aquasecurity · simar7 · Aug 14, 2024 · Aug 12, 2024
@@ -101,7 +101,7 @@ Total: 1785 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1680, CRITICAL: 105)
 </details>
 
 ```bash
-trivy conf --severity HIGH,CRITICAL examples/misconf/mixed
+trivy config --severity HIGH,CRITICAL examples/misconf/mixed
 ```
 
 <details>

@@ -21,7 +21,7 @@ It evaluates properties, functions, and other elements within CloudFormation fil
 You can provide `cf-params` with path to [CloudFormation Parameters] file to Trivy to scan your CloudFormation code with parameters.
 
 ```bash
-trivy conf --cf-params params.json ./infrastructure/cf
+trivy config --cf-params params.json ./infrastructure/cf
 ```
 
 You can check a [CloudFormation Parameters Example]

@@ -21,7 +21,7 @@ When override values are passed to the Helm scanner, the values will be used dur
 Overrides can be set inline on the command line
 
 ```bash
-trivy conf --helm-set securityContext.runAsUser=0 ./charts/mySql
+trivy config --helm-set securityContext.runAsUser=0 ./charts/mySql
 ```
 
 #### Setting value file overrides
@@ -35,7 +35,7 @@ securityContext:
 ```
 
 ```bash
-trivy conf --helm-values overrides.yaml ./charts/mySql
+trivy config --helm-values overrides.yaml ./charts/mySql
 ``` 
 
 #### Setting value as explicit string
@@ -49,7 +49,7 @@ trivy config --helm-set-string name=false ./infrastructure/tf
 Specific override values can come from specific files
 
 ```bash
-trivy conf --helm-set-file environment=dev.values.yaml ./charts/mySql
+trivy config --helm-set-file environment=dev.values.yaml ./charts/mySql
 ```
 
 ## Secret

@@ -18,13 +18,13 @@ It supports the following formats:
 Trivy can scan Terraform Plan files (snapshots) or their JSON representations. To create a Terraform Plan and scan it, run the following command:
 ```bash
 terraform plan --out tfplan
-trivy conf tfplan
+trivy config tfplan
 ```
 
 To scan a Terraform Plan representation in JSON format, run the following command:
 ```bash
 terraform show -json tfplan > tfplan.json
-trivy conf tfplan.json
+trivy config tfplan.json
 ```
 
 ## Misconfiguration
@@ -35,15 +35,15 @@ It also evaluates variables, imports, and other elements within Terraform files
 You can provide `tf-vars` files to Trivy to override default values specified in the Terraform HCL code.
 
 ```bash
-trivy conf --tf-vars dev.terraform.tfvars ./infrastructure/tf
+trivy config --tf-vars dev.terraform.tfvars ./infrastructure/tf
 ```
 
 ### Exclude Downloaded Terraform Modules
 By default, downloaded modules are also scanned.
 If you don't want to scan them, you can use the `--tf-exclude-downloaded-modules` flag.
 
 ```bash
-trivy conf --tf-exclude-downloaded-modules ./configs
+trivy config --tf-exclude-downloaded-modules ./configs
 ```
 
 ## Secret

@@ -7,7 +7,7 @@ This will output a large trace from Open Policy Agent like the following:
     Only failed checks show traces. If you want to debug a passed check, you need to make it fail on purpose.
 
 ```shell
-$ trivy conf --trace configs/
+$ trivy config --trace configs/
 2022-05-16T13:47:58.853+0100	INFO	Detected config files: 1
 
 Dockerfile (dockerfile)

@@ -5,7 +5,7 @@ You can write custom checks in [Rego][rego].
 Once you finish writing custom checks, you can pass the check files or the directory where those checks are stored with --config-check` option.
 
 ``` bash
-trivy conf --config-check /path/to/policy.rego --config-check /path/to/custom_checks --namespaces user /path/to/config_dir
+trivy config --config-check /path/to/policy.rego --config-check /path/to/custom_checks --namespaces user /path/to/config_dir
 ```
 
 As for `--namespaces` option, the detail is described as below.
@@ -93,7 +93,7 @@ By default, only `builtin.*` packages will be evaluated.
 If you define custom packages, you have to specify the package prefix via `--namespaces` option. By default, Trivy only runs in its own namespace, unless specified by the user. Note that the custom namespace does not have to be `user` as in this example. It could be anything user-defined.
 
 ``` bash
-trivy conf --config-check /path/to/custom_checks --namespaces user /path/to/config_dir
+trivy config --config-check /path/to/custom_checks --namespaces user /path/to/config_dir
 ```
 
 In this case, `user.*` will be evaluated.

@@ -101,7 +101,7 @@ For example, the following example holds IaC files for Terraform, CloudFormation
 ``` bash
 $ ls iac/
 Dockerfile  deployment.yaml  main.tf mysql-8.8.26.tar
-$ trivy conf --severity HIGH,CRITICAL ./iac
+$ trivy config --severity HIGH,CRITICAL ./iac
 ```
 
 <details>
@@ -334,13 +334,13 @@ You can load check files or directories including your custom checks using the `
 This can be repeated for specifying multiple files or directories.
 
 ```bash
-trivy conf --config-check custom-policy/policy --config-check combine/policy --config-check policy.rego --namespaces user myapp
+trivy config --config-check custom-policy/policy --config-check combine/policy --config-check policy.rego --namespaces user myapp
 ```
 
 You can load checks bundle as OCI Image from a Container Registry using the `--checks-bundle-repository` flag.
 
 ```bash
-trivy conf --checks-bundle-repository myregistry.local/mychecks --namespaces user myapp
+trivy config --checks-bundle-repository myregistry.local/mychecks --namespaces user myapp
 ```
 
 ### Passing custom data
@@ -349,7 +349,7 @@ This can be repeated for specifying multiple directories.
 
 ```bash
 cd examples/misconf/custom-data
-trivy conf --config-check ./policy --data ./data --namespaces user ./configs
+trivy config --config-check ./my-check --data ./data --namespaces user ./configs
 ```
 
 For more details, see [Custom Data](./custom/data.md).
@@ -360,7 +360,7 @@ If you want to evaluate custom checks in other packages, you have to specify pac
 This can be repeated for specifying multiple packages.
 
 ``` bash
-trivy conf --config-check ./policy --namespaces main --namespaces user ./configs
+trivy config --config-check ./my-check --namespaces main --namespaces user ./configs
 ```
 
 ### Private terraform registries

@@ -86,7 +86,7 @@ trivy config --severity CRITICAL, MEDIUM terraform-infra
 You can pass terraform values to Trivy to override default values found in the Terraform HCL code. More information are provided [in the documentation.](https://aquasecurity.github.io/trivy/latest/docs/coverage/iac/terraform/#value-overrides) 
 
 ``` 
-trivy conf --tf-vars terraform.tfvars ./
+trivy config --tf-vars terraform.tfvars ./
 ``` 
 ### Custom Checks