5 CC-BY-NC-3.0 CC-BY-NC-4.0 CC-BY-NC-ND-1.0 CC-BY-NC-ND-2.0 CC-BY-NC-ND-2.5 CC-BY-NC-ND-3.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-1.0 CC-BY-NC-SA-2.0 CC-BY-NC-SA-2.5 CC-BY-NC-SA-3.0 CC-BY-NC-SA-4.0 Commons-Clause Facebook-2-Clause Facebook-3-Clause Facebook-Examples WTFPL] - - # Same as '--license-full' - # Default is false - full: false - - # Same as '--ignored-licenses' - # Default is [] - ignored: [] - - # Same as '--' - # Default is [AFL-1.1 AFL-1.2 AFL-2.0 AFL-2.1 AFL-3.0 Apache-1.0 Apache-1.1 Apache-2.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-1.0 Artistic-2.0 BSL-1.0 BSD-2-Clause-FreeBSD BSD-2-Clause-NetBSD BSD-2-Clause BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause BSD-4-Clause BSD-4-Clause-UC BSD-Protection CC-BY-1.0 CC-BY-2.0 CC-BY-2.5 CC-BY-3.0 CC-BY-4.0 FTL ISC ImageMagick Libpng Lil-1.0 Linux-OpenIB LPL-1.02 LPL-1.0 MS-PL MIT NCSA OpenSSL PHP-3.01 PHP-3.0 PIL Python-2.0 Python-2.0-complete PostgreSQL SGI-B-1.0 SGI-B-1.1 SGI-B-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 W3C-19980720 W3C-20150513 W3C X11 Xnet Zend-2.0 zlib-acknowledgement Zlib ZPL-1.1 ZPL-2.0 ZPL-2.1] - notice: [AFL-1.1 AFL-1.2 AFL-2.0 AFL-2.1 AFL-3.0 Apache-1.0 Apache-1.1 Apache-2.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-1.0 Artistic-2.0 BSL-1.0 BSD-2-Clause-FreeBSD BSD-2-Clause-NetBSD BSD-2-Clause BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause BSD-4-Clause BSD-4-Clause-UC BSD-Protection CC-BY-1.0 CC-BY-2.0 CC-BY-2.5 CC-BY-3.0 CC-BY-4.0 FTL ISC ImageMagick Libpng Lil-1.0 Linux-OpenIB LPL-1.02 LPL-1.0 MS-PL MIT NCSA OpenSSL PHP-3.01 PHP-3.0 PIL Python-2.0 Python-2.0-complete PostgreSQL SGI-B-1.0 SGI-B-1.1 SGI-B-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 W3C-19980720 W3C-20150513 W3C X11 Xnet Zend-2.0 zlib-acknowledgement Zlib ZPL-1.1 ZPL-2.0 ZPL-2.1] - - # Same as '--' - # Default is [] - permissive: [] - - # Same as '--' - # Default is [APSL-1.0 APSL-1.1 APSL-1.2 APSL-2.0 CDDL-1.0 CDDL-1.1 CPL-1.0 EPL-1.0 EPL-2.0 FreeImage IPL-1.0 MPL-1.0 MPL-1.1 MPL-2.0 Ruby] - reciprocal: [APSL-1.0 APSL-1.1 APSL-1.2 APSL-2.0 CDDL-1.0 CDDL-1.1 CPL-1.0 EPL-1.0 EPL-2.0 FreeImage IPL-1.0 MPL-1.0 MPL-1.1 MPL-2.0 Ruby] - - # Same as '--' - # Default is [BCL CC-BY-ND-1.0 CC-BY-ND-2.0 CC-BY-ND-2.5 CC-BY-ND-3.0 CC-BY-ND-4.0 CC-BY-SA-1.0 CC-BY-SA-2.0 CC-BY-SA-2.5 CC-BY-SA-3.0 CC-BY-SA-4.0 GPL-1.0 GPL-2.0 GPL-2.0-with-autoconf-exception GPL-2.0-with-bison-exception GPL-2.0-with-classpath-exception GPL-2.0-with-font-exception GPL-2.0-with-GCC-exception GPL-3.0 GPL-3.0-with-autoconf-exception GPL-3.0-with-GCC-exception LGPL-2.0 LGPL-2.1 LGPL-3.0 NPL-1.0 NPL-1.1 OSL-1.0 OSL-1.1 OSL-2.0 OSL-2.1 OSL-3.0 QPL-1.0 Sleepycat] - restricted: [BCL CC-BY-ND-1.0 CC-BY-ND-2.0 CC-BY-ND-2.5 CC-BY-ND-3.0 CC-BY-ND-4.0 CC-BY-SA-1.0 CC-BY-SA-2.0 CC-BY-SA-2.5 CC-BY-SA-3.0 CC-BY-SA-4.0 GPL-1.0 GPL-2.0 GPL-2.0-with-autoconf-exception GPL-2.0-with-bison-exception GPL-2.0-with-classpath-exception GPL-2.0-with-font-exception GPL-2.0-with-GCC-exception GPL-3.0 GPL-3.0-with-autoconf-exception GPL-3.0-with-GCC-exception LGPL-2.0 LGPL-2.1 LGPL-3.0 NPL-1.0 NPL-1.1 OSL-1.0 OSL-1.1 OSL-2.0 OSL-2.1 OSL-3.0 QPL-1.0 Sleepycat] - - # Same as '--' - # Default is [CC0-1.0 Unlicense 0BSD] - unencumbered: [CC0-1.0 Unlicense 0BSD] - -``` - ## Misconfiguration options ```yaml @@ -469,17 +447,125 @@ misconfiguration: ``` -## Module options +## Scan options ```yaml -module: - # Same as '--module-dir' - # Default is $HOME/.trivy/modules - dir: $HOME/.trivy/modules +scan: + # Same as '--file-patterns' + # Default is [] + file-patterns: [] - # Same as '--enable-modules' + # Same as '--include-dev-deps' + # Default is false + include-dev-deps: false + + # Same as '--offline-scan' + # Default is false + offline: false + + # Same as '--parallel' + # Default is 5 + parallel: 5 + + # Same as '--rekor-url' + # Default is https://rekor.sigstore.dev + rekor-url: https://rekor.sigstore.dev + + # Same as '--sbom-sources' # Default is [] - enable-modules: [] + sbom-sources: [] + + # Same as '--scanners' + # Default is [vuln secret] + scanners: [vuln secret] + + # Same as '--skip-dirs' + # Default is [] + skip-dirs: [] + + # Same as '--skip-files' + # Default is [] + skip-files: [] + + # Same as '--slow' + # Default is false + slow: false + +``` + +## Secret options + +```yaml +secret: + # Same as '--secret-config' + # Default is trivy-secret.yaml + config: trivy-secret.yaml + +``` + +## Report options + +```yaml +# Same as '--dependency-tree' +# Default is false +dependency-tree: false + +# Same as '--exit-code' +# Default is 0 +exit-code: 0 + +# Same as '--exit-on-eol' +# Default is 0 +exit-on-eol: 0 + +# Same as '--format' +# Default is table +format: table + +# Same as '--ignore-policy' +# Default is +ignore-policy: + +# Same as '--ignorefile' +# Default is .trivyignore +ignorefile: .trivyignore + +# Same as '--list-all-pkgs' +# Default is false +list-all-pkgs: false + +# Same as '--output' +# Default is +output: + +# Same as '--output-plugin-arg' +# Default is +output-plugin-arg: + +# Same as '--pkg-types' +# Default is [os library] +pkg-types: [os library] + +# Same as '--report' +# Default is all +report: all + +scan: + # Same as '--compliance' + # Default is + compliance: + + # Same as '--show-suppressed' + # Default is false + show-suppressed: false + +# Same as '--severity' +# Default is [UNKNOWN LOW MEDIUM HIGH CRITICAL] +severity: [UNKNOWN LOW MEDIUM HIGH CRITICAL] + +# Same as '--template' +# Default is +template: ``` diff --git a/magefiles/docs.go b/magefiles/docs.go index a0a517b31ada..f427a44fbb98 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -154,6 +154,8 @@ func buildFlagsTree() map[string]any { metadata = append(metadata, getFlagMetadata("Rego", *flag.NewRegoFlagGroup())...) metadata = append(metadata, getFlagMetadata("Secret", *flag.NewSecretFlagGroup())...) metadata = append(metadata, getFlagMetadata("Vulnerability", *flag.NewVulnerabilityFlagGroup())...) + metadata = append(metadata, getFlagMetadata("Kubernetes", *flag.NewK8sFlagGroup())...) + metadata = append(metadata, getFlagMetadata("Repository", *flag.NewRepoFlagGroup())...) for _, m := range metadata { addToMap(res, strings.Split(m.configName, "."), m) From bb91aaeb1606d24650e9fc22c98e3c0e32aa69ad Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 31 Jul 2024 15:14:19 +0600 Subject: [PATCH 06/27] sort sections --- .../references/configuration/config-file.md | 588 +++++++++--------- magefiles/docs.go | 34 +- 2 files changed, 311 insertions(+), 311 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index 38c0664c437f..7e2fb99fef6d 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -5,167 +5,98 @@ The config path can be overridden by the `--config` flag. An example is [here][example]. -## Module options +## Cache options ```yaml -module: - # Same as '--module-dir' - # Default is $HOME/.trivy/modules - dir: $HOME/.trivy/modules - - # Same as '--enable-modules' - # Default is [] - enable-modules: [] - -``` +cache: + # Same as '--cache-backend' + # Default is fs + backend: fs -## Vulnerability options + redis: + # Same as '--redis-ca' + # Default is + ca: -```yaml -vulnerability: - # Same as '--ignore-status' - # Default is [] - ignore-status: [] + # Same as '--redis-cert' + # Default is + cert: - # Same as '--ignore-unfixed' - # Default is false - ignore-unfixed: false + # Same as '--redis-key' + # Default is + key: - # Same as '--skip-vex-repo-update' - # Default is false - skip-vex-repo-update: false + # Same as '--redis-tls' + # Default is false + tls: false - # Same as '--vex' - # Default is [] - vex: [] + # Same as '--cache-ttl' + # Default is 0s + ttl: 0s ``` -## Kubernetes options +## Client/Server options ```yaml -kubernetes: - # Same as '--burst' - # Default is 10 - burst: 10 - - # Same as '--disable-node-collector' - # Default is false - disableNodeCollector: false - - exclude: - # Same as '--exclude-nodes' - # Default is [] - nodes: [] - - # Same as '--exclude-owned' - # Default is false - owned: false - - # Same as '--exclude-kinds' - # Default is [] - excludeKinds: [] - - # Same as '--exclude-namespaces' - # Default is [] - excludeNamespaces: [] - - # Same as '--include-kinds' - # Default is [] - includeKinds: [] +server: + # Same as '--server' + # Default is + addr: - # Same as '--include-namespaces' + # Same as '--custom-headers' # Default is [] - includeNamespaces: [] - - # Same as '--k8s-version' - # Default is - k8s-version: + custom-headers: [] - # Same as '--kubeconfig' + # Same as '--token' # Default is - kubeconfig: - - node-collector: - # Same as '--node-collector-imageref' - # Default is ghcr.io/aquasecurity/node-collector:0.3.1 - imageref: ghcr.io/aquasecurity/node-collector:0.3.1 - - # Same as '--node-collector-namespace' - # Default is trivy-temp - namespace: trivy-temp - - # Same as '--qps' - # Default is 5 - qps: 5 - - # Same as '--skip-images' - # Default is false - skipImages: false + token: - # Same as '--tolerations' - # Default is [] - tolerations: [] + # Same as '--token-header' + # Default is Trivy-Token + token-header: Trivy-Token ``` -## License options +## DB options ```yaml -license: - # Same as '--license-confidence-level' - # Default is 0.9 - confidenceLevel: 0.9 - - # Same as '--' - # Default is [AGPL-1.0 AGPL-3.0 CC-BY-NC-1.0 CC-BY-NC-2.0 CC-BY-NC-2.5 CC-BY-NC-3.0 CC-BY-NC-4.0 CC-BY-NC-ND-1.0 CC-BY-NC-ND-2.0 CC-BY-NC-ND-2.5 CC-BY-NC-ND-3.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-1.0 CC-BY-NC-SA-2.0 CC-BY-NC-SA-2.5 CC-BY-NC-SA-3.0 CC-BY-NC-SA-4.0 Commons-Clause Facebook-2-Clause Facebook-3-Clause Facebook-Examples WTFPL] - forbidden: [AGPL-1.0 AGPL-3.0 CC-BY-NC-1.0 CC-BY-NC-2.0 CC-BY-NC-2.5 CC-BY-NC-3.0 CC-BY-NC-4.0 CC-BY-NC-ND-1.0 CC-BY-NC-ND-2.0 CC-BY-NC-ND-2.5 CC-BY-NC-ND-3.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-1.0 CC-BY-NC-SA-2.0 CC-BY-NC-SA-2.5 CC-BY-NC-SA-3.0 CC-BY-NC-SA-4.0 Commons-Clause Facebook-2-Clause Facebook-3-Clause Facebook-Examples WTFPL] - - # Same as '--license-full' +db: + # Same as '--download-java-db-only' # Default is false - full: false - - # Same as '--ignored-licenses' - # Default is [] - ignored: [] - - # Same as '--' - # Default is [AFL-1.1 AFL-1.2 AFL-2.0 AFL-2.1 AFL-3.0 Apache-1.0 Apache-1.1 Apache-2.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-1.0 Artistic-2.0 BSL-1.0 BSD-2-Clause-FreeBSD BSD-2-Clause-NetBSD BSD-2-Clause BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause BSD-4-Clause BSD-4-Clause-UC BSD-Protection CC-BY-1.0 CC-BY-2.0 CC-BY-2.5 CC-BY-3.0 CC-BY-4.0 FTL ISC ImageMagick Libpng Lil-1.0 Linux-OpenIB LPL-1.02 LPL-1.0 MS-PL MIT NCSA OpenSSL PHP-3.01 PHP-3.0 PIL Python-2.0 Python-2.0-complete PostgreSQL SGI-B-1.0 SGI-B-1.1 SGI-B-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 W3C-19980720 W3C-20150513 W3C X11 Xnet Zend-2.0 zlib-acknowledgement Zlib ZPL-1.1 ZPL-2.0 ZPL-2.1] - notice: [AFL-1.1 AFL-1.2 AFL-2.0 AFL-2.1 AFL-3.0 Apache-1.0 Apache-1.1 Apache-2.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-1.0 Artistic-2.0 BSL-1.0 BSD-2-Clause-FreeBSD BSD-2-Clause-NetBSD BSD-2-Clause BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause BSD-4-Clause BSD-4-Clause-UC BSD-Protection CC-BY-1.0 CC-BY-2.0 CC-BY-2.5 CC-BY-3.0 CC-BY-4.0 FTL ISC ImageMagick Libpng Lil-1.0 Linux-OpenIB LPL-1.02 LPL-1.0 MS-PL MIT NCSA OpenSSL PHP-3.01 PHP-3.0 PIL Python-2.0 Python-2.0-complete PostgreSQL SGI-B-1.0 SGI-B-1.1 SGI-B-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 W3C-19980720 W3C-20150513 W3C X11 Xnet Zend-2.0 zlib-acknowledgement Zlib ZPL-1.1 ZPL-2.0 ZPL-2.1] - - # Same as '--' - # Default is [] - permissive: [] + download-java-only: false - # Same as '--' - # Default is [APSL-1.0 APSL-1.1 APSL-1.2 APSL-2.0 CDDL-1.0 CDDL-1.1 CPL-1.0 EPL-1.0 EPL-2.0 FreeImage IPL-1.0 MPL-1.0 MPL-1.1 MPL-2.0 Ruby] - reciprocal: [APSL-1.0 APSL-1.1 APSL-1.2 APSL-2.0 CDDL-1.0 CDDL-1.1 CPL-1.0 EPL-1.0 EPL-2.0 FreeImage IPL-1.0 MPL-1.0 MPL-1.1 MPL-2.0 Ruby] + # Same as '--download-db-only' + # Default is false + download-only: false - # Same as '--' - # Default is [BCL CC-BY-ND-1.0 CC-BY-ND-2.0 CC-BY-ND-2.5 CC-BY-ND-3.0 CC-BY-ND-4.0 CC-BY-SA-1.0 CC-BY-SA-2.0 CC-BY-SA-2.5 CC-BY-SA-3.0 CC-BY-SA-4.0 GPL-1.0 GPL-2.0 GPL-2.0-with-autoconf-exception GPL-2.0-with-bison-exception GPL-2.0-with-classpath-exception GPL-2.0-with-font-exception GPL-2.0-with-GCC-exception GPL-3.0 GPL-3.0-with-autoconf-exception GPL-3.0-with-GCC-exception LGPL-2.0 LGPL-2.1 LGPL-3.0 NPL-1.0 NPL-1.1 OSL-1.0 OSL-1.1 OSL-2.0 OSL-2.1 OSL-3.0 QPL-1.0 Sleepycat] - restricted: [BCL CC-BY-ND-1.0 CC-BY-ND-2.0 CC-BY-ND-2.5 CC-BY-ND-3.0 CC-BY-ND-4.0 CC-BY-SA-1.0 CC-BY-SA-2.0 CC-BY-SA-2.5 CC-BY-SA-3.0 CC-BY-SA-4.0 GPL-1.0 GPL-2.0 GPL-2.0-with-autoconf-exception GPL-2.0-with-bison-exception GPL-2.0-with-classpath-exception GPL-2.0-with-font-exception GPL-2.0-with-GCC-exception GPL-3.0 GPL-3.0-with-autoconf-exception GPL-3.0-with-GCC-exception LGPL-2.0 LGPL-2.1 LGPL-3.0 NPL-1.0 NPL-1.1 OSL-1.0 OSL-1.1 OSL-2.0 OSL-2.1 OSL-3.0 QPL-1.0 Sleepycat] + # Same as '--java-db-repository' + # Default is ghcr.io/aquasecurity/trivy-java-db:1 + java-repository: ghcr.io/aquasecurity/trivy-java-db:1 - # Same as '--' - # Default is [CC0-1.0 Unlicense 0BSD] - unencumbered: [CC0-1.0 Unlicense 0BSD] + # Same as '--skip-java-db-update' + # Default is false + java-skip-update: false -``` + # Same as '--light' + # Default is false + light: false -## Registry options + # Same as '--no-progress' + # Default is false + no-progress: false -```yaml -registry: - # Same as '--password' - # Default is [] - password: [] + # Same as '--db-repository' + # Default is ghcr.io/aquasecurity/trivy-db:2 + repository: ghcr.io/aquasecurity/trivy-db:2 - # Same as '--registry-token' - # Default is - token: + # Same as '--skip-db-update' + # Default is false + skip-update: false - # Same as '--username' - # Default is [] - username: [] +# Same as '--reset' +# Default is false +reset: false ``` @@ -207,182 +138,149 @@ version: false ``` -## DB options +## Image options ```yaml -db: - # Same as '--download-java-db-only' - # Default is false - download-java-only: false - - # Same as '--download-db-only' - # Default is false - download-only: false - - # Same as '--java-db-repository' - # Default is ghcr.io/aquasecurity/trivy-java-db:1 - java-repository: ghcr.io/aquasecurity/trivy-java-db:1 +image: + docker: + # Same as '--docker-host' + # Default is + host: - # Same as '--skip-java-db-update' - # Default is false - java-skip-update: false + # Same as '--image-config-scanners' + # Default is [] + image-config-scanners: [] - # Same as '--light' - # Default is false - light: false + # Same as '--input' + # Default is + input: - # Same as '--no-progress' - # Default is false - no-progress: false + # Same as '--platform' + # Default is + platform: - # Same as '--db-repository' - # Default is ghcr.io/aquasecurity/trivy-db:2 - repository: ghcr.io/aquasecurity/trivy-db:2 + podman: + # Same as '--podman-host' + # Default is + host: - # Same as '--skip-db-update' + # Same as '--removed-pkgs' # Default is false - skip-update: false + removed-pkgs: false -# Same as '--reset' -# Default is false -reset: false + # Same as '--image-src' + # Default is [docker containerd podman remote] + source: [docker containerd podman remote] ``` -## Cache options +## Kubernetes options ```yaml -cache: - # Same as '--cache-backend' - # Default is fs - backend: fs - - redis: - # Same as '--redis-ca' - # Default is - ca: +kubernetes: + # Same as '--burst' + # Default is 10 + burst: 10 - # Same as '--redis-cert' - # Default is - cert: + # Same as '--disable-node-collector' + # Default is false + disableNodeCollector: false - # Same as '--redis-key' - # Default is - key: + exclude: + # Same as '--exclude-nodes' + # Default is [] + nodes: [] - # Same as '--redis-tls' + # Same as '--exclude-owned' # Default is false - tls: false - - # Same as '--cache-ttl' - # Default is 0s - ttl: 0s + owned: false -``` + # Same as '--exclude-kinds' + # Default is [] + excludeKinds: [] -## Client/Server options + # Same as '--exclude-namespaces' + # Default is [] + excludeNamespaces: [] -```yaml -server: - # Same as '--server' - # Default is - addr: + # Same as '--include-kinds' + # Default is [] + includeKinds: [] - # Same as '--custom-headers' + # Same as '--include-namespaces' # Default is [] - custom-headers: [] + includeNamespaces: [] - # Same as '--token' + # Same as '--k8s-version' # Default is - token: - - # Same as '--token-header' - # Default is Trivy-Token - token-header: Trivy-Token - -``` - -## Rego options + k8s-version: -```yaml -rego: - # Same as '--config-check' - # Default is [] - check: [] + # Same as '--kubeconfig' + # Default is + kubeconfig: - # Same as '--config-data' - # Default is [] - data: [] + node-collector: + # Same as '--node-collector-imageref' + # Default is ghcr.io/aquasecurity/node-collector:0.3.1 + imageref: ghcr.io/aquasecurity/node-collector:0.3.1 - # Same as '--include-deprecated-checks' - # Default is false - include-deprecated-checks: false + # Same as '--node-collector-namespace' + # Default is trivy-temp + namespace: trivy-temp - # Same as '--check-namespaces' - # Default is [] - namespaces: [] + # Same as '--qps' + # Default is 5 + qps: 5 - # Same as '--skip-check-update' + # Same as '--skip-images' # Default is false - skip-check-update: false + skipImages: false - # Same as '--trace' - # Default is false - trace: false + # Same as '--tolerations' + # Default is [] + tolerations: [] ``` -## Repository options +## License options ```yaml -repository: - # Same as '--branch' - # Default is - branch: - - # Same as '--commit' - # Default is - commit: - - # Same as '--tag' - # Default is - tag: - -``` +license: + # Same as '--license-confidence-level' + # Default is 0.9 + confidenceLevel: 0.9 -## Image options + # Same as '--' + # Default is [AGPL-1.0 AGPL-3.0 CC-BY-NC-1.0 CC-BY-NC-2.0 CC-BY-NC-2.5 CC-BY-NC-3.0 CC-BY-NC-4.0 CC-BY-NC-ND-1.0 CC-BY-NC-ND-2.0 CC-BY-NC-ND-2.5 CC-BY-NC-ND-3.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-1.0 CC-BY-NC-SA-2.0 CC-BY-NC-SA-2.5 CC-BY-NC-SA-3.0 CC-BY-NC-SA-4.0 Commons-Clause Facebook-2-Clause Facebook-3-Clause Facebook-Examples WTFPL] + forbidden: [AGPL-1.0 AGPL-3.0 CC-BY-NC-1.0 CC-BY-NC-2.0 CC-BY-NC-2.5 CC-BY-NC-3.0 CC-BY-NC-4.0 CC-BY-NC-ND-1.0 CC-BY-NC-ND-2.0 CC-BY-NC-ND-2.5 CC-BY-NC-ND-3.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-1.0 CC-BY-NC-SA-2.0 CC-BY-NC-SA-2.5 CC-BY-NC-SA-3.0 CC-BY-NC-SA-4.0 Commons-Clause Facebook-2-Clause Facebook-3-Clause Facebook-Examples WTFPL] -```yaml -image: - docker: - # Same as '--docker-host' - # Default is - host: + # Same as '--license-full' + # Default is false + full: false - # Same as '--image-config-scanners' + # Same as '--ignored-licenses' # Default is [] - image-config-scanners: [] + ignored: [] - # Same as '--input' - # Default is - input: + # Same as '--' + # Default is [AFL-1.1 AFL-1.2 AFL-2.0 AFL-2.1 AFL-3.0 Apache-1.0 Apache-1.1 Apache-2.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-1.0 Artistic-2.0 BSL-1.0 BSD-2-Clause-FreeBSD BSD-2-Clause-NetBSD BSD-2-Clause BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause BSD-4-Clause BSD-4-Clause-UC BSD-Protection CC-BY-1.0 CC-BY-2.0 CC-BY-2.5 CC-BY-3.0 CC-BY-4.0 FTL ISC ImageMagick Libpng Lil-1.0 Linux-OpenIB LPL-1.02 LPL-1.0 MS-PL MIT NCSA OpenSSL PHP-3.01 PHP-3.0 PIL Python-2.0 Python-2.0-complete PostgreSQL SGI-B-1.0 SGI-B-1.1 SGI-B-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 W3C-19980720 W3C-20150513 W3C X11 Xnet Zend-2.0 zlib-acknowledgement Zlib ZPL-1.1 ZPL-2.0 ZPL-2.1] + notice: [AFL-1.1 AFL-1.2 AFL-2.0 AFL-2.1 AFL-3.0 Apache-1.0 Apache-1.1 Apache-2.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-1.0 Artistic-2.0 BSL-1.0 BSD-2-Clause-FreeBSD BSD-2-Clause-NetBSD BSD-2-Clause BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause BSD-4-Clause BSD-4-Clause-UC BSD-Protection CC-BY-1.0 CC-BY-2.0 CC-BY-2.5 CC-BY-3.0 CC-BY-4.0 FTL ISC ImageMagick Libpng Lil-1.0 Linux-OpenIB LPL-1.02 LPL-1.0 MS-PL MIT NCSA OpenSSL PHP-3.01 PHP-3.0 PIL Python-2.0 Python-2.0-complete PostgreSQL SGI-B-1.0 SGI-B-1.1 SGI-B-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 W3C-19980720 W3C-20150513 W3C X11 Xnet Zend-2.0 zlib-acknowledgement Zlib ZPL-1.1 ZPL-2.0 ZPL-2.1] - # Same as '--platform' - # Default is - platform: + # Same as '--' + # Default is [] + permissive: [] - podman: - # Same as '--podman-host' - # Default is - host: + # Same as '--' + # Default is [APSL-1.0 APSL-1.1 APSL-1.2 APSL-2.0 CDDL-1.0 CDDL-1.1 CPL-1.0 EPL-1.0 EPL-2.0 FreeImage IPL-1.0 MPL-1.0 MPL-1.1 MPL-2.0 Ruby] + reciprocal: [APSL-1.0 APSL-1.1 APSL-1.2 APSL-2.0 CDDL-1.0 CDDL-1.1 CPL-1.0 EPL-1.0 EPL-2.0 FreeImage IPL-1.0 MPL-1.0 MPL-1.1 MPL-2.0 Ruby] - # Same as '--removed-pkgs' - # Default is false - removed-pkgs: false + # Same as '--' + # Default is [BCL CC-BY-ND-1.0 CC-BY-ND-2.0 CC-BY-ND-2.5 CC-BY-ND-3.0 CC-BY-ND-4.0 CC-BY-SA-1.0 CC-BY-SA-2.0 CC-BY-SA-2.5 CC-BY-SA-3.0 CC-BY-SA-4.0 GPL-1.0 GPL-2.0 GPL-2.0-with-autoconf-exception GPL-2.0-with-bison-exception GPL-2.0-with-classpath-exception GPL-2.0-with-font-exception GPL-2.0-with-GCC-exception GPL-3.0 GPL-3.0-with-autoconf-exception GPL-3.0-with-GCC-exception LGPL-2.0 LGPL-2.1 LGPL-3.0 NPL-1.0 NPL-1.1 OSL-1.0 OSL-1.1 OSL-2.0 OSL-2.1 OSL-3.0 QPL-1.0 Sleepycat] + restricted: [BCL CC-BY-ND-1.0 CC-BY-ND-2.0 CC-BY-ND-2.5 CC-BY-ND-3.0 CC-BY-ND-4.0 CC-BY-SA-1.0 CC-BY-SA-2.0 CC-BY-SA-2.5 CC-BY-SA-3.0 CC-BY-SA-4.0 GPL-1.0 GPL-2.0 GPL-2.0-with-autoconf-exception GPL-2.0-with-bison-exception GPL-2.0-with-classpath-exception GPL-2.0-with-font-exception GPL-2.0-with-GCC-exception GPL-3.0 GPL-3.0-with-autoconf-exception GPL-3.0-with-GCC-exception LGPL-2.0 LGPL-2.1 LGPL-3.0 NPL-1.0 NPL-1.1 OSL-1.0 OSL-1.1 OSL-2.0 OSL-2.1 OSL-3.0 QPL-1.0 Sleepycat] - # Same as '--image-src' - # Default is [docker containerd podman remote] - source: [docker containerd podman remote] + # Same as '--' + # Default is [CC0-1.0 Unlicense 0BSD] + unencumbered: [CC0-1.0 Unlicense 0BSD] ``` @@ -447,59 +345,65 @@ misconfiguration: ``` -## Scan options +## Module options ```yaml -scan: - # Same as '--file-patterns' +module: + # Same as '--module-dir' + # Default is $HOME/.trivy/modules + dir: $HOME/.trivy/modules + + # Same as '--enable-modules' # Default is [] - file-patterns: [] + enable-modules: [] - # Same as '--include-dev-deps' - # Default is false - include-dev-deps: false +``` - # Same as '--offline-scan' - # Default is false - offline: false +## Registry options - # Same as '--parallel' - # Default is 5 - parallel: 5 +```yaml +registry: + # Same as '--password' + # Default is [] + password: [] - # Same as '--rekor-url' - # Default is https://rekor.sigstore.dev - rekor-url: https://rekor.sigstore.dev + # Same as '--registry-token' + # Default is + token: - # Same as '--sbom-sources' + # Same as '--username' # Default is [] - sbom-sources: [] + username: [] - # Same as '--scanners' - # Default is [vuln secret] - scanners: [vuln secret] +``` - # Same as '--skip-dirs' +## Rego options + +```yaml +rego: + # Same as '--config-check' # Default is [] - skip-dirs: [] + check: [] - # Same as '--skip-files' + # Same as '--config-data' # Default is [] - skip-files: [] + data: [] - # Same as '--slow' + # Same as '--include-deprecated-checks' # Default is false - slow: false + include-deprecated-checks: false -``` + # Same as '--check-namespaces' + # Default is [] + namespaces: [] -## Secret options + # Same as '--skip-check-update' + # Default is false + skip-check-update: false -```yaml -secret: - # Same as '--secret-config' - # Default is trivy-secret.yaml - config: trivy-secret.yaml + # Same as '--trace' + # Default is false + trace: false ``` @@ -569,4 +473,100 @@ template: ``` +## Repository options + +```yaml +repository: + # Same as '--branch' + # Default is + branch: + + # Same as '--commit' + # Default is + commit: + + # Same as '--tag' + # Default is + tag: + +``` + +## Scan options + +```yaml +scan: + # Same as '--file-patterns' + # Default is [] + file-patterns: [] + + # Same as '--include-dev-deps' + # Default is false + include-dev-deps: false + + # Same as '--offline-scan' + # Default is false + offline: false + + # Same as '--parallel' + # Default is 5 + parallel: 5 + + # Same as '--rekor-url' + # Default is https://rekor.sigstore.dev + rekor-url: https://rekor.sigstore.dev + + # Same as '--sbom-sources' + # Default is [] + sbom-sources: [] + + # Same as '--scanners' + # Default is [vuln secret] + scanners: [vuln secret] + + # Same as '--skip-dirs' + # Default is [] + skip-dirs: [] + + # Same as '--skip-files' + # Default is [] + skip-files: [] + + # Same as '--slow' + # Default is false + slow: false + +``` + +## Secret options + +```yaml +secret: + # Same as '--secret-config' + # Default is trivy-secret.yaml + config: trivy-secret.yaml + +``` + +## Vulnerability options + +```yaml +vulnerability: + # Same as '--ignore-status' + # Default is [] + ignore-status: [] + + # Same as '--ignore-unfixed' + # Default is false + ignore-unfixed: false + + # Same as '--skip-vex-repo-update' + # Default is false + skip-vex-repo-update: false + + # Same as '--vex' + # Default is [] + vex: [] + +``` + [example]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/examples/trivy-conf/trivy.yaml \ No newline at end of file diff --git a/magefiles/docs.go b/magefiles/docs.go index f427a44fbb98..c32fe5296d8b 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -76,40 +76,40 @@ func getFlagMetadata(section string, flagGroup any) []*flagMetadata { switch p := val.Field(i).Interface().(type) { case *flag.Flag[int]: name = p.Name - configName = section + "." + p.ConfigName + configName = p.ConfigName defaultValue = p.Default case *flag.Flag[bool]: if p == nil { continue } name = p.Name - configName = section + "." + p.ConfigName + configName = p.ConfigName defaultValue = p.Default case *flag.Flag[string]: if p == nil { continue } name = p.Name - configName = section + "." + p.ConfigName + configName = p.ConfigName defaultValue = p.Default case *flag.Flag[[]string]: name = p.Name - configName = section + "." + p.ConfigName + configName = p.ConfigName defaultValue = p.Default case *flag.Flag[time.Duration]: name = p.Name - configName = section + "." + p.ConfigName + configName = p.ConfigName defaultValue = p.Default case *flag.Flag[float64]: name = p.Name - configName = section + "." + p.ConfigName + configName = p.ConfigName defaultValue = p.Default default: continue } result = append(result, &flagMetadata{ name: name, - configName: configName, + configName: section + "." + configName, defaultValue: defaultValue, }) } @@ -164,24 +164,24 @@ func buildFlagsTree() map[string]any { } func genMarkdown(m map[string]any, indent int, w *os.File) { + // Extract and sort keys + keys := make([]string, 0, len(m)) + for key := range m { + keys = append(keys, key) + } + sort.Strings(keys) + if indent == -1 { - for k, v := range m { - w.WriteString("## " + k + " options\n\n") + for _, key := range keys { + w.WriteString("## " + key + " options\n\n") w.WriteString("```yaml\n") - genMarkdown(v.(map[string]any), 0, w) + genMarkdown(m[key].(map[string]any), 0, w) w.WriteString("```\n\n") } return } indentation := strings.Repeat(" ", indent) - // Extract and sort keys - keys := make([]string, 0, len(m)) - for key := range m { - keys = append(keys, key) - } - sort.Strings(keys) - for _, key := range keys { switch v := m[key].(type) { case map[string]any: From 3ab1cd18ca6930bbc1cc01b422fd93437a9fd061 Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 31 Jul 2024 15:18:56 +0600 Subject: [PATCH 07/27] add clean options --- .../references/configuration/config-file.md | 30 +++++++++++++++++++ magefiles/docs.go | 1 + 2 files changed, 31 insertions(+) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index 7e2fb99fef6d..8798b325bb83 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -36,6 +36,36 @@ cache: ``` +## Clean options + +```yaml +clean: + # Same as '--all' + # Default is false + all: false + + # Same as '--checks-bundle' + # Default is false + checks-bundle: false + + # Same as '--java-db' + # Default is false + java-db: false + + # Same as '--scan-cache' + # Default is false + scan-cache: false + + # Same as '--vex-repo' + # Default is false + vex-repo: false + + # Same as '--vuln-db' + # Default is false + vuln-db: false + +``` + ## Client/Server options ```yaml diff --git a/magefiles/docs.go b/magefiles/docs.go index c32fe5296d8b..3b8721f78b1b 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -156,6 +156,7 @@ func buildFlagsTree() map[string]any { metadata = append(metadata, getFlagMetadata("Vulnerability", *flag.NewVulnerabilityFlagGroup())...) metadata = append(metadata, getFlagMetadata("Kubernetes", *flag.NewK8sFlagGroup())...) metadata = append(metadata, getFlagMetadata("Repository", *flag.NewRepoFlagGroup())...) + metadata = append(metadata, getFlagMetadata("Clean", *flag.NewCleanFlagGroup())...) for _, m := range metadata { addToMap(res, strings.Split(m.configName, "."), m) From 771b1777dd62270f1b2bd4865091193e9b30f417 Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 31 Jul 2024 15:56:14 +0600 Subject: [PATCH 08/27] split default value and examples --- .../references/configuration/config-file.md | 42 ++++++------ magefiles/docs.go | 66 +++++++++++-------- 2 files changed, 60 insertions(+), 48 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index 8798b325bb83..c8b4c7f5e0f4 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -15,15 +15,15 @@ cache: redis: # Same as '--redis-ca' - # Default is + # Default is empty ca: # Same as '--redis-cert' - # Default is + # Default is empty cert: # Same as '--redis-key' - # Default is + # Default is empty key: # Same as '--redis-tls' @@ -71,7 +71,7 @@ clean: ```yaml server: # Same as '--server' - # Default is + # Default is empty addr: # Same as '--custom-headers' @@ -79,7 +79,7 @@ server: custom-headers: [] # Same as '--token' - # Default is + # Default is empty token: # Same as '--token-header' @@ -174,7 +174,7 @@ version: false image: docker: # Same as '--docker-host' - # Default is + # Default is empty host: # Same as '--image-config-scanners' @@ -182,16 +182,16 @@ image: image-config-scanners: [] # Same as '--input' - # Default is + # Default is empty input: # Same as '--platform' - # Default is + # Default is empty platform: podman: # Same as '--podman-host' - # Default is + # Default is empty host: # Same as '--removed-pkgs' @@ -242,11 +242,11 @@ kubernetes: includeNamespaces: [] # Same as '--k8s-version' - # Default is + # Default is empty k8s-version: # Same as '--kubeconfig' - # Default is + # Default is empty kubeconfig: node-collector: @@ -333,7 +333,7 @@ misconfiguration: api-versions: [] # Same as '--helm-kube-version' - # Default is + # Default is empty kube-version: # Same as '--helm-set' @@ -398,7 +398,7 @@ registry: password: [] # Same as '--registry-token' - # Default is + # Default is empty token: # Same as '--username' @@ -457,7 +457,7 @@ exit-on-eol: 0 format: table # Same as '--ignore-policy' -# Default is +# Default is empty ignore-policy: # Same as '--ignorefile' @@ -469,11 +469,11 @@ ignorefile: .trivyignore list-all-pkgs: false # Same as '--output' -# Default is +# Default is empty output: # Same as '--output-plugin-arg' -# Default is +# Default is empty output-plugin-arg: # Same as '--pkg-types' @@ -486,7 +486,7 @@ report: all scan: # Same as '--compliance' - # Default is + # Default is empty compliance: # Same as '--show-suppressed' @@ -498,7 +498,7 @@ scan: severity: [UNKNOWN LOW MEDIUM HIGH CRITICAL] # Same as '--template' -# Default is +# Default is empty template: ``` @@ -508,15 +508,15 @@ template: ```yaml repository: # Same as '--branch' - # Default is + # Default is empty branch: # Same as '--commit' - # Default is + # Default is empty commit: # Same as '--tag' - # Default is + # Default is empty tag: ``` diff --git a/magefiles/docs.go b/magefiles/docs.go index 3b8721f78b1b..fcb84b73b360 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -10,6 +10,7 @@ import ( "strings" "time" + "github.com/samber/lo" "github.com/spf13/cobra/doc" "github.com/aquasecurity/trivy/pkg/commands" @@ -61,18 +62,20 @@ func generateConfigDocs(filename string) error { return nil } -type flagMetadata struct { +type flagDetails struct { name string configName string defaultValue any + example []string } -func getFlagMetadata(section string, flagGroup any) []*flagMetadata { - result := []*flagMetadata{} +func getFlagDetails(section string, flagGroup any) []*flagDetails { + result := []*flagDetails{} val := reflect.ValueOf(flagGroup) for i := 0; i < val.NumField(); i++ { var name, configName string var defaultValue any + var example []string switch p := val.Field(i).Interface().(type) { case *flag.Flag[int]: name = p.Name @@ -91,7 +94,8 @@ func getFlagMetadata(section string, flagGroup any) []*flagMetadata { } name = p.Name configName = p.ConfigName - defaultValue = p.Default + defaultValue = lo.Ternary(len(p.Default) > 0, p.Default, "empty") + example = append(example, lo.Ternary(len(p.Default) > 0, p.Default, "")) case *flag.Flag[[]string]: name = p.Name configName = p.ConfigName @@ -107,16 +111,20 @@ func getFlagMetadata(section string, flagGroup any) []*flagMetadata { default: continue } - result = append(result, &flagMetadata{ + if len(example) == 0 { + example = append(example, fmt.Sprintf("%v", defaultValue)) + } + result = append(result, &flagDetails{ name: name, configName: section + "." + configName, defaultValue: defaultValue, + example: example, }) } return result } -func addToMap(m map[string]any, parts []string, value *flagMetadata) { +func addToMap(m map[string]any, parts []string, value *flagDetails) { if len(parts) == 0 { return } @@ -140,25 +148,25 @@ func addToMap(m map[string]any, parts []string, value *flagMetadata) { func buildFlagsTree() map[string]any { res := map[string]any{} - metadata := getFlagMetadata("Global", *flag.NewGlobalFlagGroup()) - metadata = append(metadata, getFlagMetadata("Report", *flag.NewReportFlagGroup())...) - metadata = append(metadata, getFlagMetadata("Image", *flag.NewImageFlagGroup())...) - metadata = append(metadata, getFlagMetadata("DB", *flag.NewDBFlagGroup())...) - metadata = append(metadata, getFlagMetadata("Cache", *flag.NewCacheFlagGroup())...) - metadata = append(metadata, getFlagMetadata("License", *flag.NewLicenseFlagGroup())...) - metadata = append(metadata, getFlagMetadata("Misconfiguration", *flag.NewMisconfFlagGroup())...) - metadata = append(metadata, getFlagMetadata("Scan", *flag.NewScanFlagGroup())...) - metadata = append(metadata, getFlagMetadata("Module", *flag.NewModuleFlagGroup())...) - metadata = append(metadata, getFlagMetadata("Client/Server", *flag.NewClientFlags())...) - metadata = append(metadata, getFlagMetadata("Registry", *flag.NewRegistryFlagGroup())...) - metadata = append(metadata, getFlagMetadata("Rego", *flag.NewRegoFlagGroup())...) - metadata = append(metadata, getFlagMetadata("Secret", *flag.NewSecretFlagGroup())...) - metadata = append(metadata, getFlagMetadata("Vulnerability", *flag.NewVulnerabilityFlagGroup())...) - metadata = append(metadata, getFlagMetadata("Kubernetes", *flag.NewK8sFlagGroup())...) - metadata = append(metadata, getFlagMetadata("Repository", *flag.NewRepoFlagGroup())...) - metadata = append(metadata, getFlagMetadata("Clean", *flag.NewCleanFlagGroup())...) - - for _, m := range metadata { + details := getFlagDetails("Global", *flag.NewGlobalFlagGroup()) + details = append(details, getFlagDetails("Report", *flag.NewReportFlagGroup())...) + details = append(details, getFlagDetails("Image", *flag.NewImageFlagGroup())...) + details = append(details, getFlagDetails("DB", *flag.NewDBFlagGroup())...) + details = append(details, getFlagDetails("Cache", *flag.NewCacheFlagGroup())...) + details = append(details, getFlagDetails("License", *flag.NewLicenseFlagGroup())...) + details = append(details, getFlagDetails("Misconfiguration", *flag.NewMisconfFlagGroup())...) + details = append(details, getFlagDetails("Scan", *flag.NewScanFlagGroup())...) + details = append(details, getFlagDetails("Module", *flag.NewModuleFlagGroup())...) + details = append(details, getFlagDetails("Client/Server", *flag.NewClientFlags())...) + details = append(details, getFlagDetails("Registry", *flag.NewRegistryFlagGroup())...) + details = append(details, getFlagDetails("Rego", *flag.NewRegoFlagGroup())...) + details = append(details, getFlagDetails("Secret", *flag.NewSecretFlagGroup())...) + details = append(details, getFlagDetails("Vulnerability", *flag.NewVulnerabilityFlagGroup())...) + details = append(details, getFlagDetails("Kubernetes", *flag.NewK8sFlagGroup())...) + details = append(details, getFlagDetails("Repository", *flag.NewRepoFlagGroup())...) + details = append(details, getFlagDetails("Clean", *flag.NewCleanFlagGroup())...) + + for _, m := range details { addToMap(res, strings.Split(m.configName, "."), m) } return res @@ -188,10 +196,14 @@ func genMarkdown(m map[string]any, indent int, w *os.File) { case map[string]any: fmt.Fprintf(w, "%s%s:\n", indentation, key) genMarkdown(v, indent+1, w) - case *flagMetadata: + case *flagDetails: fmt.Fprintf(w, "%s# Same as '--%s'\n", indentation, v.name) fmt.Fprintf(w, "%s# Default is %v\n", indentation, v.defaultValue) - fmt.Fprintf(w, "%s%s: %+v\n\n", indentation, key, v.defaultValue) + if len(v.example) > 1 { + fmt.Fprintf(w, "%s%s:\n", indentation, key) + } else { + fmt.Fprintf(w, "%s%s: %s\n\n", indentation, key, v.example[0]) + } } } } From 39503cf4d6f730ecf80d003c4b28a559631c5fcd Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 31 Jul 2024 16:01:46 +0600 Subject: [PATCH 09/27] refactor: update slice --- .../references/configuration/config-file.md | 188 ++++++++++++++++-- magefiles/docs.go | 8 + 2 files changed, 176 insertions(+), 20 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index c8b4c7f5e0f4..ed0982ee3758 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -200,8 +200,11 @@ image: # Same as '--image-src' # Default is [docker containerd podman remote] - source: [docker containerd podman remote] - + source: + - docker + - containerd + - podman + - remote ``` ## Kubernetes options @@ -282,8 +285,29 @@ license: # Same as '--' # Default is [AGPL-1.0 AGPL-3.0 CC-BY-NC-1.0 CC-BY-NC-2.0 CC-BY-NC-2.5 CC-BY-NC-3.0 CC-BY-NC-4.0 CC-BY-NC-ND-1.0 CC-BY-NC-ND-2.0 CC-BY-NC-ND-2.5 CC-BY-NC-ND-3.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-1.0 CC-BY-NC-SA-2.0 CC-BY-NC-SA-2.5 CC-BY-NC-SA-3.0 CC-BY-NC-SA-4.0 Commons-Clause Facebook-2-Clause Facebook-3-Clause Facebook-Examples WTFPL] - forbidden: [AGPL-1.0 AGPL-3.0 CC-BY-NC-1.0 CC-BY-NC-2.0 CC-BY-NC-2.5 CC-BY-NC-3.0 CC-BY-NC-4.0 CC-BY-NC-ND-1.0 CC-BY-NC-ND-2.0 CC-BY-NC-ND-2.5 CC-BY-NC-ND-3.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-1.0 CC-BY-NC-SA-2.0 CC-BY-NC-SA-2.5 CC-BY-NC-SA-3.0 CC-BY-NC-SA-4.0 Commons-Clause Facebook-2-Clause Facebook-3-Clause Facebook-Examples WTFPL] - + forbidden: + - AGPL-1.0 + - AGPL-3.0 + - CC-BY-NC-1.0 + - CC-BY-NC-2.0 + - CC-BY-NC-2.5 + - CC-BY-NC-3.0 + - CC-BY-NC-4.0 + - CC-BY-NC-ND-1.0 + - CC-BY-NC-ND-2.0 + - CC-BY-NC-ND-2.5 + - CC-BY-NC-ND-3.0 + - CC-BY-NC-ND-4.0 + - CC-BY-NC-SA-1.0 + - CC-BY-NC-SA-2.0 + - CC-BY-NC-SA-2.5 + - CC-BY-NC-SA-3.0 + - CC-BY-NC-SA-4.0 + - Commons-Clause + - Facebook-2-Clause + - Facebook-3-Clause + - Facebook-Examples + - WTFPL # Same as '--license-full' # Default is false full: false @@ -294,24 +318,135 @@ license: # Same as '--' # Default is [AFL-1.1 AFL-1.2 AFL-2.0 AFL-2.1 AFL-3.0 Apache-1.0 Apache-1.1 Apache-2.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-1.0 Artistic-2.0 BSL-1.0 BSD-2-Clause-FreeBSD BSD-2-Clause-NetBSD BSD-2-Clause BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause BSD-4-Clause BSD-4-Clause-UC BSD-Protection CC-BY-1.0 CC-BY-2.0 CC-BY-2.5 CC-BY-3.0 CC-BY-4.0 FTL ISC ImageMagick Libpng Lil-1.0 Linux-OpenIB LPL-1.02 LPL-1.0 MS-PL MIT NCSA OpenSSL PHP-3.01 PHP-3.0 PIL Python-2.0 Python-2.0-complete PostgreSQL SGI-B-1.0 SGI-B-1.1 SGI-B-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 W3C-19980720 W3C-20150513 W3C X11 Xnet Zend-2.0 zlib-acknowledgement Zlib ZPL-1.1 ZPL-2.0 ZPL-2.1] - notice: [AFL-1.1 AFL-1.2 AFL-2.0 AFL-2.1 AFL-3.0 Apache-1.0 Apache-1.1 Apache-2.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-1.0 Artistic-2.0 BSL-1.0 BSD-2-Clause-FreeBSD BSD-2-Clause-NetBSD BSD-2-Clause BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause BSD-4-Clause BSD-4-Clause-UC BSD-Protection CC-BY-1.0 CC-BY-2.0 CC-BY-2.5 CC-BY-3.0 CC-BY-4.0 FTL ISC ImageMagick Libpng Lil-1.0 Linux-OpenIB LPL-1.02 LPL-1.0 MS-PL MIT NCSA OpenSSL PHP-3.01 PHP-3.0 PIL Python-2.0 Python-2.0-complete PostgreSQL SGI-B-1.0 SGI-B-1.1 SGI-B-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 W3C-19980720 W3C-20150513 W3C X11 Xnet Zend-2.0 zlib-acknowledgement Zlib ZPL-1.1 ZPL-2.0 ZPL-2.1] - + notice: + - AFL-1.1 + - AFL-1.2 + - AFL-2.0 + - AFL-2.1 + - AFL-3.0 + - Apache-1.0 + - Apache-1.1 + - Apache-2.0 + - Artistic-1.0-cl8 + - Artistic-1.0-Perl + - Artistic-1.0 + - Artistic-2.0 + - BSL-1.0 + - BSD-2-Clause-FreeBSD + - BSD-2-Clause-NetBSD + - BSD-2-Clause + - BSD-3-Clause-Attribution + - BSD-3-Clause-Clear + - BSD-3-Clause-LBNL + - BSD-3-Clause + - BSD-4-Clause + - BSD-4-Clause-UC + - BSD-Protection + - CC-BY-1.0 + - CC-BY-2.0 + - CC-BY-2.5 + - CC-BY-3.0 + - CC-BY-4.0 + - FTL + - ISC + - ImageMagick + - Libpng + - Lil-1.0 + - Linux-OpenIB + - LPL-1.02 + - LPL-1.0 + - MS-PL + - MIT + - NCSA + - OpenSSL + - PHP-3.01 + - PHP-3.0 + - PIL + - Python-2.0 + - Python-2.0-complete + - PostgreSQL + - SGI-B-1.0 + - SGI-B-1.1 + - SGI-B-2.0 + - Unicode-DFS-2015 + - Unicode-DFS-2016 + - Unicode-TOU + - UPL-1.0 + - W3C-19980720 + - W3C-20150513 + - W3C + - X11 + - Xnet + - Zend-2.0 + - zlib-acknowledgement + - Zlib + - ZPL-1.1 + - ZPL-2.0 + - ZPL-2.1 # Same as '--' # Default is [] permissive: [] # Same as '--' # Default is [APSL-1.0 APSL-1.1 APSL-1.2 APSL-2.0 CDDL-1.0 CDDL-1.1 CPL-1.0 EPL-1.0 EPL-2.0 FreeImage IPL-1.0 MPL-1.0 MPL-1.1 MPL-2.0 Ruby] - reciprocal: [APSL-1.0 APSL-1.1 APSL-1.2 APSL-2.0 CDDL-1.0 CDDL-1.1 CPL-1.0 EPL-1.0 EPL-2.0 FreeImage IPL-1.0 MPL-1.0 MPL-1.1 MPL-2.0 Ruby] - + reciprocal: + - APSL-1.0 + - APSL-1.1 + - APSL-1.2 + - APSL-2.0 + - CDDL-1.0 + - CDDL-1.1 + - CPL-1.0 + - EPL-1.0 + - EPL-2.0 + - FreeImage + - IPL-1.0 + - MPL-1.0 + - MPL-1.1 + - MPL-2.0 + - Ruby # Same as '--' # Default is [BCL CC-BY-ND-1.0 CC-BY-ND-2.0 CC-BY-ND-2.5 CC-BY-ND-3.0 CC-BY-ND-4.0 CC-BY-SA-1.0 CC-BY-SA-2.0 CC-BY-SA-2.5 CC-BY-SA-3.0 CC-BY-SA-4.0 GPL-1.0 GPL-2.0 GPL-2.0-with-autoconf-exception GPL-2.0-with-bison-exception GPL-2.0-with-classpath-exception GPL-2.0-with-font-exception GPL-2.0-with-GCC-exception GPL-3.0 GPL-3.0-with-autoconf-exception GPL-3.0-with-GCC-exception LGPL-2.0 LGPL-2.1 LGPL-3.0 NPL-1.0 NPL-1.1 OSL-1.0 OSL-1.1 OSL-2.0 OSL-2.1 OSL-3.0 QPL-1.0 Sleepycat] - restricted: [BCL CC-BY-ND-1.0 CC-BY-ND-2.0 CC-BY-ND-2.5 CC-BY-ND-3.0 CC-BY-ND-4.0 CC-BY-SA-1.0 CC-BY-SA-2.0 CC-BY-SA-2.5 CC-BY-SA-3.0 CC-BY-SA-4.0 GPL-1.0 GPL-2.0 GPL-2.0-with-autoconf-exception GPL-2.0-with-bison-exception GPL-2.0-with-classpath-exception GPL-2.0-with-font-exception GPL-2.0-with-GCC-exception GPL-3.0 GPL-3.0-with-autoconf-exception GPL-3.0-with-GCC-exception LGPL-2.0 LGPL-2.1 LGPL-3.0 NPL-1.0 NPL-1.1 OSL-1.0 OSL-1.1 OSL-2.0 OSL-2.1 OSL-3.0 QPL-1.0 Sleepycat] - + restricted: + - BCL + - CC-BY-ND-1.0 + - CC-BY-ND-2.0 + - CC-BY-ND-2.5 + - CC-BY-ND-3.0 + - CC-BY-ND-4.0 + - CC-BY-SA-1.0 + - CC-BY-SA-2.0 + - CC-BY-SA-2.5 + - CC-BY-SA-3.0 + - CC-BY-SA-4.0 + - GPL-1.0 + - GPL-2.0 + - GPL-2.0-with-autoconf-exception + - GPL-2.0-with-bison-exception + - GPL-2.0-with-classpath-exception + - GPL-2.0-with-font-exception + - GPL-2.0-with-GCC-exception + - GPL-3.0 + - GPL-3.0-with-autoconf-exception + - GPL-3.0-with-GCC-exception + - LGPL-2.0 + - LGPL-2.1 + - LGPL-3.0 + - NPL-1.0 + - NPL-1.1 + - OSL-1.0 + - OSL-1.1 + - OSL-2.0 + - OSL-2.1 + - OSL-3.0 + - QPL-1.0 + - Sleepycat # Same as '--' # Default is [CC0-1.0 Unlicense 0BSD] - unencumbered: [CC0-1.0 Unlicense 0BSD] - + unencumbered: + - CC0-1.0 + - Unlicense + - 0BSD ``` ## Misconfiguration options @@ -362,8 +497,15 @@ misconfiguration: # Same as '--misconfig-scanners' # Default is [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot] - scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot] - + scanners: + - azure-arm + - cloudformation + - dockerfile + - helm + - kubernetes + - terraform + - terraformplan-json + - terraformplan-snapshot terraform: # Same as '--tf-exclude-downloaded-modules' # Default is false @@ -478,8 +620,9 @@ output-plugin-arg: # Same as '--pkg-types' # Default is [os library] -pkg-types: [os library] - +pkg-types: + - os + - library # Same as '--report' # Default is all report: all @@ -495,8 +638,12 @@ scan: # Same as '--severity' # Default is [UNKNOWN LOW MEDIUM HIGH CRITICAL] -severity: [UNKNOWN LOW MEDIUM HIGH CRITICAL] - +severity: + - UNKNOWN + - LOW + - MEDIUM + - HIGH + - CRITICAL # Same as '--template' # Default is empty template: @@ -551,8 +698,9 @@ scan: # Same as '--scanners' # Default is [vuln secret] - scanners: [vuln secret] - + scanners: + - vuln + - secret # Same as '--skip-dirs' # Default is [] skip-dirs: [] diff --git a/magefiles/docs.go b/magefiles/docs.go index fcb84b73b360..2a677243672d 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -100,6 +100,11 @@ func getFlagDetails(section string, flagGroup any) []*flagDetails { name = p.Name configName = p.ConfigName defaultValue = p.Default + if len(p.Default) > 0 { + for _, line := range p.Default { + example = append(example, line) + } + } case *flag.Flag[time.Duration]: name = p.Name configName = p.ConfigName @@ -201,6 +206,9 @@ func genMarkdown(m map[string]any, indent int, w *os.File) { fmt.Fprintf(w, "%s# Default is %v\n", indentation, v.defaultValue) if len(v.example) > 1 { fmt.Fprintf(w, "%s%s:\n", indentation, key) + for _, line := range v.example { + fmt.Fprintf(w, "%s - %s\n", indentation, line) + } } else { fmt.Fprintf(w, "%s%s: %s\n\n", indentation, key, v.example[0]) } From 20deeacd0442138977123ca5259a17e6de3eab6c Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 31 Jul 2024 16:06:31 +0600 Subject: [PATCH 10/27] refactor: print defaults for slices --- .../references/configuration/config-file.md | 20 +++++++++---------- magefiles/docs.go | 4 +++- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index ed0982ee3758..68c0d82e99ef 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -199,7 +199,7 @@ image: removed-pkgs: false # Same as '--image-src' - # Default is [docker containerd podman remote] + # Default is docker, containerd, podman, remote source: - docker - containerd @@ -284,7 +284,7 @@ license: confidenceLevel: 0.9 # Same as '--' - # Default is [AGPL-1.0 AGPL-3.0 CC-BY-NC-1.0 CC-BY-NC-2.0 CC-BY-NC-2.5 CC-BY-NC-3.0 CC-BY-NC-4.0 CC-BY-NC-ND-1.0 CC-BY-NC-ND-2.0 CC-BY-NC-ND-2.5 CC-BY-NC-ND-3.0 CC-BY-NC-ND-4.0 CC-BY-NC-SA-1.0 CC-BY-NC-SA-2.0 CC-BY-NC-SA-2.5 CC-BY-NC-SA-3.0 CC-BY-NC-SA-4.0 Commons-Clause Facebook-2-Clause Facebook-3-Clause Facebook-Examples WTFPL] + # Default is AGPL-1.0, AGPL-3.0, CC-BY-NC-1.0, CC-BY-NC-2.0, CC-BY-NC-2.5, CC-BY-NC-3.0, CC-BY-NC-4.0, CC-BY-NC-ND-1.0, CC-BY-NC-ND-2.0, CC-BY-NC-ND-2.5, CC-BY-NC-ND-3.0, CC-BY-NC-ND-4.0, CC-BY-NC-SA-1.0, CC-BY-NC-SA-2.0, CC-BY-NC-SA-2.5, CC-BY-NC-SA-3.0, CC-BY-NC-SA-4.0, Commons-Clause, Facebook-2-Clause, Facebook-3-Clause, Facebook-Examples, WTFPL forbidden: - AGPL-1.0 - AGPL-3.0 @@ -317,7 +317,7 @@ license: ignored: [] # Same as '--' - # Default is [AFL-1.1 AFL-1.2 AFL-2.0 AFL-2.1 AFL-3.0 Apache-1.0 Apache-1.1 Apache-2.0 Artistic-1.0-cl8 Artistic-1.0-Perl Artistic-1.0 Artistic-2.0 BSL-1.0 BSD-2-Clause-FreeBSD BSD-2-Clause-NetBSD BSD-2-Clause BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL BSD-3-Clause BSD-4-Clause BSD-4-Clause-UC BSD-Protection CC-BY-1.0 CC-BY-2.0 CC-BY-2.5 CC-BY-3.0 CC-BY-4.0 FTL ISC ImageMagick Libpng Lil-1.0 Linux-OpenIB LPL-1.02 LPL-1.0 MS-PL MIT NCSA OpenSSL PHP-3.01 PHP-3.0 PIL Python-2.0 Python-2.0-complete PostgreSQL SGI-B-1.0 SGI-B-1.1 SGI-B-2.0 Unicode-DFS-2015 Unicode-DFS-2016 Unicode-TOU UPL-1.0 W3C-19980720 W3C-20150513 W3C X11 Xnet Zend-2.0 zlib-acknowledgement Zlib ZPL-1.1 ZPL-2.0 ZPL-2.1] + # Default is AFL-1.1, AFL-1.2, AFL-2.0, AFL-2.1, AFL-3.0, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-1.0-cl8, Artistic-1.0-Perl, Artistic-1.0, Artistic-2.0, BSL-1.0, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-2-Clause, BSD-3-Clause-Attribution, BSD-3-Clause-Clear, BSD-3-Clause-LBNL, BSD-3-Clause, BSD-4-Clause, BSD-4-Clause-UC, BSD-Protection, CC-BY-1.0, CC-BY-2.0, CC-BY-2.5, CC-BY-3.0, CC-BY-4.0, FTL, ISC, ImageMagick, Libpng, Lil-1.0, Linux-OpenIB, LPL-1.02, LPL-1.0, MS-PL, MIT, NCSA, OpenSSL, PHP-3.01, PHP-3.0, PIL, Python-2.0, Python-2.0-complete, PostgreSQL, SGI-B-1.0, SGI-B-1.1, SGI-B-2.0, Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C-19980720, W3C-20150513, W3C, X11, Xnet, Zend-2.0, zlib-acknowledgement, Zlib, ZPL-1.1, ZPL-2.0, ZPL-2.1 notice: - AFL-1.1 - AFL-1.2 @@ -388,7 +388,7 @@ license: permissive: [] # Same as '--' - # Default is [APSL-1.0 APSL-1.1 APSL-1.2 APSL-2.0 CDDL-1.0 CDDL-1.1 CPL-1.0 EPL-1.0 EPL-2.0 FreeImage IPL-1.0 MPL-1.0 MPL-1.1 MPL-2.0 Ruby] + # Default is APSL-1.0, APSL-1.1, APSL-1.2, APSL-2.0, CDDL-1.0, CDDL-1.1, CPL-1.0, EPL-1.0, EPL-2.0, FreeImage, IPL-1.0, MPL-1.0, MPL-1.1, MPL-2.0, Ruby reciprocal: - APSL-1.0 - APSL-1.1 @@ -406,7 +406,7 @@ license: - MPL-2.0 - Ruby # Same as '--' - # Default is [BCL CC-BY-ND-1.0 CC-BY-ND-2.0 CC-BY-ND-2.5 CC-BY-ND-3.0 CC-BY-ND-4.0 CC-BY-SA-1.0 CC-BY-SA-2.0 CC-BY-SA-2.5 CC-BY-SA-3.0 CC-BY-SA-4.0 GPL-1.0 GPL-2.0 GPL-2.0-with-autoconf-exception GPL-2.0-with-bison-exception GPL-2.0-with-classpath-exception GPL-2.0-with-font-exception GPL-2.0-with-GCC-exception GPL-3.0 GPL-3.0-with-autoconf-exception GPL-3.0-with-GCC-exception LGPL-2.0 LGPL-2.1 LGPL-3.0 NPL-1.0 NPL-1.1 OSL-1.0 OSL-1.1 OSL-2.0 OSL-2.1 OSL-3.0 QPL-1.0 Sleepycat] + # Default is BCL, CC-BY-ND-1.0, CC-BY-ND-2.0, CC-BY-ND-2.5, CC-BY-ND-3.0, CC-BY-ND-4.0, CC-BY-SA-1.0, CC-BY-SA-2.0, CC-BY-SA-2.5, CC-BY-SA-3.0, CC-BY-SA-4.0, GPL-1.0, GPL-2.0, GPL-2.0-with-autoconf-exception, GPL-2.0-with-bison-exception, GPL-2.0-with-classpath-exception, GPL-2.0-with-font-exception, GPL-2.0-with-GCC-exception, GPL-3.0, GPL-3.0-with-autoconf-exception, GPL-3.0-with-GCC-exception, LGPL-2.0, LGPL-2.1, LGPL-3.0, NPL-1.0, NPL-1.1, OSL-1.0, OSL-1.1, OSL-2.0, OSL-2.1, OSL-3.0, QPL-1.0, Sleepycat restricted: - BCL - CC-BY-ND-1.0 @@ -442,7 +442,7 @@ license: - QPL-1.0 - Sleepycat # Same as '--' - # Default is [CC0-1.0 Unlicense 0BSD] + # Default is CC0-1.0, Unlicense, 0BSD unencumbered: - CC0-1.0 - Unlicense @@ -496,7 +496,7 @@ misconfiguration: reset-checks-bundle: false # Same as '--misconfig-scanners' - # Default is [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot] + # Default is azure-arm, cloudformation, dockerfile, helm, kubernetes, terraform, terraformplan-json, terraformplan-snapshot scanners: - azure-arm - cloudformation @@ -619,7 +619,7 @@ output: output-plugin-arg: # Same as '--pkg-types' -# Default is [os library] +# Default is os, library pkg-types: - os - library @@ -637,7 +637,7 @@ scan: show-suppressed: false # Same as '--severity' -# Default is [UNKNOWN LOW MEDIUM HIGH CRITICAL] +# Default is UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL severity: - UNKNOWN - LOW @@ -697,7 +697,7 @@ scan: sbom-sources: [] # Same as '--scanners' - # Default is [vuln secret] + # Default is vuln, secret scanners: - vuln - secret diff --git a/magefiles/docs.go b/magefiles/docs.go index 2a677243672d..cdd37ee9333c 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -99,11 +99,13 @@ func getFlagDetails(section string, flagGroup any) []*flagDetails { case *flag.Flag[[]string]: name = p.Name configName = p.ConfigName - defaultValue = p.Default if len(p.Default) > 0 { + defaultValue = strings.Join(p.Default, ", ") for _, line := range p.Default { example = append(example, line) } + } else { + defaultValue = p.Default } case *flag.Flag[time.Duration]: name = p.Name From 686d206922fb99c7995cbbb1da2468d60b32585d Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 31 Jul 2024 17:50:50 +0600 Subject: [PATCH 11/27] refactor: remove reflection --- .../references/configuration/config-file.md | 14 ++- magefiles/docs.go | 108 +++++++----------- pkg/flag/options.go | 10 ++ 3 files changed, 58 insertions(+), 74 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index 68c0d82e99ef..fc48f7a06cc8 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -13,6 +13,10 @@ cache: # Default is fs backend: fs + # Same as '--clear-cache' + # Default is false + clear: false + redis: # Same as '--redis-ca' # Default is empty @@ -78,6 +82,10 @@ server: # Default is [] custom-headers: [] + # Same as '--listen' + # Default is localhost:4954 + listen: localhost:4954 + # Same as '--token' # Default is empty token: @@ -283,7 +291,6 @@ license: # Default is 0.9 confidenceLevel: 0.9 - # Same as '--' # Default is AGPL-1.0, AGPL-3.0, CC-BY-NC-1.0, CC-BY-NC-2.0, CC-BY-NC-2.5, CC-BY-NC-3.0, CC-BY-NC-4.0, CC-BY-NC-ND-1.0, CC-BY-NC-ND-2.0, CC-BY-NC-ND-2.5, CC-BY-NC-ND-3.0, CC-BY-NC-ND-4.0, CC-BY-NC-SA-1.0, CC-BY-NC-SA-2.0, CC-BY-NC-SA-2.5, CC-BY-NC-SA-3.0, CC-BY-NC-SA-4.0, Commons-Clause, Facebook-2-Clause, Facebook-3-Clause, Facebook-Examples, WTFPL forbidden: - AGPL-1.0 @@ -316,7 +323,6 @@ license: # Default is [] ignored: [] - # Same as '--' # Default is AFL-1.1, AFL-1.2, AFL-2.0, AFL-2.1, AFL-3.0, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-1.0-cl8, Artistic-1.0-Perl, Artistic-1.0, Artistic-2.0, BSL-1.0, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-2-Clause, BSD-3-Clause-Attribution, BSD-3-Clause-Clear, BSD-3-Clause-LBNL, BSD-3-Clause, BSD-4-Clause, BSD-4-Clause-UC, BSD-Protection, CC-BY-1.0, CC-BY-2.0, CC-BY-2.5, CC-BY-3.0, CC-BY-4.0, FTL, ISC, ImageMagick, Libpng, Lil-1.0, Linux-OpenIB, LPL-1.02, LPL-1.0, MS-PL, MIT, NCSA, OpenSSL, PHP-3.01, PHP-3.0, PIL, Python-2.0, Python-2.0-complete, PostgreSQL, SGI-B-1.0, SGI-B-1.1, SGI-B-2.0, Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C-19980720, W3C-20150513, W3C, X11, Xnet, Zend-2.0, zlib-acknowledgement, Zlib, ZPL-1.1, ZPL-2.0, ZPL-2.1 notice: - AFL-1.1 @@ -383,11 +389,9 @@ license: - ZPL-1.1 - ZPL-2.0 - ZPL-2.1 - # Same as '--' # Default is [] permissive: [] - # Same as '--' # Default is APSL-1.0, APSL-1.1, APSL-1.2, APSL-2.0, CDDL-1.0, CDDL-1.1, CPL-1.0, EPL-1.0, EPL-2.0, FreeImage, IPL-1.0, MPL-1.0, MPL-1.1, MPL-2.0, Ruby reciprocal: - APSL-1.0 @@ -405,7 +409,6 @@ license: - MPL-1.1 - MPL-2.0 - Ruby - # Same as '--' # Default is BCL, CC-BY-ND-1.0, CC-BY-ND-2.0, CC-BY-ND-2.5, CC-BY-ND-3.0, CC-BY-ND-4.0, CC-BY-SA-1.0, CC-BY-SA-2.0, CC-BY-SA-2.5, CC-BY-SA-3.0, CC-BY-SA-4.0, GPL-1.0, GPL-2.0, GPL-2.0-with-autoconf-exception, GPL-2.0-with-bison-exception, GPL-2.0-with-classpath-exception, GPL-2.0-with-font-exception, GPL-2.0-with-GCC-exception, GPL-3.0, GPL-3.0-with-autoconf-exception, GPL-3.0-with-GCC-exception, LGPL-2.0, LGPL-2.1, LGPL-3.0, NPL-1.0, NPL-1.1, OSL-1.0, OSL-1.1, OSL-2.0, OSL-2.1, OSL-3.0, QPL-1.0, Sleepycat restricted: - BCL @@ -441,7 +444,6 @@ license: - OSL-3.0 - QPL-1.0 - Sleepycat - # Same as '--' # Default is CC0-1.0, Unlicense, 0BSD unencumbered: - CC0-1.0 diff --git a/magefiles/docs.go b/magefiles/docs.go index cdd37ee9333c..30b4fb108904 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -5,10 +5,8 @@ package main import ( "fmt" "os" - "reflect" "sort" "strings" - "time" "github.com/samber/lo" "github.com/spf13/cobra/doc" @@ -69,61 +67,36 @@ type flagDetails struct { example []string } -func getFlagDetails(section string, flagGroup any) []*flagDetails { +func getFlagDetails(section string, flagGroup []flag.Flagger) []*flagDetails { result := []*flagDetails{} - val := reflect.ValueOf(flagGroup) - for i := 0; i < val.NumField(); i++ { - var name, configName string + for _, flg := range flagGroup { + if flg == nil { + continue + } var defaultValue any var example []string - switch p := val.Field(i).Interface().(type) { - case *flag.Flag[int]: - name = p.Name - configName = p.ConfigName - defaultValue = p.Default - case *flag.Flag[bool]: - if p == nil { - continue - } - name = p.Name - configName = p.ConfigName - defaultValue = p.Default - case *flag.Flag[string]: - if p == nil { - continue - } - name = p.Name - configName = p.ConfigName - defaultValue = lo.Ternary(len(p.Default) > 0, p.Default, "empty") - example = append(example, lo.Ternary(len(p.Default) > 0, p.Default, "")) - case *flag.Flag[[]string]: - name = p.Name - configName = p.ConfigName - if len(p.Default) > 0 { - defaultValue = strings.Join(p.Default, ", ") - for _, line := range p.Default { + + switch p := flg.GetDefaultValue().(type) { + case string: + defaultValue = lo.Ternary(len(p) > 0, p, "empty") + example = append(example, lo.Ternary(len(p) > 0, p, "")) + case []string: + if len(p) > 0 { + defaultValue = strings.Join(p, ", ") + for _, line := range p { example = append(example, line) } - } else { - defaultValue = p.Default } - case *flag.Flag[time.Duration]: - name = p.Name - configName = p.ConfigName - defaultValue = p.Default - case *flag.Flag[float64]: - name = p.Name - configName = p.ConfigName - defaultValue = p.Default - default: - continue + } + if defaultValue == nil { + defaultValue = flg.GetDefaultValue() } if len(example) == 0 { example = append(example, fmt.Sprintf("%v", defaultValue)) } result = append(result, &flagDetails{ - name: name, - configName: section + "." + configName, + name: flg.GetName(), + configName: section + "." + flg.GetConfigName(), defaultValue: defaultValue, example: example, }) @@ -139,40 +112,37 @@ func addToMap(m map[string]any, parts []string, value *flagDetails) { m[parts[0]] = value return } - if _, exists := m[parts[0]]; !exists { m[parts[0]] = make(map[string]any) } - subMap, ok := m[parts[0]].(map[string]any) if !ok { subMap = make(map[string]any) m[parts[0]] = subMap } - addToMap(subMap, parts[1:], value) } func buildFlagsTree() map[string]any { - res := map[string]any{} - details := getFlagDetails("Global", *flag.NewGlobalFlagGroup()) - details = append(details, getFlagDetails("Report", *flag.NewReportFlagGroup())...) - details = append(details, getFlagDetails("Image", *flag.NewImageFlagGroup())...) - details = append(details, getFlagDetails("DB", *flag.NewDBFlagGroup())...) - details = append(details, getFlagDetails("Cache", *flag.NewCacheFlagGroup())...) - details = append(details, getFlagDetails("License", *flag.NewLicenseFlagGroup())...) - details = append(details, getFlagDetails("Misconfiguration", *flag.NewMisconfFlagGroup())...) - details = append(details, getFlagDetails("Scan", *flag.NewScanFlagGroup())...) - details = append(details, getFlagDetails("Module", *flag.NewModuleFlagGroup())...) - details = append(details, getFlagDetails("Client/Server", *flag.NewClientFlags())...) - details = append(details, getFlagDetails("Registry", *flag.NewRegistryFlagGroup())...) - details = append(details, getFlagDetails("Rego", *flag.NewRegoFlagGroup())...) - details = append(details, getFlagDetails("Secret", *flag.NewSecretFlagGroup())...) - details = append(details, getFlagDetails("Vulnerability", *flag.NewVulnerabilityFlagGroup())...) - details = append(details, getFlagDetails("Kubernetes", *flag.NewK8sFlagGroup())...) - details = append(details, getFlagDetails("Repository", *flag.NewRepoFlagGroup())...) - details = append(details, getFlagDetails("Clean", *flag.NewCleanFlagGroup())...) + details := getFlagDetails("Global", flag.NewGlobalFlagGroup().Flags()) + details = append(details, getFlagDetails("Report", flag.NewReportFlagGroup().Flags())...) + details = append(details, getFlagDetails("Image", flag.NewImageFlagGroup().Flags())...) + details = append(details, getFlagDetails("DB", flag.NewDBFlagGroup().Flags())...) + details = append(details, getFlagDetails("Cache", flag.NewCacheFlagGroup().Flags())...) + details = append(details, getFlagDetails("License", flag.NewLicenseFlagGroup().Flags())...) + details = append(details, getFlagDetails("Misconfiguration", flag.NewMisconfFlagGroup().Flags())...) + details = append(details, getFlagDetails("Scan", flag.NewScanFlagGroup().Flags())...) + details = append(details, getFlagDetails("Module", flag.NewModuleFlagGroup().Flags())...) + details = append(details, getFlagDetails("Client/Server", flag.NewClientFlags().Flags())...) + details = append(details, getFlagDetails("Registry", flag.NewRegistryFlagGroup().Flags())...) + details = append(details, getFlagDetails("Rego", flag.NewRegoFlagGroup().Flags())...) + details = append(details, getFlagDetails("Secret", flag.NewSecretFlagGroup().Flags())...) + details = append(details, getFlagDetails("Vulnerability", flag.NewVulnerabilityFlagGroup().Flags())...) + details = append(details, getFlagDetails("Kubernetes", flag.NewK8sFlagGroup().Flags())...) + details = append(details, getFlagDetails("Repository", flag.NewRepoFlagGroup().Flags())...) + details = append(details, getFlagDetails("Clean", flag.NewCleanFlagGroup().Flags())...) + res := map[string]any{} for _, m := range details { addToMap(res, strings.Split(m.configName, "."), m) } @@ -204,7 +174,9 @@ func genMarkdown(m map[string]any, indent int, w *os.File) { fmt.Fprintf(w, "%s%s:\n", indentation, key) genMarkdown(v, indent+1, w) case *flagDetails: - fmt.Fprintf(w, "%s# Same as '--%s'\n", indentation, v.name) + if v.name != "" { + fmt.Fprintf(w, "%s# Same as '--%s'\n", indentation, v.name) + } fmt.Fprintf(w, "%s# Default is %v\n", indentation, v.defaultValue) if len(v.example) > 1 { fmt.Fprintf(w, "%s%s:\n", indentation, key) diff --git a/pkg/flag/options.go b/pkg/flag/options.go index 014da145f262..acad51948ede 100644 --- a/pkg/flag/options.go +++ b/pkg/flag/options.go @@ -196,6 +196,14 @@ func (f *Flag[T]) GetName() string { return f.Name } +func (f *Flag[T]) GetConfigName() string { + return f.ConfigName +} + +func (f *Flag[T]) GetDefaultValue() any { + return f.Default +} + func (f *Flag[T]) GetAliases() []Alias { return f.Aliases } @@ -302,6 +310,8 @@ type FlagGroup interface { type Flagger interface { GetName() string + GetConfigName() string + GetDefaultValue() any GetAliases() []Alias Parse() error From 9983276ca53aea8e905c621bbfe05a7009278f17 Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 31 Jul 2024 18:04:47 +0600 Subject: [PATCH 12/27] fix: initialize remote flags --- magefiles/docs.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/magefiles/docs.go b/magefiles/docs.go index 30b4fb108904..764023004ee4 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -133,7 +133,6 @@ func buildFlagsTree() map[string]any { details = append(details, getFlagDetails("Misconfiguration", flag.NewMisconfFlagGroup().Flags())...) details = append(details, getFlagDetails("Scan", flag.NewScanFlagGroup().Flags())...) details = append(details, getFlagDetails("Module", flag.NewModuleFlagGroup().Flags())...) - details = append(details, getFlagDetails("Client/Server", flag.NewClientFlags().Flags())...) details = append(details, getFlagDetails("Registry", flag.NewRegistryFlagGroup().Flags())...) details = append(details, getFlagDetails("Rego", flag.NewRegoFlagGroup().Flags())...) details = append(details, getFlagDetails("Secret", flag.NewSecretFlagGroup().Flags())...) @@ -142,6 +141,12 @@ func buildFlagsTree() map[string]any { details = append(details, getFlagDetails("Repository", flag.NewRepoFlagGroup().Flags())...) details = append(details, getFlagDetails("Clean", flag.NewCleanFlagGroup().Flags())...) + // remoteFlags should contain Client and Server flags. + // NewClientFlags doesn't initialize `Listen` field + remoteFlags := flag.NewClientFlags() + remoteFlags.Listen = flag.ServerListenFlag.Clone() + details = append(details, getFlagDetails("Client/Server", remoteFlags.Flags())...) + res := map[string]any{} for _, m := range details { addToMap(res, strings.Split(m.configName, "."), m) From 3c82f7f48086029e2f9feffb33795c1a2fe77ab5 Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 31 Jul 2024 18:37:59 +0600 Subject: [PATCH 13/27] add AWS flags --- .../references/configuration/config-file.md | 31 +++++++++++++++++++ magefiles/docs.go | 1 + 2 files changed, 32 insertions(+) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index b623d4d1c8d1..f8d94072cf80 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -96,6 +96,37 @@ server: ``` +## Cloud options + +```yaml +cloud: + aws: + # Same as '--account' + # Default is empty + account: + + # Same as '--arn' + # Default is empty + arn: + + # Same as '--endpoint' + # Default is empty + endpoint: + + # Same as '--region' + # Default is empty + region: + + # Same as '--service' + # Default is [] + service: [] + + # Same as '--skip-service' + # Default is [] + skip-service: [] + +``` + ## DB options ```yaml diff --git a/magefiles/docs.go b/magefiles/docs.go index 764023004ee4..a7f20256437f 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -140,6 +140,7 @@ func buildFlagsTree() map[string]any { details = append(details, getFlagDetails("Kubernetes", flag.NewK8sFlagGroup().Flags())...) details = append(details, getFlagDetails("Repository", flag.NewRepoFlagGroup().Flags())...) details = append(details, getFlagDetails("Clean", flag.NewCleanFlagGroup().Flags())...) + details = append(details, getFlagDetails("Cloud", flag.NewAWSFlagGroup().Flags())...) // remoteFlags should contain Client and Server flags. // NewClientFlags doesn't initialize `Listen` field From 4f43f819e2dd30568f4d02eda92869418acaa387 Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 31 Jul 2024 18:38:29 +0600 Subject: [PATCH 14/27] fix clear cache --- pkg/flag/cache_flags.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/flag/cache_flags.go b/pkg/flag/cache_flags.go index 074953c2ea44..9cf8403a1e56 100644 --- a/pkg/flag/cache_flags.go +++ b/pkg/flag/cache_flags.go @@ -80,6 +80,7 @@ type CacheOptions struct { // NewCacheFlagGroup returns a default CacheFlagGroup func NewCacheFlagGroup() *CacheFlagGroup { return &CacheFlagGroup{ + ClearCache: ClearCacheFlag.Clone(), CacheBackend: CacheBackendFlag.Clone(), CacheTTL: CacheTTLFlag.Clone(), RedisTLS: RedisTLSFlag.Clone(), From 8b610c66ec571b8a1b4b05f97591a7b6fe9b950b Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 31 Jul 2024 19:08:21 +0600 Subject: [PATCH 15/27] force restart tests From a49980d6a5a8553ae24577923e9f79583597885a Mon Sep 17 00:00:00 2001 From: afdesk Date: Thu, 1 Aug 2024 13:42:18 +0600 Subject: [PATCH 16/27] refactor: clean and rename --- magefiles/docs.go | 157 ++++++++++++++++++++++++---------------------- 1 file changed, 82 insertions(+), 75 deletions(-) diff --git a/magefiles/docs.go b/magefiles/docs.go index a7f20256437f..a749be748988 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -53,13 +53,56 @@ func generateConfigDocs(filename string) error { f.WriteString("# " + title + "\n\n") f.WriteString(description + "\n") - flagsMetadata := buildFlagsTree() - genMarkdown(flagsMetadata, -1, f) + flagsTree := buildFlagsTree() + + // -1 - is a level for title(section) + generateMarkdownByFlagDetailsTree(flagsTree, -1, f) f.WriteString(footer) return nil } +func generateMarkdownByFlagDetailsTree(flagTree map[string]any, indent int, w *os.File) { + // Extract and sort keys + keys := make([]string, 0, len(flagTree)) + for key := range flagTree { + keys = append(keys, key) + } + sort.Strings(keys) + + if indent == -1 { + for _, key := range keys { + w.WriteString("## " + key + " options\n\n") + w.WriteString("```yaml\n") + generateMarkdownByFlagDetailsTree(flagTree[key].(map[string]any), 0, w) + w.WriteString("```\n\n") + } + return + } + indentation := strings.Repeat(" ", indent) + + for _, key := range keys { + switch v := flagTree[key].(type) { + case map[string]any: + fmt.Fprintf(w, "%s%s:\n", indentation, key) + generateMarkdownByFlagDetailsTree(v, indent+1, w) + case *flagDetails: + if v.name != "" { + fmt.Fprintf(w, "%s# Same as '--%s'\n", indentation, v.name) + } + fmt.Fprintf(w, "%s# Default is %v\n", indentation, v.defaultValue) + if len(v.example) > 1 { + fmt.Fprintf(w, "%s%s:\n", indentation, key) + for _, line := range v.example { + fmt.Fprintf(w, "%s - %s\n", indentation, line) + } + } else { + fmt.Fprintf(w, "%s%s: %s\n\n", indentation, key, v.example[0]) + } + } + } +} + type flagDetails struct { name string configName string @@ -104,50 +147,36 @@ func getFlagDetails(section string, flagGroup []flag.Flagger) []*flagDetails { return result } -func addToMap(m map[string]any, parts []string, value *flagDetails) { - if len(parts) == 0 { - return - } - if len(parts) == 1 { - m[parts[0]] = value - return - } - if _, exists := m[parts[0]]; !exists { - m[parts[0]] = make(map[string]any) - } - subMap, ok := m[parts[0]].(map[string]any) - if !ok { - subMap = make(map[string]any) - m[parts[0]] = subMap - } - addToMap(subMap, parts[1:], value) -} - func buildFlagsTree() map[string]any { - details := getFlagDetails("Global", flag.NewGlobalFlagGroup().Flags()) - details = append(details, getFlagDetails("Report", flag.NewReportFlagGroup().Flags())...) - details = append(details, getFlagDetails("Image", flag.NewImageFlagGroup().Flags())...) - details = append(details, getFlagDetails("DB", flag.NewDBFlagGroup().Flags())...) - details = append(details, getFlagDetails("Cache", flag.NewCacheFlagGroup().Flags())...) - details = append(details, getFlagDetails("License", flag.NewLicenseFlagGroup().Flags())...) - details = append(details, getFlagDetails("Misconfiguration", flag.NewMisconfFlagGroup().Flags())...) - details = append(details, getFlagDetails("Scan", flag.NewScanFlagGroup().Flags())...) - details = append(details, getFlagDetails("Module", flag.NewModuleFlagGroup().Flags())...) - details = append(details, getFlagDetails("Registry", flag.NewRegistryFlagGroup().Flags())...) - details = append(details, getFlagDetails("Rego", flag.NewRegoFlagGroup().Flags())...) - details = append(details, getFlagDetails("Secret", flag.NewSecretFlagGroup().Flags())...) - details = append(details, getFlagDetails("Vulnerability", flag.NewVulnerabilityFlagGroup().Flags())...) - details = append(details, getFlagDetails("Kubernetes", flag.NewK8sFlagGroup().Flags())...) - details = append(details, getFlagDetails("Repository", flag.NewRepoFlagGroup().Flags())...) - details = append(details, getFlagDetails("Clean", flag.NewCleanFlagGroup().Flags())...) - details = append(details, getFlagDetails("Cloud", flag.NewAWSFlagGroup().Flags())...) - + var allFlags = map[string][]flag.Flagger{ + "Global": flag.NewGlobalFlagGroup().Flags(), + "Report": flag.NewReportFlagGroup().Flags(), + "Image": flag.NewImageFlagGroup().Flags(), + "DB": flag.NewDBFlagGroup().Flags(), + "Cache": flag.NewCacheFlagGroup().Flags(), + "License": flag.NewLicenseFlagGroup().Flags(), + "Misconfiguration": flag.NewMisconfFlagGroup().Flags(), + "Scan": flag.NewScanFlagGroup().Flags(), + "Module": flag.NewModuleFlagGroup().Flags(), + "Registry": flag.NewRegistryFlagGroup().Flags(), + "Rego": flag.NewRegoFlagGroup().Flags(), + "Secret": flag.NewSecretFlagGroup().Flags(), + "Vulnerability": flag.NewVulnerabilityFlagGroup().Flags(), + "Kubernetes": flag.NewK8sFlagGroup().Flags(), + "Repository": flag.NewRepoFlagGroup().Flags(), + "Clean": flag.NewCleanFlagGroup().Flags(), + "Cloud": flag.NewAWSFlagGroup().Flags(), + } // remoteFlags should contain Client and Server flags. // NewClientFlags doesn't initialize `Listen` field remoteFlags := flag.NewClientFlags() remoteFlags.Listen = flag.ServerListenFlag.Clone() - details = append(details, getFlagDetails("Client/Server", remoteFlags.Flags())...) + allFlags["Client/Server"] = remoteFlags.Flags() + var details []*flagDetails + for k, v := range allFlags { + details = append(details, getFlagDetails(k, v)...) + } res := map[string]any{} for _, m := range details { addToMap(res, strings.Split(m.configName, "."), m) @@ -155,43 +184,21 @@ func buildFlagsTree() map[string]any { return res } -func genMarkdown(m map[string]any, indent int, w *os.File) { - // Extract and sort keys - keys := make([]string, 0, len(m)) - for key := range m { - keys = append(keys, key) +func addToMap(m map[string]any, parts []string, value *flagDetails) { + if len(parts) == 0 { + return } - sort.Strings(keys) - - if indent == -1 { - for _, key := range keys { - w.WriteString("## " + key + " options\n\n") - w.WriteString("```yaml\n") - genMarkdown(m[key].(map[string]any), 0, w) - w.WriteString("```\n\n") - } + if len(parts) == 1 { + m[parts[0]] = value return } - indentation := strings.Repeat(" ", indent) - - for _, key := range keys { - switch v := m[key].(type) { - case map[string]any: - fmt.Fprintf(w, "%s%s:\n", indentation, key) - genMarkdown(v, indent+1, w) - case *flagDetails: - if v.name != "" { - fmt.Fprintf(w, "%s# Same as '--%s'\n", indentation, v.name) - } - fmt.Fprintf(w, "%s# Default is %v\n", indentation, v.defaultValue) - if len(v.example) > 1 { - fmt.Fprintf(w, "%s%s:\n", indentation, key) - for _, line := range v.example { - fmt.Fprintf(w, "%s - %s\n", indentation, line) - } - } else { - fmt.Fprintf(w, "%s%s: %s\n\n", indentation, key, v.example[0]) - } - } + if _, exists := m[parts[0]]; !exists { + m[parts[0]] = make(map[string]any) } + subMap, ok := m[parts[0]].(map[string]any) + if !ok { + subMap = make(map[string]any) + m[parts[0]] = subMap + } + addToMap(subMap, parts[1:], value) } From 5f381ea8a521603fe00dcabfd7087c6a5ffd5b79 Mon Sep 17 00:00:00 2001 From: afdesk Date: Thu, 1 Aug 2024 13:43:38 +0600 Subject: [PATCH 17/27] fix comment --- magefiles/docs.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/magefiles/docs.go b/magefiles/docs.go index a749be748988..9bf3ba71ef3e 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -43,7 +43,7 @@ func main() { } } -// generateConfigDocs creates custom markdown output. +// generateConfigDocs creates markdown file for Trivy config. func generateConfigDocs(filename string) error { f, err := os.Create(filename) if err != nil { From c7176be14351b36ba0cf8b186859a87f749636cb Mon Sep 17 00:00:00 2001 From: afdesk Date: Thu, 1 Aug 2024 18:46:43 +0600 Subject: [PATCH 18/27] refactor: using Dmitry's way --- .../references/configuration/config-file.md | 197 +++++++--------- magefiles/docs.go | 221 +++++++----------- pkg/flag/global_flags.go | 2 +- 3 files changed, 179 insertions(+), 241 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index f8d94072cf80..de206271aea2 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -5,6 +5,56 @@ The config path can be overridden by the `--config` flag. An example is [here][example]. +## Global options + +```yaml +cache: + # Same as '--cache-dir' + # Default is /path/to/cache + dir: /path/to/cache + +# Same as '--debug' +# Default is false +debug: false + +# Same as '--insecure' +# Default is false +insecure: false + +# Same as '--quiet' +# Default is false +quiet: false + +# Same as '--timeout' +# Default is 5m0s +timeout: 5m0s + +``` +## Client/Server options + +```yaml +server: + # Same as '--server' + # Default is empty + addr: + + # Same as '--custom-headers' + # Default is [] + custom-headers: [] + + # Same as '--listen' + # Default is localhost:4954 + listen: localhost:4954 + + # Same as '--token' + # Default is empty + token: + + # Same as '--token-header' + # Default is Trivy-Token + token-header: Trivy-Token + +``` ## Cache options ```yaml @@ -39,7 +89,6 @@ cache: ttl: 0s ``` - ## Clean options ```yaml @@ -69,64 +118,6 @@ clean: vuln-db: false ``` - -## Client/Server options - -```yaml -server: - # Same as '--server' - # Default is empty - addr: - - # Same as '--custom-headers' - # Default is [] - custom-headers: [] - - # Same as '--listen' - # Default is localhost:4954 - listen: localhost:4954 - - # Same as '--token' - # Default is empty - token: - - # Same as '--token-header' - # Default is Trivy-Token - token-header: Trivy-Token - -``` - -## Cloud options - -```yaml -cloud: - aws: - # Same as '--account' - # Default is empty - account: - - # Same as '--arn' - # Default is empty - arn: - - # Same as '--endpoint' - # Default is empty - endpoint: - - # Same as '--region' - # Default is empty - region: - - # Same as '--service' - # Default is [] - service: [] - - # Same as '--skip-service' - # Default is [] - skip-service: [] - -``` - ## DB options ```yaml @@ -168,45 +159,6 @@ db: reset: false ``` - -## Global options - -```yaml -cache: - # Same as '--cache-dir' - # Default is /path/to/cache - dir: /path/to/cache - -# Same as '--config' -# Default is trivy.yaml -config: trivy.yaml - -# Same as '--debug' -# Default is false -debug: false - -# Same as '--generate-default-config' -# Default is false -generate-default-config: false - -# Same as '--insecure' -# Default is false -insecure: false - -# Same as '--quiet' -# Default is false -quiet: false - -# Same as '--timeout' -# Default is 5m0s -timeout: 5m0s - -# Same as '--version' -# Default is false -version: false - -``` - ## Image options ```yaml @@ -244,8 +196,8 @@ image: - containerd - podman - remote -``` +``` ## Kubernetes options ```yaml @@ -313,7 +265,6 @@ kubernetes: tolerations: [] ``` - ## License options ```yaml @@ -346,6 +297,7 @@ license: - Facebook-3-Clause - Facebook-Examples - WTFPL + # Same as '--license-full' # Default is false full: false @@ -420,6 +372,7 @@ license: - ZPL-1.1 - ZPL-2.0 - ZPL-2.1 + # Default is [] permissive: [] @@ -440,6 +393,7 @@ license: - MPL-1.1 - MPL-2.0 - Ruby + # Default is BCL, CC-BY-ND-1.0, CC-BY-ND-2.0, CC-BY-ND-2.5, CC-BY-ND-3.0, CC-BY-ND-4.0, CC-BY-SA-1.0, CC-BY-SA-2.0, CC-BY-SA-2.5, CC-BY-SA-3.0, CC-BY-SA-4.0, GPL-1.0, GPL-2.0, GPL-2.0-with-autoconf-exception, GPL-2.0-with-bison-exception, GPL-2.0-with-classpath-exception, GPL-2.0-with-font-exception, GPL-2.0-with-GCC-exception, GPL-3.0, GPL-3.0-with-autoconf-exception, GPL-3.0-with-GCC-exception, LGPL-2.0, LGPL-2.1, LGPL-3.0, NPL-1.0, NPL-1.1, OSL-1.0, OSL-1.1, OSL-2.0, OSL-2.1, OSL-3.0, QPL-1.0, Sleepycat restricted: - BCL @@ -475,13 +429,14 @@ license: - OSL-3.0 - QPL-1.0 - Sleepycat + # Default is CC0-1.0, Unlicense, 0BSD unencumbered: - CC0-1.0 - Unlicense - 0BSD -``` +``` ## Misconfiguration options ```yaml @@ -539,6 +494,7 @@ misconfiguration: - terraform - terraformplan-json - terraformplan-snapshot + terraform: # Same as '--tf-exclude-downloaded-modules' # Default is false @@ -549,7 +505,6 @@ misconfiguration: vars: [] ``` - ## Module options ```yaml @@ -563,7 +518,6 @@ module: enable-modules: [] ``` - ## Registry options ```yaml @@ -581,7 +535,6 @@ registry: username: [] ``` - ## Rego options ```yaml @@ -611,7 +564,6 @@ rego: trace: false ``` - ## Report options ```yaml @@ -672,12 +624,12 @@ severity: - MEDIUM - HIGH - CRITICAL + # Same as '--template' # Default is empty template: ``` - ## Repository options ```yaml @@ -695,7 +647,6 @@ repository: tag: ``` - ## Scan options ```yaml @@ -725,6 +676,7 @@ scan: scanners: - vuln - secret + # Same as '--skip-dirs' # Default is [] skip-dirs: [] @@ -738,7 +690,6 @@ scan: slow: false ``` - ## Secret options ```yaml @@ -748,7 +699,6 @@ secret: config: trivy-secret.yaml ``` - ## Vulnerability options ```yaml @@ -770,5 +720,34 @@ vulnerability: vex: [] ``` +## AWS options +```yaml +cloud: + aws: + # Same as '--account' + # Default is empty + account: + + # Same as '--arn' + # Default is empty + arn: + + # Same as '--endpoint' + # Default is empty + endpoint: + + # Same as '--region' + # Default is empty + region: + + # Same as '--service' + # Default is [] + service: [] + + # Same as '--skip-service' + # Default is [] + skip-service: [] + +``` [example]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/examples/trivy-conf/trivy.yaml \ No newline at end of file diff --git a/magefiles/docs.go b/magefiles/docs.go index 9bf3ba71ef3e..b47e9541805d 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -3,9 +3,10 @@ package main import ( + "cmp" "fmt" "os" - "sort" + "slices" "strings" "github.com/samber/lo" @@ -45,6 +46,39 @@ func main() { // generateConfigDocs creates markdown file for Trivy config. func generateConfigDocs(filename string) error { + // remoteFlags should contain Client and Server flags. + // NewClientFlags doesn't initialize `Listen` field + remoteFlags := flag.NewClientFlags() + remoteFlags.Listen = flag.ServerListenFlag.Clone() + + // These flags don't work from config file. + // Clear configName to skip them later. + globalFlags := flag.NewGlobalFlagGroup() + globalFlags.ConfigFile.ConfigName = "" + globalFlags.ShowVersion.ConfigName = "" + globalFlags.GenerateDefaultConfig.ConfigName = "" + + var allFlagGroups = []flag.FlagGroup{ + globalFlags, + remoteFlags, + flag.NewCacheFlagGroup(), + flag.NewCleanFlagGroup(), + flag.NewDBFlagGroup(), + flag.NewImageFlagGroup(), + flag.NewK8sFlagGroup(), + flag.NewLicenseFlagGroup(), + flag.NewMisconfFlagGroup(), + flag.NewModuleFlagGroup(), + flag.NewRegistryFlagGroup(), + flag.NewRegoFlagGroup(), + flag.NewReportFlagGroup(), + flag.NewRepoFlagGroup(), + flag.NewScanFlagGroup(), + flag.NewSecretFlagGroup(), + flag.NewVulnerabilityFlagGroup(), + flag.NewAWSFlagGroup(), + } + f, err := os.Create(filename) if err != nil { return err @@ -53,152 +87,77 @@ func generateConfigDocs(filename string) error { f.WriteString("# " + title + "\n\n") f.WriteString(description + "\n") - flagsTree := buildFlagsTree() - - // -1 - is a level for title(section) - generateMarkdownByFlagDetailsTree(flagsTree, -1, f) + for _, group := range allFlagGroups { + f.WriteString("## " + group.Name() + " options\n") + writeFlags(group, f) + } f.WriteString(footer) return nil } -func generateMarkdownByFlagDetailsTree(flagTree map[string]any, indent int, w *os.File) { - // Extract and sort keys - keys := make([]string, 0, len(flagTree)) - for key := range flagTree { - keys = append(keys, key) - } - sort.Strings(keys) - - if indent == -1 { - for _, key := range keys { - w.WriteString("## " + key + " options\n\n") - w.WriteString("```yaml\n") - generateMarkdownByFlagDetailsTree(flagTree[key].(map[string]any), 0, w) - w.WriteString("```\n\n") - } - return - } - indentation := strings.Repeat(" ", indent) - - for _, key := range keys { - switch v := flagTree[key].(type) { - case map[string]any: - fmt.Fprintf(w, "%s%s:\n", indentation, key) - generateMarkdownByFlagDetailsTree(v, indent+1, w) - case *flagDetails: - if v.name != "" { - fmt.Fprintf(w, "%s# Same as '--%s'\n", indentation, v.name) - } - fmt.Fprintf(w, "%s# Default is %v\n", indentation, v.defaultValue) - if len(v.example) > 1 { - fmt.Fprintf(w, "%s%s:\n", indentation, key) - for _, line := range v.example { - fmt.Fprintf(w, "%s - %s\n", indentation, line) - } - } else { - fmt.Fprintf(w, "%s%s: %s\n\n", indentation, key, v.example[0]) - } - } - } -} - -type flagDetails struct { - name string - configName string - defaultValue any - example []string -} +func writeFlags(group flag.FlagGroup, w *os.File) { + flags := group.Flags() + slices.SortFunc(flags, func(a, b flag.Flagger) int { + return cmp.Compare(a.GetConfigName(), b.GetConfigName()) + }) + w.WriteString("\n```yaml\n") -func getFlagDetails(section string, flagGroup []flag.Flagger) []*flagDetails { - result := []*flagDetails{} - for _, flg := range flagGroup { - if flg == nil { + var lastParts []string + for _, flg := range flags { + if flg.GetConfigName() == "" { continue } - var defaultValue any - var example []string - - switch p := flg.GetDefaultValue().(type) { - case string: - defaultValue = lo.Ternary(len(p) > 0, p, "empty") - example = append(example, lo.Ternary(len(p) > 0, p, "")) - case []string: - if len(p) > 0 { - defaultValue = strings.Join(p, ", ") - for _, line := range p { - example = append(example, line) + parts := strings.Split(flg.GetConfigName(), ".") + for i := range parts { + // Skip already added part + if len(lastParts) >= i+1 && parts[i] == lastParts[i] { + continue + } + ind := strings.Repeat(" ", i) + isLastPart := i == len(parts)-1 + if isLastPart { + if flg.GetName() != "" { + fmt.Fprintf(w, "%s# Same as '--%s'\n", ind, flg.GetName()) } + fmt.Fprintf(w, "%s# Default is %v\n", ind, defaultValueString(flg.GetDefaultValue())) } + w.WriteString(ind + parts[i] + ":") + if isLastPart { + writeFlagValue(flg.GetDefaultValue(), ind, w) + } + w.WriteString("\n") } - if defaultValue == nil { - defaultValue = flg.GetDefaultValue() - } - if len(example) == 0 { - example = append(example, fmt.Sprintf("%v", defaultValue)) - } - result = append(result, &flagDetails{ - name: flg.GetName(), - configName: section + "." + flg.GetConfigName(), - defaultValue: defaultValue, - example: example, - }) + lastParts = parts } - return result + w.WriteString("```\n") } -func buildFlagsTree() map[string]any { - var allFlags = map[string][]flag.Flagger{ - "Global": flag.NewGlobalFlagGroup().Flags(), - "Report": flag.NewReportFlagGroup().Flags(), - "Image": flag.NewImageFlagGroup().Flags(), - "DB": flag.NewDBFlagGroup().Flags(), - "Cache": flag.NewCacheFlagGroup().Flags(), - "License": flag.NewLicenseFlagGroup().Flags(), - "Misconfiguration": flag.NewMisconfFlagGroup().Flags(), - "Scan": flag.NewScanFlagGroup().Flags(), - "Module": flag.NewModuleFlagGroup().Flags(), - "Registry": flag.NewRegistryFlagGroup().Flags(), - "Rego": flag.NewRegoFlagGroup().Flags(), - "Secret": flag.NewSecretFlagGroup().Flags(), - "Vulnerability": flag.NewVulnerabilityFlagGroup().Flags(), - "Kubernetes": flag.NewK8sFlagGroup().Flags(), - "Repository": flag.NewRepoFlagGroup().Flags(), - "Clean": flag.NewCleanFlagGroup().Flags(), - "Cloud": flag.NewAWSFlagGroup().Flags(), - } - // remoteFlags should contain Client and Server flags. - // NewClientFlags doesn't initialize `Listen` field - remoteFlags := flag.NewClientFlags() - remoteFlags.Listen = flag.ServerListenFlag.Clone() - allFlags["Client/Server"] = remoteFlags.Flags() - - var details []*flagDetails - for k, v := range allFlags { - details = append(details, getFlagDetails(k, v)...) +func defaultValueString(val any) string { + var value string + switch v := val.(type) { + case string: + value = lo.Ternary(len(v) > 0, v, "empty") + case []string: + value = lo.Ternary(len(v) > 0, strings.Join(v, ", "), "[]") + default: + value = fmt.Sprintf("%v", v) } - res := map[string]any{} - for _, m := range details { - addToMap(res, strings.Split(m.configName, "."), m) - } - return res + return value } -func addToMap(m map[string]any, parts []string, value *flagDetails) { - if len(parts) == 0 { - return - } - if len(parts) == 1 { - m[parts[0]] = value - return - } - if _, exists := m[parts[0]]; !exists { - m[parts[0]] = make(map[string]any) - } - subMap, ok := m[parts[0]].(map[string]any) - if !ok { - subMap = make(map[string]any) - m[parts[0]] = subMap +func writeFlagValue(val any, ind string, w *os.File) { + switch v := val.(type) { + case []string: + if len(v) == 0 { + w.WriteString(" []\n") + } else { + w.WriteString("\n") + for _, vv := range v { + fmt.Fprintf(w, "%s - %s\n", ind, vv) + } + } + default: + fmt.Fprintf(w, " %v\n", v) } - addToMap(subMap, parts[1:], value) } diff --git a/pkg/flag/global_flags.go b/pkg/flag/global_flags.go index ebd79bd5a06c..2d20611b8b72 100644 --- a/pkg/flag/global_flags.go +++ b/pkg/flag/global_flags.go @@ -106,7 +106,7 @@ func NewGlobalFlagGroup() *GlobalFlagGroup { } func (f *GlobalFlagGroup) Name() string { - return "global" + return "Global" } func (f *GlobalFlagGroup) Flags() []Flagger { From 99e80523d82096ede46fa4fcbeeafc91b7e5ee6a Mon Sep 17 00:00:00 2001 From: afdesk Date: Thu, 1 Aug 2024 18:53:48 +0600 Subject: [PATCH 19/27] refactor: remore space for empty value --- .../references/configuration/config-file.md | 50 +++++++++---------- magefiles/docs.go | 12 +++-- 2 files changed, 34 insertions(+), 28 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index de206271aea2..2803448a670a 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -36,7 +36,7 @@ timeout: 5m0s server: # Same as '--server' # Default is empty - addr: + addr: # Same as '--custom-headers' # Default is [] @@ -48,7 +48,7 @@ server: # Same as '--token' # Default is empty - token: + token: # Same as '--token-header' # Default is Trivy-Token @@ -70,15 +70,15 @@ cache: redis: # Same as '--redis-ca' # Default is empty - ca: + ca: # Same as '--redis-cert' # Default is empty - cert: + cert: # Same as '--redis-key' # Default is empty - key: + key: # Same as '--redis-tls' # Default is false @@ -166,7 +166,7 @@ image: docker: # Same as '--docker-host' # Default is empty - host: + host: # Same as '--image-config-scanners' # Default is [] @@ -174,16 +174,16 @@ image: # Same as '--input' # Default is empty - input: + input: # Same as '--platform' # Default is empty - platform: + platform: podman: # Same as '--podman-host' # Default is empty - host: + host: # Same as '--removed-pkgs' # Default is false @@ -237,11 +237,11 @@ kubernetes: # Same as '--k8s-version' # Default is empty - k8s-version: + k8s-version: # Same as '--kubeconfig' # Default is empty - kubeconfig: + kubeconfig: node-collector: # Same as '--node-collector-imageref' @@ -457,7 +457,7 @@ misconfiguration: # Same as '--helm-kube-version' # Default is empty - kube-version: + kube-version: # Same as '--helm-set' # Default is [] @@ -528,7 +528,7 @@ registry: # Same as '--registry-token' # Default is empty - token: + token: # Same as '--username' # Default is [] @@ -585,7 +585,7 @@ format: table # Same as '--ignore-policy' # Default is empty -ignore-policy: +ignore-policy: # Same as '--ignorefile' # Default is .trivyignore @@ -597,11 +597,11 @@ list-all-pkgs: false # Same as '--output' # Default is empty -output: +output: # Same as '--output-plugin-arg' # Default is empty -output-plugin-arg: +output-plugin-arg: # Same as '--report' # Default is all @@ -610,7 +610,7 @@ report: all scan: # Same as '--compliance' # Default is empty - compliance: + compliance: # Same as '--show-suppressed' # Default is false @@ -627,7 +627,7 @@ severity: # Same as '--template' # Default is empty -template: +template: ``` ## Repository options @@ -636,15 +636,15 @@ template: repository: # Same as '--branch' # Default is empty - branch: + branch: # Same as '--commit' # Default is empty - commit: + commit: # Same as '--tag' # Default is empty - tag: + tag: ``` ## Scan options @@ -727,19 +727,19 @@ cloud: aws: # Same as '--account' # Default is empty - account: + account: # Same as '--arn' # Default is empty - arn: + arn: # Same as '--endpoint' # Default is empty - endpoint: + endpoint: # Same as '--region' # Default is empty - region: + region: # Same as '--service' # Default is [] diff --git a/magefiles/docs.go b/magefiles/docs.go index b47e9541805d..ec78b550c0ea 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -149,13 +149,19 @@ func defaultValueString(val any) string { func writeFlagValue(val any, ind string, w *os.File) { switch v := val.(type) { case []string: - if len(v) == 0 { - w.WriteString(" []\n") - } else { + if len(v) > 0 { w.WriteString("\n") for _, vv := range v { fmt.Fprintf(w, "%s - %s\n", ind, vv) } + } else { + w.WriteString(" []\n") + } + case string: + if len(v) > 0 { + fmt.Fprintf(w, " %v\n", v) + } else { + w.WriteString("\n") } default: fmt.Fprintf(w, " %v\n", v) From 72cf95b84683731ef759f7c01c78c2f5e942df2b Mon Sep 17 00:00:00 2001 From: afdesk Date: Thu, 1 Aug 2024 18:58:48 +0600 Subject: [PATCH 20/27] change [] to empty --- .../references/configuration/config-file.md | 62 +++++++++---------- magefiles/docs.go | 2 +- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index 2803448a670a..c4704cff14d2 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -40,7 +40,7 @@ server: # Same as '--custom-headers' # Default is [] - custom-headers: [] + custom-headers: empty # Same as '--listen' # Default is localhost:4954 @@ -170,7 +170,7 @@ image: # Same as '--image-config-scanners' # Default is [] - image-config-scanners: [] + image-config-scanners: empty # Same as '--input' # Default is empty @@ -213,7 +213,7 @@ kubernetes: exclude: # Same as '--exclude-nodes' # Default is [] - nodes: [] + nodes: empty # Same as '--exclude-owned' # Default is false @@ -221,19 +221,19 @@ kubernetes: # Same as '--exclude-kinds' # Default is [] - excludeKinds: [] + excludeKinds: empty # Same as '--exclude-namespaces' # Default is [] - excludeNamespaces: [] + excludeNamespaces: empty # Same as '--include-kinds' # Default is [] - includeKinds: [] + includeKinds: empty # Same as '--include-namespaces' # Default is [] - includeNamespaces: [] + includeNamespaces: empty # Same as '--k8s-version' # Default is empty @@ -262,7 +262,7 @@ kubernetes: # Same as '--tolerations' # Default is [] - tolerations: [] + tolerations: empty ``` ## License options @@ -304,7 +304,7 @@ license: # Same as '--ignored-licenses' # Default is [] - ignored: [] + ignored: empty # Default is AFL-1.1, AFL-1.2, AFL-2.0, AFL-2.1, AFL-3.0, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-1.0-cl8, Artistic-1.0-Perl, Artistic-1.0, Artistic-2.0, BSL-1.0, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-2-Clause, BSD-3-Clause-Attribution, BSD-3-Clause-Clear, BSD-3-Clause-LBNL, BSD-3-Clause, BSD-4-Clause, BSD-4-Clause-UC, BSD-Protection, CC-BY-1.0, CC-BY-2.0, CC-BY-2.5, CC-BY-3.0, CC-BY-4.0, FTL, ISC, ImageMagick, Libpng, Lil-1.0, Linux-OpenIB, LPL-1.02, LPL-1.0, MS-PL, MIT, NCSA, OpenSSL, PHP-3.01, PHP-3.0, PIL, Python-2.0, Python-2.0-complete, PostgreSQL, SGI-B-1.0, SGI-B-1.1, SGI-B-2.0, Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C-19980720, W3C-20150513, W3C, X11, Xnet, Zend-2.0, zlib-acknowledgement, Zlib, ZPL-1.1, ZPL-2.0, ZPL-2.1 notice: @@ -374,7 +374,7 @@ license: - ZPL-2.1 # Default is [] - permissive: [] + permissive: empty # Default is APSL-1.0, APSL-1.1, APSL-1.2, APSL-2.0, CDDL-1.0, CDDL-1.1, CPL-1.0, EPL-1.0, EPL-2.0, FreeImage, IPL-1.0, MPL-1.0, MPL-1.1, MPL-2.0, Ruby reciprocal: @@ -448,12 +448,12 @@ misconfiguration: cloudformation: # Same as '--cf-params' # Default is [] - params: [] + params: empty helm: # Same as '--helm-api-versions' # Default is [] - api-versions: [] + api-versions: empty # Same as '--helm-kube-version' # Default is empty @@ -461,19 +461,19 @@ misconfiguration: # Same as '--helm-set' # Default is [] - set: [] + set: empty # Same as '--helm-set-file' # Default is [] - set-file: [] + set-file: empty # Same as '--helm-set-string' # Default is [] - set-string: [] + set-string: empty # Same as '--helm-values' # Default is [] - values: [] + values: empty # Same as '--include-non-failures' # Default is false @@ -502,7 +502,7 @@ misconfiguration: # Same as '--tf-vars' # Default is [] - vars: [] + vars: empty ``` ## Module options @@ -515,7 +515,7 @@ module: # Same as '--enable-modules' # Default is [] - enable-modules: [] + enable-modules: empty ``` ## Registry options @@ -524,7 +524,7 @@ module: registry: # Same as '--password' # Default is [] - password: [] + password: empty # Same as '--registry-token' # Default is empty @@ -532,7 +532,7 @@ registry: # Same as '--username' # Default is [] - username: [] + username: empty ``` ## Rego options @@ -541,11 +541,11 @@ registry: rego: # Same as '--config-check' # Default is [] - check: [] + check: empty # Same as '--config-data' # Default is [] - data: [] + data: empty # Same as '--include-deprecated-checks' # Default is false @@ -553,7 +553,7 @@ rego: # Same as '--check-namespaces' # Default is [] - namespaces: [] + namespaces: empty # Same as '--skip-check-update' # Default is false @@ -653,7 +653,7 @@ repository: scan: # Same as '--file-patterns' # Default is [] - file-patterns: [] + file-patterns: empty # Same as '--offline-scan' # Default is false @@ -669,7 +669,7 @@ scan: # Same as '--sbom-sources' # Default is [] - sbom-sources: [] + sbom-sources: empty # Same as '--scanners' # Default is vuln, secret @@ -679,11 +679,11 @@ scan: # Same as '--skip-dirs' # Default is [] - skip-dirs: [] + skip-dirs: empty # Same as '--skip-files' # Default is [] - skip-files: [] + skip-files: empty # Same as '--slow' # Default is false @@ -705,7 +705,7 @@ secret: vulnerability: # Same as '--ignore-status' # Default is [] - ignore-status: [] + ignore-status: empty # Same as '--ignore-unfixed' # Default is false @@ -717,7 +717,7 @@ vulnerability: # Same as '--vex' # Default is [] - vex: [] + vex: empty ``` ## AWS options @@ -743,11 +743,11 @@ cloud: # Same as '--service' # Default is [] - service: [] + service: empty # Same as '--skip-service' # Default is [] - skip-service: [] + skip-service: empty ``` [example]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/examples/trivy-conf/trivy.yaml \ No newline at end of file diff --git a/magefiles/docs.go b/magefiles/docs.go index ec78b550c0ea..d50487775624 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -155,7 +155,7 @@ func writeFlagValue(val any, ind string, w *os.File) { fmt.Fprintf(w, "%s - %s\n", ind, vv) } } else { - w.WriteString(" []\n") + w.WriteString(" empty\n") } case string: if len(v) > 0 { From c96d83b54af794a0156a98d74d7d2841746f0b34 Mon Sep 17 00:00:00 2001 From: afdesk Date: Fri, 2 Aug 2024 14:58:55 +0600 Subject: [PATCH 21/27] fix --- magefiles/docs.go | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/magefiles/docs.go b/magefiles/docs.go index d50487775624..74c94c892605 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -98,6 +98,7 @@ func generateConfigDocs(filename string) error { func writeFlags(group flag.FlagGroup, w *os.File) { flags := group.Flags() + // Sort flags to avoid duplicates of non-last parts of config file slices.SortFunc(flags, func(a, b flag.Flagger) int { return cmp.Compare(a.GetConfigName(), b.GetConfigName()) }) @@ -108,6 +109,7 @@ func writeFlags(group flag.FlagGroup, w *os.File) { if flg.GetConfigName() == "" { continue } + // We need to split the config name on `.` to make the indentations needed in yaml. parts := strings.Split(flg.GetConfigName(), ".") for i := range parts { // Skip already added part @@ -115,8 +117,10 @@ func writeFlags(group flag.FlagGroup, w *os.File) { continue } ind := strings.Repeat(" ", i) + // We need to add a comment and example values only for the last part of the config name. isLastPart := i == len(parts)-1 if isLastPart { + // Some `Flags` don't support flag for CLI. (e.g.`LicenseForbidden`). if flg.GetName() != "" { fmt.Fprintf(w, "%s# Same as '--%s'\n", ind, flg.GetName()) } @@ -139,7 +143,7 @@ func defaultValueString(val any) string { case string: value = lo.Ternary(len(v) > 0, v, "empty") case []string: - value = lo.Ternary(len(v) > 0, strings.Join(v, ", "), "[]") + value = lo.Ternary(len(v) > 0, strings.Join(v, ", "), "empty") default: value = fmt.Sprintf("%v", v) } @@ -155,13 +159,7 @@ func writeFlagValue(val any, ind string, w *os.File) { fmt.Fprintf(w, "%s - %s\n", ind, vv) } } else { - w.WriteString(" empty\n") - } - case string: - if len(v) > 0 { - fmt.Fprintf(w, " %v\n", v) - } else { - w.WriteString("\n") + w.WriteString(" []\n") } default: fmt.Fprintf(w, " %v\n", v) From d124a6c48eec558ef2599d3e029e7e28e494635e Mon Sep 17 00:00:00 2001 From: afdesk Date: Fri, 2 Aug 2024 15:02:10 +0600 Subject: [PATCH 22/27] update docs --- .../references/configuration/config-file.md | 174 +++++++++--------- 1 file changed, 87 insertions(+), 87 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index c4704cff14d2..c5860cc97b5b 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -36,11 +36,11 @@ timeout: 5m0s server: # Same as '--server' # Default is empty - addr: + addr: # Same as '--custom-headers' - # Default is [] - custom-headers: empty + # Default is empty + custom-headers: [] # Same as '--listen' # Default is localhost:4954 @@ -48,7 +48,7 @@ server: # Same as '--token' # Default is empty - token: + token: # Same as '--token-header' # Default is Trivy-Token @@ -70,15 +70,15 @@ cache: redis: # Same as '--redis-ca' # Default is empty - ca: + ca: # Same as '--redis-cert' # Default is empty - cert: + cert: # Same as '--redis-key' # Default is empty - key: + key: # Same as '--redis-tls' # Default is false @@ -166,24 +166,24 @@ image: docker: # Same as '--docker-host' # Default is empty - host: + host: # Same as '--image-config-scanners' - # Default is [] - image-config-scanners: empty + # Default is empty + image-config-scanners: [] # Same as '--input' # Default is empty - input: + input: # Same as '--platform' # Default is empty - platform: + platform: podman: # Same as '--podman-host' # Default is empty - host: + host: # Same as '--removed-pkgs' # Default is false @@ -212,36 +212,36 @@ kubernetes: exclude: # Same as '--exclude-nodes' - # Default is [] - nodes: empty + # Default is empty + nodes: [] # Same as '--exclude-owned' # Default is false owned: false # Same as '--exclude-kinds' - # Default is [] - excludeKinds: empty + # Default is empty + excludeKinds: [] # Same as '--exclude-namespaces' - # Default is [] - excludeNamespaces: empty + # Default is empty + excludeNamespaces: [] # Same as '--include-kinds' - # Default is [] - includeKinds: empty + # Default is empty + includeKinds: [] # Same as '--include-namespaces' - # Default is [] - includeNamespaces: empty + # Default is empty + includeNamespaces: [] # Same as '--k8s-version' # Default is empty - k8s-version: + k8s-version: # Same as '--kubeconfig' # Default is empty - kubeconfig: + kubeconfig: node-collector: # Same as '--node-collector-imageref' @@ -261,8 +261,8 @@ kubernetes: skipImages: false # Same as '--tolerations' - # Default is [] - tolerations: empty + # Default is empty + tolerations: [] ``` ## License options @@ -303,8 +303,8 @@ license: full: false # Same as '--ignored-licenses' - # Default is [] - ignored: empty + # Default is empty + ignored: [] # Default is AFL-1.1, AFL-1.2, AFL-2.0, AFL-2.1, AFL-3.0, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-1.0-cl8, Artistic-1.0-Perl, Artistic-1.0, Artistic-2.0, BSL-1.0, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-2-Clause, BSD-3-Clause-Attribution, BSD-3-Clause-Clear, BSD-3-Clause-LBNL, BSD-3-Clause, BSD-4-Clause, BSD-4-Clause-UC, BSD-Protection, CC-BY-1.0, CC-BY-2.0, CC-BY-2.5, CC-BY-3.0, CC-BY-4.0, FTL, ISC, ImageMagick, Libpng, Lil-1.0, Linux-OpenIB, LPL-1.02, LPL-1.0, MS-PL, MIT, NCSA, OpenSSL, PHP-3.01, PHP-3.0, PIL, Python-2.0, Python-2.0-complete, PostgreSQL, SGI-B-1.0, SGI-B-1.1, SGI-B-2.0, Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C-19980720, W3C-20150513, W3C, X11, Xnet, Zend-2.0, zlib-acknowledgement, Zlib, ZPL-1.1, ZPL-2.0, ZPL-2.1 notice: @@ -373,8 +373,8 @@ license: - ZPL-2.0 - ZPL-2.1 - # Default is [] - permissive: empty + # Default is empty + permissive: [] # Default is APSL-1.0, APSL-1.1, APSL-1.2, APSL-2.0, CDDL-1.0, CDDL-1.1, CPL-1.0, EPL-1.0, EPL-2.0, FreeImage, IPL-1.0, MPL-1.0, MPL-1.1, MPL-2.0, Ruby reciprocal: @@ -447,33 +447,33 @@ misconfiguration: cloudformation: # Same as '--cf-params' - # Default is [] - params: empty + # Default is empty + params: [] helm: # Same as '--helm-api-versions' - # Default is [] - api-versions: empty + # Default is empty + api-versions: [] # Same as '--helm-kube-version' # Default is empty - kube-version: + kube-version: # Same as '--helm-set' - # Default is [] - set: empty + # Default is empty + set: [] # Same as '--helm-set-file' - # Default is [] - set-file: empty + # Default is empty + set-file: [] # Same as '--helm-set-string' - # Default is [] - set-string: empty + # Default is empty + set-string: [] # Same as '--helm-values' - # Default is [] - values: empty + # Default is empty + values: [] # Same as '--include-non-failures' # Default is false @@ -501,8 +501,8 @@ misconfiguration: exclude-downloaded-modules: false # Same as '--tf-vars' - # Default is [] - vars: empty + # Default is empty + vars: [] ``` ## Module options @@ -514,8 +514,8 @@ module: dir: $HOME/.trivy/modules # Same as '--enable-modules' - # Default is [] - enable-modules: empty + # Default is empty + enable-modules: [] ``` ## Registry options @@ -523,16 +523,16 @@ module: ```yaml registry: # Same as '--password' - # Default is [] - password: empty + # Default is empty + password: [] # Same as '--registry-token' # Default is empty - token: + token: # Same as '--username' - # Default is [] - username: empty + # Default is empty + username: [] ``` ## Rego options @@ -540,20 +540,20 @@ registry: ```yaml rego: # Same as '--config-check' - # Default is [] - check: empty + # Default is empty + check: [] # Same as '--config-data' - # Default is [] - data: empty + # Default is empty + data: [] # Same as '--include-deprecated-checks' # Default is false include-deprecated-checks: false # Same as '--check-namespaces' - # Default is [] - namespaces: empty + # Default is empty + namespaces: [] # Same as '--skip-check-update' # Default is false @@ -585,7 +585,7 @@ format: table # Same as '--ignore-policy' # Default is empty -ignore-policy: +ignore-policy: # Same as '--ignorefile' # Default is .trivyignore @@ -597,11 +597,11 @@ list-all-pkgs: false # Same as '--output' # Default is empty -output: +output: # Same as '--output-plugin-arg' # Default is empty -output-plugin-arg: +output-plugin-arg: # Same as '--report' # Default is all @@ -610,7 +610,7 @@ report: all scan: # Same as '--compliance' # Default is empty - compliance: + compliance: # Same as '--show-suppressed' # Default is false @@ -627,7 +627,7 @@ severity: # Same as '--template' # Default is empty -template: +template: ``` ## Repository options @@ -636,15 +636,15 @@ template: repository: # Same as '--branch' # Default is empty - branch: + branch: # Same as '--commit' # Default is empty - commit: + commit: # Same as '--tag' # Default is empty - tag: + tag: ``` ## Scan options @@ -652,8 +652,8 @@ repository: ```yaml scan: # Same as '--file-patterns' - # Default is [] - file-patterns: empty + # Default is empty + file-patterns: [] # Same as '--offline-scan' # Default is false @@ -668,8 +668,8 @@ scan: rekor-url: https://rekor.sigstore.dev # Same as '--sbom-sources' - # Default is [] - sbom-sources: empty + # Default is empty + sbom-sources: [] # Same as '--scanners' # Default is vuln, secret @@ -678,12 +678,12 @@ scan: - secret # Same as '--skip-dirs' - # Default is [] - skip-dirs: empty + # Default is empty + skip-dirs: [] # Same as '--skip-files' - # Default is [] - skip-files: empty + # Default is empty + skip-files: [] # Same as '--slow' # Default is false @@ -704,8 +704,8 @@ secret: ```yaml vulnerability: # Same as '--ignore-status' - # Default is [] - ignore-status: empty + # Default is empty + ignore-status: [] # Same as '--ignore-unfixed' # Default is false @@ -716,8 +716,8 @@ vulnerability: skip-vex-repo-update: false # Same as '--vex' - # Default is [] - vex: empty + # Default is empty + vex: [] ``` ## AWS options @@ -727,27 +727,27 @@ cloud: aws: # Same as '--account' # Default is empty - account: + account: # Same as '--arn' # Default is empty - arn: + arn: # Same as '--endpoint' # Default is empty - endpoint: + endpoint: # Same as '--region' # Default is empty - region: + region: # Same as '--service' - # Default is [] - service: empty + # Default is empty + service: [] # Same as '--skip-service' - # Default is [] - skip-service: empty + # Default is empty + skip-service: [] ``` [example]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/examples/trivy-conf/trivy.yaml \ No newline at end of file From 27801c9da024d6fc9399f8e7ba5c5061eefafc13 Mon Sep 17 00:00:00 2001 From: afdesk Date: Fri, 2 Aug 2024 15:13:55 +0600 Subject: [PATCH 23/27] reodered flags --- .../references/configuration/config-file.md | 50 +++++++++---------- magefiles/docs.go | 2 +- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index c5860cc97b5b..c23960d27dfe 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -29,31 +29,6 @@ quiet: false # Default is 5m0s timeout: 5m0s -``` -## Client/Server options - -```yaml -server: - # Same as '--server' - # Default is empty - addr: - - # Same as '--custom-headers' - # Default is empty - custom-headers: [] - - # Same as '--listen' - # Default is localhost:4954 - listen: localhost:4954 - - # Same as '--token' - # Default is empty - token: - - # Same as '--token-header' - # Default is Trivy-Token - token-header: Trivy-Token - ``` ## Cache options @@ -117,6 +92,31 @@ clean: # Default is false vuln-db: false +``` +## Client/Server options + +```yaml +server: + # Same as '--server' + # Default is empty + addr: + + # Same as '--custom-headers' + # Default is empty + custom-headers: [] + + # Same as '--listen' + # Default is localhost:4954 + listen: localhost:4954 + + # Same as '--token' + # Default is empty + token: + + # Same as '--token-header' + # Default is Trivy-Token + token-header: Trivy-Token + ``` ## DB options diff --git a/magefiles/docs.go b/magefiles/docs.go index 74c94c892605..76d9406ee2d8 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -60,9 +60,9 @@ func generateConfigDocs(filename string) error { var allFlagGroups = []flag.FlagGroup{ globalFlags, - remoteFlags, flag.NewCacheFlagGroup(), flag.NewCleanFlagGroup(), + remoteFlags, flag.NewDBFlagGroup(), flag.NewImageFlagGroup(), flag.NewK8sFlagGroup(), From c7f40b0d97291ed4c1d1d206b7b6b4c3c6893f89 Mon Sep 17 00:00:00 2001 From: afdesk Date: Fri, 2 Aug 2024 16:29:03 +0600 Subject: [PATCH 24/27] remove default value --- .../references/configuration/config-file.md | 204 ++++-------------- magefiles/docs.go | 17 +- 2 files changed, 42 insertions(+), 179 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index c23960d27dfe..16f3bf5e724f 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -10,23 +10,18 @@ An example is [here][example]. ```yaml cache: # Same as '--cache-dir' - # Default is /path/to/cache - dir: /path/to/cache + dir: "/path/to/cache" # Same as '--debug' -# Default is false debug: false # Same as '--insecure' -# Default is false insecure: false # Same as '--quiet' -# Default is false quiet: false # Same as '--timeout' -# Default is 5m0s timeout: 5m0s ``` @@ -35,32 +30,25 @@ timeout: 5m0s ```yaml cache: # Same as '--cache-backend' - # Default is fs - backend: fs + backend: "fs" # Same as '--clear-cache' - # Default is false clear: false redis: # Same as '--redis-ca' - # Default is empty - ca: + ca: "" # Same as '--redis-cert' - # Default is empty - cert: + cert: "" # Same as '--redis-key' - # Default is empty - key: + key: "" # Same as '--redis-tls' - # Default is false tls: false # Same as '--cache-ttl' - # Default is 0s ttl: 0s ``` @@ -69,27 +57,21 @@ cache: ```yaml clean: # Same as '--all' - # Default is false all: false # Same as '--checks-bundle' - # Default is false checks-bundle: false # Same as '--java-db' - # Default is false java-db: false # Same as '--scan-cache' - # Default is false scan-cache: false # Same as '--vex-repo' - # Default is false vex-repo: false # Same as '--vuln-db' - # Default is false vuln-db: false ``` @@ -98,24 +80,19 @@ clean: ```yaml server: # Same as '--server' - # Default is empty - addr: + addr: "" # Same as '--custom-headers' - # Default is empty custom-headers: [] # Same as '--listen' - # Default is localhost:4954 - listen: localhost:4954 + listen: "localhost:4954" # Same as '--token' - # Default is empty - token: + token: "" # Same as '--token-header' - # Default is Trivy-Token - token-header: Trivy-Token + token-header: "Trivy-Token" ``` ## DB options @@ -123,39 +100,30 @@ server: ```yaml db: # Same as '--download-java-db-only' - # Default is false download-java-only: false # Same as '--download-db-only' - # Default is false download-only: false # Same as '--java-db-repository' - # Default is ghcr.io/aquasecurity/trivy-java-db:1 - java-repository: ghcr.io/aquasecurity/trivy-java-db:1 + java-repository: "ghcr.io/aquasecurity/trivy-java-db:1" # Same as '--skip-java-db-update' - # Default is false java-skip-update: false # Same as '--light' - # Default is false light: false # Same as '--no-progress' - # Default is false no-progress: false # Same as '--db-repository' - # Default is ghcr.io/aquasecurity/trivy-db:2 - repository: ghcr.io/aquasecurity/trivy-db:2 + repository: "ghcr.io/aquasecurity/trivy-db:2" # Same as '--skip-db-update' - # Default is false skip-update: false # Same as '--reset' -# Default is false reset: false ``` @@ -165,32 +133,25 @@ reset: false image: docker: # Same as '--docker-host' - # Default is empty - host: + host: "" # Same as '--image-config-scanners' - # Default is empty image-config-scanners: [] # Same as '--input' - # Default is empty - input: + input: "" # Same as '--platform' - # Default is empty - platform: + platform: "" podman: # Same as '--podman-host' - # Default is empty - host: + host: "" # Same as '--removed-pkgs' - # Default is false removed-pkgs: false # Same as '--image-src' - # Default is docker, containerd, podman, remote source: - docker - containerd @@ -203,65 +164,50 @@ image: ```yaml kubernetes: # Same as '--burst' - # Default is 10 burst: 10 # Same as '--disable-node-collector' - # Default is false disableNodeCollector: false exclude: # Same as '--exclude-nodes' - # Default is empty nodes: [] # Same as '--exclude-owned' - # Default is false owned: false # Same as '--exclude-kinds' - # Default is empty excludeKinds: [] # Same as '--exclude-namespaces' - # Default is empty excludeNamespaces: [] # Same as '--include-kinds' - # Default is empty includeKinds: [] # Same as '--include-namespaces' - # Default is empty includeNamespaces: [] # Same as '--k8s-version' - # Default is empty - k8s-version: + k8s-version: "" # Same as '--kubeconfig' - # Default is empty - kubeconfig: + kubeconfig: "" node-collector: # Same as '--node-collector-imageref' - # Default is ghcr.io/aquasecurity/node-collector:0.3.1 - imageref: ghcr.io/aquasecurity/node-collector:0.3.1 + imageref: "ghcr.io/aquasecurity/node-collector:0.3.1" # Same as '--node-collector-namespace' - # Default is trivy-temp - namespace: trivy-temp + namespace: "trivy-temp" # Same as '--qps' - # Default is 5 qps: 5 # Same as '--skip-images' - # Default is false skipImages: false # Same as '--tolerations' - # Default is empty tolerations: [] ``` @@ -270,10 +216,8 @@ kubernetes: ```yaml license: # Same as '--license-confidence-level' - # Default is 0.9 confidenceLevel: 0.9 - # Default is AGPL-1.0, AGPL-3.0, CC-BY-NC-1.0, CC-BY-NC-2.0, CC-BY-NC-2.5, CC-BY-NC-3.0, CC-BY-NC-4.0, CC-BY-NC-ND-1.0, CC-BY-NC-ND-2.0, CC-BY-NC-ND-2.5, CC-BY-NC-ND-3.0, CC-BY-NC-ND-4.0, CC-BY-NC-SA-1.0, CC-BY-NC-SA-2.0, CC-BY-NC-SA-2.5, CC-BY-NC-SA-3.0, CC-BY-NC-SA-4.0, Commons-Clause, Facebook-2-Clause, Facebook-3-Clause, Facebook-Examples, WTFPL forbidden: - AGPL-1.0 - AGPL-3.0 @@ -299,14 +243,11 @@ license: - WTFPL # Same as '--license-full' - # Default is false full: false # Same as '--ignored-licenses' - # Default is empty ignored: [] - # Default is AFL-1.1, AFL-1.2, AFL-2.0, AFL-2.1, AFL-3.0, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-1.0-cl8, Artistic-1.0-Perl, Artistic-1.0, Artistic-2.0, BSL-1.0, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-2-Clause, BSD-3-Clause-Attribution, BSD-3-Clause-Clear, BSD-3-Clause-LBNL, BSD-3-Clause, BSD-4-Clause, BSD-4-Clause-UC, BSD-Protection, CC-BY-1.0, CC-BY-2.0, CC-BY-2.5, CC-BY-3.0, CC-BY-4.0, FTL, ISC, ImageMagick, Libpng, Lil-1.0, Linux-OpenIB, LPL-1.02, LPL-1.0, MS-PL, MIT, NCSA, OpenSSL, PHP-3.01, PHP-3.0, PIL, Python-2.0, Python-2.0-complete, PostgreSQL, SGI-B-1.0, SGI-B-1.1, SGI-B-2.0, Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C-19980720, W3C-20150513, W3C, X11, Xnet, Zend-2.0, zlib-acknowledgement, Zlib, ZPL-1.1, ZPL-2.0, ZPL-2.1 notice: - AFL-1.1 - AFL-1.2 @@ -373,10 +314,8 @@ license: - ZPL-2.0 - ZPL-2.1 - # Default is empty permissive: [] - # Default is APSL-1.0, APSL-1.1, APSL-1.2, APSL-2.0, CDDL-1.0, CDDL-1.1, CPL-1.0, EPL-1.0, EPL-2.0, FreeImage, IPL-1.0, MPL-1.0, MPL-1.1, MPL-2.0, Ruby reciprocal: - APSL-1.0 - APSL-1.1 @@ -394,7 +333,6 @@ license: - MPL-2.0 - Ruby - # Default is BCL, CC-BY-ND-1.0, CC-BY-ND-2.0, CC-BY-ND-2.5, CC-BY-ND-3.0, CC-BY-ND-4.0, CC-BY-SA-1.0, CC-BY-SA-2.0, CC-BY-SA-2.5, CC-BY-SA-3.0, CC-BY-SA-4.0, GPL-1.0, GPL-2.0, GPL-2.0-with-autoconf-exception, GPL-2.0-with-bison-exception, GPL-2.0-with-classpath-exception, GPL-2.0-with-font-exception, GPL-2.0-with-GCC-exception, GPL-3.0, GPL-3.0-with-autoconf-exception, GPL-3.0-with-GCC-exception, LGPL-2.0, LGPL-2.1, LGPL-3.0, NPL-1.0, NPL-1.1, OSL-1.0, OSL-1.1, OSL-2.0, OSL-2.1, OSL-3.0, QPL-1.0, Sleepycat restricted: - BCL - CC-BY-ND-1.0 @@ -430,7 +368,6 @@ license: - QPL-1.0 - Sleepycat - # Default is CC0-1.0, Unlicense, 0BSD unencumbered: - CC0-1.0 - Unlicense @@ -442,49 +379,38 @@ license: ```yaml misconfiguration: # Same as '--checks-bundle-repository' - # Default is ghcr.io/aquasecurity/trivy-checks:0 - checks-bundle-repository: ghcr.io/aquasecurity/trivy-checks:0 + checks-bundle-repository: "ghcr.io/aquasecurity/trivy-checks:0" cloudformation: # Same as '--cf-params' - # Default is empty params: [] helm: # Same as '--helm-api-versions' - # Default is empty api-versions: [] # Same as '--helm-kube-version' - # Default is empty - kube-version: + kube-version: "" # Same as '--helm-set' - # Default is empty set: [] # Same as '--helm-set-file' - # Default is empty set-file: [] # Same as '--helm-set-string' - # Default is empty set-string: [] # Same as '--helm-values' - # Default is empty values: [] # Same as '--include-non-failures' - # Default is false include-non-failures: false # Same as '--reset-checks-bundle' - # Default is false reset-checks-bundle: false # Same as '--misconfig-scanners' - # Default is azure-arm, cloudformation, dockerfile, helm, kubernetes, terraform, terraformplan-json, terraformplan-snapshot scanners: - azure-arm - cloudformation @@ -497,11 +423,9 @@ misconfiguration: terraform: # Same as '--tf-exclude-downloaded-modules' - # Default is false exclude-downloaded-modules: false # Same as '--tf-vars' - # Default is empty vars: [] ``` @@ -510,11 +434,9 @@ misconfiguration: ```yaml module: # Same as '--module-dir' - # Default is $HOME/.trivy/modules - dir: $HOME/.trivy/modules + dir: "$HOME/.trivy/modules" # Same as '--enable-modules' - # Default is empty enable-modules: [] ``` @@ -523,15 +445,12 @@ module: ```yaml registry: # Same as '--password' - # Default is empty password: [] # Same as '--registry-token' - # Default is empty - token: + token: "" # Same as '--username' - # Default is empty username: [] ``` @@ -540,27 +459,21 @@ registry: ```yaml rego: # Same as '--config-check' - # Default is empty check: [] # Same as '--config-data' - # Default is empty data: [] # Same as '--include-deprecated-checks' - # Default is false include-deprecated-checks: false # Same as '--check-namespaces' - # Default is empty namespaces: [] # Same as '--skip-check-update' - # Default is false skip-check-update: false # Same as '--trace' - # Default is false trace: false ``` @@ -568,56 +481,43 @@ rego: ```yaml # Same as '--dependency-tree' -# Default is false dependency-tree: false # Same as '--exit-code' -# Default is 0 exit-code: 0 # Same as '--exit-on-eol' -# Default is 0 exit-on-eol: 0 # Same as '--format' -# Default is table -format: table +format: "table" # Same as '--ignore-policy' -# Default is empty -ignore-policy: +ignore-policy: "" # Same as '--ignorefile' -# Default is .trivyignore -ignorefile: .trivyignore +ignorefile: ".trivyignore" # Same as '--list-all-pkgs' -# Default is false list-all-pkgs: false # Same as '--output' -# Default is empty -output: +output: "" # Same as '--output-plugin-arg' -# Default is empty -output-plugin-arg: +output-plugin-arg: "" # Same as '--report' -# Default is all -report: all +report: "all" scan: # Same as '--compliance' - # Default is empty - compliance: + compliance: "" # Same as '--show-suppressed' - # Default is false show-suppressed: false # Same as '--severity' -# Default is UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL severity: - UNKNOWN - LOW @@ -626,8 +526,7 @@ severity: - CRITICAL # Same as '--template' -# Default is empty -template: +template: "" ``` ## Repository options @@ -635,16 +534,13 @@ template: ```yaml repository: # Same as '--branch' - # Default is empty - branch: + branch: "" # Same as '--commit' - # Default is empty - commit: + commit: "" # Same as '--tag' - # Default is empty - tag: + tag: "" ``` ## Scan options @@ -652,41 +548,32 @@ repository: ```yaml scan: # Same as '--file-patterns' - # Default is empty file-patterns: [] # Same as '--offline-scan' - # Default is false offline: false # Same as '--parallel' - # Default is 5 parallel: 5 # Same as '--rekor-url' - # Default is https://rekor.sigstore.dev - rekor-url: https://rekor.sigstore.dev + rekor-url: "https://rekor.sigstore.dev" # Same as '--sbom-sources' - # Default is empty sbom-sources: [] # Same as '--scanners' - # Default is vuln, secret scanners: - vuln - secret # Same as '--skip-dirs' - # Default is empty skip-dirs: [] # Same as '--skip-files' - # Default is empty skip-files: [] # Same as '--slow' - # Default is false slow: false ``` @@ -695,8 +582,7 @@ scan: ```yaml secret: # Same as '--secret-config' - # Default is trivy-secret.yaml - config: trivy-secret.yaml + config: "trivy-secret.yaml" ``` ## Vulnerability options @@ -704,19 +590,15 @@ secret: ```yaml vulnerability: # Same as '--ignore-status' - # Default is empty ignore-status: [] # Same as '--ignore-unfixed' - # Default is false ignore-unfixed: false # Same as '--skip-vex-repo-update' - # Default is false skip-vex-repo-update: false # Same as '--vex' - # Default is empty vex: [] ``` @@ -726,27 +608,21 @@ vulnerability: cloud: aws: # Same as '--account' - # Default is empty - account: + account: "" # Same as '--arn' - # Default is empty - arn: + arn: "" # Same as '--endpoint' - # Default is empty - endpoint: + endpoint: "" # Same as '--region' - # Default is empty - region: + region: "" # Same as '--service' - # Default is empty service: [] # Same as '--skip-service' - # Default is empty skip-service: [] ``` diff --git a/magefiles/docs.go b/magefiles/docs.go index 76d9406ee2d8..cc914d2a09c2 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -9,7 +9,6 @@ import ( "slices" "strings" - "github.com/samber/lo" "github.com/spf13/cobra/doc" "github.com/aquasecurity/trivy/pkg/commands" @@ -124,7 +123,6 @@ func writeFlags(group flag.FlagGroup, w *os.File) { if flg.GetName() != "" { fmt.Fprintf(w, "%s# Same as '--%s'\n", ind, flg.GetName()) } - fmt.Fprintf(w, "%s# Default is %v\n", ind, defaultValueString(flg.GetDefaultValue())) } w.WriteString(ind + parts[i] + ":") if isLastPart { @@ -137,19 +135,6 @@ func writeFlags(group flag.FlagGroup, w *os.File) { w.WriteString("```\n") } -func defaultValueString(val any) string { - var value string - switch v := val.(type) { - case string: - value = lo.Ternary(len(v) > 0, v, "empty") - case []string: - value = lo.Ternary(len(v) > 0, strings.Join(v, ", "), "empty") - default: - value = fmt.Sprintf("%v", v) - } - return value -} - func writeFlagValue(val any, ind string, w *os.File) { switch v := val.(type) { case []string: @@ -161,6 +146,8 @@ func writeFlagValue(val any, ind string, w *os.File) { } else { w.WriteString(" []\n") } + case string: + fmt.Fprintf(w, " %q\n", v) default: fmt.Fprintf(w, " %v\n", v) } From a21a49a0b6c832bb2e6696da07689c8f294c81f4 Mon Sep 17 00:00:00 2001 From: afdesk Date: Fri, 2 Aug 2024 16:33:07 +0600 Subject: [PATCH 25/27] remove aws group --- .../references/configuration/config-file.md | 24 ------------------- magefiles/docs.go | 1 - 2 files changed, 25 deletions(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index 16f3bf5e724f..23b69a711263 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -601,29 +601,5 @@ vulnerability: # Same as '--vex' vex: [] -``` -## AWS options - -```yaml -cloud: - aws: - # Same as '--account' - account: "" - - # Same as '--arn' - arn: "" - - # Same as '--endpoint' - endpoint: "" - - # Same as '--region' - region: "" - - # Same as '--service' - service: [] - - # Same as '--skip-service' - skip-service: [] - ``` [example]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/examples/trivy-conf/trivy.yaml \ No newline at end of file diff --git a/magefiles/docs.go b/magefiles/docs.go index cc914d2a09c2..0e5ee560a85e 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -75,7 +75,6 @@ func generateConfigDocs(filename string) error { flag.NewScanFlagGroup(), flag.NewSecretFlagGroup(), flag.NewVulnerabilityFlagGroup(), - flag.NewAWSFlagGroup(), } f, err := os.Create(filename) From 867accb2bad5588e013e6101bf4756d1128ba32a Mon Sep 17 00:00:00 2001 From: afdesk Date: Fri, 2 Aug 2024 16:38:44 +0600 Subject: [PATCH 26/27] add info about default values --- docs/docs/references/configuration/config-file.md | 1 + magefiles/docs.go | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index 23b69a711263..ede5c6821f5c 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -5,6 +5,7 @@ The config path can be overridden by the `--config` flag. An example is [here][example]. +These samples contain default values for flags. ## Global options ```yaml diff --git a/magefiles/docs.go b/magefiles/docs.go index 0e5ee560a85e..7d09d37e1092 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -20,7 +20,8 @@ const ( title = "Config file" description = "Trivy can be customized by tweaking a `trivy.yaml` file.\n" + "The config path can be overridden by the `--config` flag.\n\n" + - "An example is [here][example].\n" + "An example is [here][example].\n\n" + + "These samples contain default values for flags." footer = "[example]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/examples/trivy-conf/trivy.yaml" ) From effa6029d2420f3fa5ed3867a0648321c9820e1b Mon Sep 17 00:00:00 2001 From: knqyf263 Date: Mon, 5 Aug 2024 11:31:35 +0400 Subject: [PATCH 27/27] docs: auto-generate Signed-off-by: knqyf263 --- docs/docs/references/configuration/config-file.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index ede5c6821f5c..b3876d6ad225 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -548,6 +548,9 @@ repository: ```yaml scan: + # Same as '--detection-priority' + detection-priority: "precise" + # Same as '--file-patterns' file-patterns: []