diff --git a/docs/docs/configuration/filtering.md b/docs/docs/configuration/filtering.md index abe8e84ff7e3..030813bd1bce 100644 --- a/docs/docs/configuration/filtering.md +++ b/docs/docs/configuration/filtering.md @@ -101,7 +101,7 @@ Total: 1785 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1680, CRITICAL: 105) ```bash -trivy conf --severity HIGH,CRITICAL examples/misconf/mixed +trivy config --severity HIGH,CRITICAL examples/misconf/mixed ```
diff --git a/docs/docs/coverage/iac/cloudformation.md b/docs/docs/coverage/iac/cloudformation.md index 5665e1e77acd..7faea9769d7d 100644 --- a/docs/docs/coverage/iac/cloudformation.md +++ b/docs/docs/coverage/iac/cloudformation.md @@ -21,7 +21,7 @@ It evaluates properties, functions, and other elements within CloudFormation fil You can provide `cf-params` with path to [CloudFormation Parameters] file to Trivy to scan your CloudFormation code with parameters. ```bash -trivy conf --cf-params params.json ./infrastructure/cf +trivy config --cf-params params.json ./infrastructure/cf ``` You can check a [CloudFormation Parameters Example] diff --git a/docs/docs/coverage/iac/helm.md b/docs/docs/coverage/iac/helm.md index 8d0352fc42f1..0c213e1fd901 100644 --- a/docs/docs/coverage/iac/helm.md +++ b/docs/docs/coverage/iac/helm.md @@ -21,7 +21,7 @@ When override values are passed to the Helm scanner, the values will be used dur Overrides can be set inline on the command line ```bash -trivy conf --helm-set securityContext.runAsUser=0 ./charts/mySql +trivy config --helm-set securityContext.runAsUser=0 ./charts/mySql ``` #### Setting value file overrides @@ -35,7 +35,7 @@ securityContext: ``` ```bash -trivy conf --helm-values overrides.yaml ./charts/mySql +trivy config --helm-values overrides.yaml ./charts/mySql ``` #### Setting value as explicit string @@ -49,7 +49,7 @@ trivy config --helm-set-string name=false ./infrastructure/tf Specific override values can come from specific files ```bash -trivy conf --helm-set-file environment=dev.values.yaml ./charts/mySql +trivy config --helm-set-file environment=dev.values.yaml ./charts/mySql ``` ## Secret diff --git a/docs/docs/coverage/iac/terraform.md b/docs/docs/coverage/iac/terraform.md index e190c901cf05..55f1936cb040 100644 --- a/docs/docs/coverage/iac/terraform.md +++ b/docs/docs/coverage/iac/terraform.md @@ -18,13 +18,13 @@ It supports the following formats: Trivy can scan Terraform Plan files (snapshots) or their JSON representations. To create a Terraform Plan and scan it, run the following command: ```bash terraform plan --out tfplan -trivy conf tfplan +trivy config tfplan ``` To scan a Terraform Plan representation in JSON format, run the following command: ```bash terraform show -json tfplan > tfplan.json -trivy conf tfplan.json +trivy config tfplan.json ``` ## Misconfiguration @@ -35,7 +35,7 @@ It also evaluates variables, imports, and other elements within Terraform files You can provide `tf-vars` files to Trivy to override default values specified in the Terraform HCL code. ```bash -trivy conf --tf-vars dev.terraform.tfvars ./infrastructure/tf +trivy config --tf-vars dev.terraform.tfvars ./infrastructure/tf ``` ### Exclude Downloaded Terraform Modules @@ -43,7 +43,7 @@ By default, downloaded modules are also scanned. If you don't want to scan them, you can use the `--tf-exclude-downloaded-modules` flag. ```bash -trivy conf --tf-exclude-downloaded-modules ./configs +trivy config --tf-exclude-downloaded-modules ./configs ``` ## Secret diff --git a/docs/docs/scanner/misconfiguration/custom/debug.md b/docs/docs/scanner/misconfiguration/custom/debug.md index 751e43633efc..54ec9fd65273 100644 --- a/docs/docs/scanner/misconfiguration/custom/debug.md +++ b/docs/docs/scanner/misconfiguration/custom/debug.md @@ -7,7 +7,7 @@ This will output a large trace from Open Policy Agent like the following: Only failed checks show traces. If you want to debug a passed check, you need to make it fail on purpose. ```shell -$ trivy conf --trace configs/ +$ trivy config --trace configs/ 2022-05-16T13:47:58.853+0100 INFO Detected config files: 1 Dockerfile (dockerfile) diff --git a/docs/docs/scanner/misconfiguration/custom/index.md b/docs/docs/scanner/misconfiguration/custom/index.md index 7f471d873e8b..9598089b8562 100644 --- a/docs/docs/scanner/misconfiguration/custom/index.md +++ b/docs/docs/scanner/misconfiguration/custom/index.md @@ -5,7 +5,7 @@ You can write custom checks in [Rego][rego]. Once you finish writing custom checks, you can pass the check files or the directory where those checks are stored with --config-check` option. ``` bash -trivy conf --config-check /path/to/policy.rego --config-check /path/to/custom_checks --namespaces user /path/to/config_dir +trivy config --config-check /path/to/policy.rego --config-check /path/to/custom_checks --namespaces user /path/to/config_dir ``` As for `--namespaces` option, the detail is described as below. @@ -93,7 +93,7 @@ By default, only `builtin.*` packages will be evaluated. If you define custom packages, you have to specify the package prefix via `--namespaces` option. By default, Trivy only runs in its own namespace, unless specified by the user. Note that the custom namespace does not have to be `user` as in this example. It could be anything user-defined. ``` bash -trivy conf --config-check /path/to/custom_checks --namespaces user /path/to/config_dir +trivy config --config-check /path/to/custom_checks --namespaces user /path/to/config_dir ``` In this case, `user.*` will be evaluated. diff --git a/docs/docs/scanner/misconfiguration/index.md b/docs/docs/scanner/misconfiguration/index.md index 0726e7312417..eae768456029 100644 --- a/docs/docs/scanner/misconfiguration/index.md +++ b/docs/docs/scanner/misconfiguration/index.md @@ -101,7 +101,7 @@ For example, the following example holds IaC files for Terraform, CloudFormation ``` bash $ ls iac/ Dockerfile deployment.yaml main.tf mysql-8.8.26.tar -$ trivy conf --severity HIGH,CRITICAL ./iac +$ trivy config --severity HIGH,CRITICAL ./iac ```
@@ -334,13 +334,13 @@ You can load check files or directories including your custom checks using the ` This can be repeated for specifying multiple files or directories. ```bash -trivy conf --config-check custom-policy/policy --config-check combine/policy --config-check policy.rego --namespaces user myapp +trivy config --config-check custom-policy/policy --config-check combine/policy --config-check policy.rego --namespaces user myapp ``` You can load checks bundle as OCI Image from a Container Registry using the `--checks-bundle-repository` flag. ```bash -trivy conf --checks-bundle-repository myregistry.local/mychecks --namespaces user myapp +trivy config --checks-bundle-repository myregistry.local/mychecks --namespaces user myapp ``` ### Passing custom data @@ -349,7 +349,7 @@ This can be repeated for specifying multiple directories. ```bash cd examples/misconf/custom-data -trivy conf --config-check ./policy --data ./data --namespaces user ./configs +trivy config --config-check ./my-check --data ./data --namespaces user ./configs ``` For more details, see [Custom Data](./custom/data.md). @@ -360,7 +360,7 @@ If you want to evaluate custom checks in other packages, you have to specify pac This can be repeated for specifying multiple packages. ``` bash -trivy conf --config-check ./policy --namespaces main --namespaces user ./configs +trivy config --config-check ./my-check --namespaces main --namespaces user ./configs ``` ### Private terraform registries diff --git a/docs/tutorials/misconfiguration/terraform.md b/docs/tutorials/misconfiguration/terraform.md index 24b8eebfa69a..c51f2edfe181 100644 --- a/docs/tutorials/misconfiguration/terraform.md +++ b/docs/tutorials/misconfiguration/terraform.md @@ -86,7 +86,7 @@ trivy config --severity CRITICAL, MEDIUM terraform-infra You can pass terraform values to Trivy to override default values found in the Terraform HCL code. More information are provided [in the documentation.](https://aquasecurity.github.io/trivy/latest/docs/coverage/iac/terraform/#value-overrides) ``` -trivy conf --tf-vars terraform.tfvars ./ +trivy config --tf-vars terraform.tfvars ./ ``` ### Custom Checks