aquasecurity · knqyf263 · Oct 15, 2024 · Oct 14, 2024
@@ -14,7 +14,7 @@ Trivy_container_scanning:
     - apk add --no-cache curl docker-cli
     - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${TRIVY_VERSION}
     - curl -sSL -o /tmp/trivy-gitlab.tpl https://github.com/aquasecurity/trivy/raw/${TRIVY_VERSION}/contrib/gitlab.tpl
-    - trivy auth login --username "$CI_REGISTRY_USER" --password "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+    - trivy registry login --username "$CI_REGISTRY_USER" --password "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
   script:
     - trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@/tmp/trivy-gitlab.tpl" -o gl-container-scanning-report.json $IMAGE
   cache:

@@ -2,11 +2,11 @@ Trivy can download images from a private registry without the need for installin
 This makes it easy to run within a CI process.
 
 ## Login
-You can log in to a private registry using the `trivy auth login` command.
+You can log in to a private registry using the `trivy registry login` command.
 It uses the Docker configuration file (`~/.docker/config.json`) to store the credentials under the hood, and the configuration file path can be configured by `DOCKER_CONFIG` environment variable.
 
 ```shell
-$ cat ~/my_password.txt | trivy auth login --username foo --password-stdin ghcr.io
+$ cat ~/my_password.txt | trivy registry login --username foo --password-stdin ghcr.io
 $ trivy image ghcr.io/your/private_image
 ```
 
@@ -23,7 +23,7 @@ $ TRIVY_USERNAME=YOUR_USERNAME TRIVY_PASSWORD=YOUR_PASSWORD trivy image YOUR_PRI
     To mitigate this risk:
 
     1. Set credentials cautiously and only when necessary.
-    2. Prefer using `trivy auth config` to pre-configure credentials with specific registries, which ensures credentials are only sent to appropriate registries.
+    2. Prefer using `trivy registry login` to pre-configure credentials with specific registries, which ensures credentials are only sent to appropriate registries.
 
 Trivy also supports providing credentials through CLI flags:
 

@@ -43,7 +43,6 @@ trivy [global flags] command [flags] target
 
 ### SEE ALSO
 
-* [trivy auth](trivy_auth.md)	 - Authentication
 * [trivy clean](trivy_clean.md)	 - Remove cached files
 * [trivy config](trivy_config.md)	 - Scan config files for misconfigurations
 * [trivy convert](trivy_convert.md)	 - Convert Trivy JSON report into a different format
@@ -52,6 +51,7 @@ trivy [global flags] command [flags] target
 * [trivy kubernetes](trivy_kubernetes.md)	 - [EXPERIMENTAL] Scan kubernetes cluster
 * [trivy module](trivy_module.md)	 - Manage modules
 * [trivy plugin](trivy_plugin.md)	 - Manage plugins
+* [trivy registry](trivy_registry.md)	 - Manage registry authentication
 * [trivy repository](trivy_repository.md)	 - Scan a repository
 * [trivy rootfs](trivy_rootfs.md)	 - Scan rootfs
 * [trivy sbom](trivy_sbom.md)	 - Scan SBOM for vulnerabilities and licenses

@@ -1,11 +1,11 @@
-## trivy auth
+## trivy registry
 
-Authentication
+Manage registry authentication
 
 ### Options
 
 ```
-  -h, --help   help for auth
+  -h, --help   help for registry
 ```
 
 ### Options inherited from parent commands
@@ -24,6 +24,6 @@ Authentication
 ### SEE ALSO
 
 * [trivy](trivy.md)	 - Unified security scanner
-* [trivy auth login](trivy_auth_login.md)	 - Log in to a registry
-* [trivy auth logout](trivy_auth_logout.md)	 - Log out of a registry
+* [trivy registry login](trivy_registry_login.md)	 - Log in to a registry
+* [trivy registry logout](trivy_registry_logout.md)	 - Log out of a registry
 
@@ -1,16 +1,16 @@
-## trivy auth login
+## trivy registry login
 
 Log in to a registry
 
 ```
-trivy auth login SERVER [flags]
+trivy registry login SERVER [flags]
 ```
 
 ### Examples
 
 ```
   # Log in to reg.example.com
-  cat ~/my_password.txt | trivy auth login --username foo --password-stdin reg.example.com
+  cat ~/my_password.txt | trivy registry login --username foo --password-stdin reg.example.com
 ```
 
 ### Options
@@ -37,5 +37,5 @@ trivy auth login SERVER [flags]
 
 ### SEE ALSO
 
-* [trivy auth](trivy_auth.md)	 - Authentication
+* [trivy registry](trivy_registry.md)	 - Manage registry authentication
 
@@ -1,16 +1,16 @@
-## trivy auth logout
+## trivy registry logout
 
 Log out of a registry
 
 ```
-trivy auth logout SERVER [flags]
+trivy registry logout SERVER [flags]
 ```
 
 ### Examples
 
 ```
   # Log out of reg.example.com
-  trivy auth logout reg.example.com
+  trivy registry logout reg.example.com
 ```
 
 ### Options
@@ -34,5 +34,5 @@ trivy auth logout SERVER [flags]
 
 ### SEE ALSO
 
-* [trivy auth](trivy_auth.md)	 - Authentication
+* [trivy registry](trivy_registry.md)	 - Manage registry authentication
 
@@ -297,7 +297,7 @@ Trivy supports registries that comply with the following specifications.
 - [Docker Registry HTTP API V2](https://docs.docker.com/registry/spec/api/)
 - [OCI Distribution Specification](https://github.com/opencontainers/distribution-spec)
 
-You can configure credentials with `trivy auth login`.
+You can configure credentials with `trivy registry login`.
 See [here](../advanced/private-registries/index.md) for the detail.
 
 ### Tar Files

@@ -184,7 +184,7 @@ func TestRegistry(t *testing.T) {
 			golden: "testdata/alpine-310.json.golden",
 		},
 		{
-			name:      "authenticate with 'trivy auth login'",
+			name:      "authenticate with 'trivy registry login'",
 			imageName: "alpine:3.10",
 			imageFile: "testdata/fixtures/images/alpine-310.tar.gz",
 			os:        "alpine 3.10.2",
@@ -295,7 +295,7 @@ func setupEnv(t *testing.T, imageRef name.Reference, baseDir string, opt registr
 		case opt.AuthLogin:
 			t.Setenv("DOCKER_CONFIG", t.TempDir())
 			err := execute([]string{
-				"auth",
+				"registry",
 				"login",
 				"--username",
 				opt.Username,

@@ -158,10 +158,6 @@ nav:
           - Configuration:
               - CLI:
                   - Overview: docs/references/configuration/cli/trivy.md
-                  - Auth:
-                      - Auth: docs/references/configuration/cli/trivy_auth.md
-                      - Auth Login: docs/references/configuration/cli/trivy_auth_login.md
-                      - Auth Logout: docs/references/configuration/cli/trivy_auth_logout.md
                   - Clean: docs/references/configuration/cli/trivy_clean.md
                   - Config: docs/references/configuration/cli/trivy_config.md
                   - Convert: docs/references/configuration/cli/trivy_convert.md
@@ -182,6 +178,10 @@ nav:
                       - Plugin Update: docs/references/configuration/cli/trivy_plugin_update.md
                       - Plugin Upgrade: docs/references/configuration/cli/trivy_plugin_upgrade.md
                       - Plugin Search: docs/references/configuration/cli/trivy_plugin_search.md
+                  - Registry:
+                        - Registry: docs/references/configuration/cli/trivy_registry.md
+                        - Registry Login: docs/references/configuration/cli/trivy_registry_login.md
+                        - Registry Logout: docs/references/configuration/cli/trivy_registry_logout.md
                   - Repository: docs/references/configuration/cli/trivy_repository.md
                   - Rootfs: docs/references/configuration/cli/trivy_rootfs.md
                   - SBOM: docs/references/configuration/cli/trivy_sbom.md

@@ -100,7 +100,7 @@ func NewApp() *cobra.Command {
 		NewVersionCommand(globalFlags),
 		NewVMCommand(globalFlags),
 		NewCleanCommand(globalFlags),
-		NewAuthCommand(globalFlags),
+		NewRegistryCommand(globalFlags),
 		NewVEXCommand(globalFlags),
 	)
 
@@ -1235,11 +1235,11 @@ func NewCleanCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
 	return cmd
 }
 
-func NewAuthCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
+func NewRegistryCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
 	cmd := &cobra.Command{
-		Use:           "auth [flags]",
+		Use:           "registry [flags]",
 		GroupID:       groupUtility,
-		Short:         "Authentication",
+		Short:         "Manage registry authentication",
 		SilenceErrors: true,
 		SilenceUsage:  true,
 	}
@@ -1255,7 +1255,7 @@ func NewAuthCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
 		SilenceErrors: true,
 		SilenceUsage:  true,
 		Example: `  # Log in to reg.example.com
-  cat ~/my_password.txt | trivy auth login --username foo --password-stdin reg.example.com`,
+  cat ~/my_password.txt | trivy registry login --username foo --password-stdin reg.example.com`,
 		Args: cobra.ExactArgs(1),
 		PreRunE: func(cmd *cobra.Command, args []string) error {
 			if err := loginFlags.Bind(cmd); err != nil {
@@ -1277,7 +1277,7 @@ func NewAuthCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
 		SilenceErrors: true,
 		SilenceUsage:  true,
 		Example: `  # Log out of reg.example.com
-  trivy auth logout reg.example.com`,
+  trivy registry logout reg.example.com`,
 		Args: cobra.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return auth.Logout(cmd.Context(), args[0])