trivy-ecr-scan

--lightdeprecated (default: false) [$TRIVY_LIGHT]

--formatformat (table, json, sarif, template) (default: table) [$TRIVY_FORMAT]

--timeouttimeout (default: 5m0s) [$TRIVY_TIMEOUT]

--insecureallow insecure server connections when using SSL (default: false) [$TRIVY_INSECURE]

--severityseverities of vulnerabilities to be displayed (comma separated) (default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) [$TRIVY_SEVERITY]

--exit-codeExit code when vulnerabilities were found (default: 0) [$TRIVY_EXIT_CODE]

--skip-dirsspecify the directories where the traversal is skipped [$TRIVY_SKIP_DIRS]

--vuln-typecomma-separated list of vulnerability types (os,library) (default: os,library) [$TRIVY_VULN_TYPE]

List of images line by line to be scanned

--skip-filesspecify the file paths to skip traversal [$TRIVY_SKIP_FILES]

--no-progresssuppress progress bar (default: false) [$TRIVY_NO_PROGRESS]

--removed-pkgsdetect vulnerabilities of removed packages (only for Alpine) (default: false) [$TRIVY_REMOVED_PKGS]

--ignore-policyspecify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]

--list-all-pkgsenabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]

--ignore-unfixeddisplay only fixed vulnerabilities (default: false) [$TRIVY_IGNORE_UNFIXED]

--skip-db-updateskip updating vulnerability database (default: false) [$TRIVY_SKIP_UPDATE, $TRIVY_SKIP_DB_UPDATE]

Credentials to be used to log into ECR. Format: 'AWS_ACCESS_KEY_ID:AWS_SECRET_ACCESS_KEY:AWS_DEFAULT_REGION' (colon-separated)

--security-checkscomma-separated list of what security issues to detect (vuln,config) (default: vuln) [$TRIVY_SECURITY_CHECKS]