Skip to content

Commit

Permalink
chore(cli): disable java-db flags in server mode (#5263)
Browse files Browse the repository at this point in the history
* disable java-db flag for server mode

* update docs
  • Loading branch information
DmitriyLewen authored Sep 28, 2023
1 parent 908a491 commit 0ccbb4f
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 24 deletions.
3 changes: 3 additions & 0 deletions docs/docs/configuration/db.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,9 @@ Downloading the Java index DB from an external OCI registry can be done by using
$ trivy image --java-db-repository registry.gitlab.com/gitlab-org/security-products/dependencies/trivy-java-db --download-java-db-only
```

!!! Note
In [Client/Server](../references/modes/client-server.md) mode, `Java index DB` is currently only used on the `client` side.

## Remove DBs
The `--reset` flag removes all caches and databases.

Expand Down
45 changes: 21 additions & 24 deletions docs/docs/references/configuration/cli/trivy_server.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,30 +20,27 @@ trivy server [flags]
### Options

```
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
--download-db-only download/update vulnerability database but don't run a scan
--download-java-db-only download/update Java index database but don't run a scan
--enable-modules strings [EXPERIMENTAL] module names to enable
-h, --help help for server
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--listen string listen address in server mode (default "localhost:4954")
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--reset remove all caches and database
--skip-db-update skip updating vulnerability database
--skip-java-db-update skip updating Java index database
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--username strings username. Comma-separated usernames allowed.
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
--download-db-only download/update vulnerability database but don't run a scan
--enable-modules strings [EXPERIMENTAL] module names to enable
-h, --help help for server
--listen string listen address in server mode (default "localhost:4954")
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--reset remove all caches and database
--skip-db-update skip updating vulnerability database
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--username strings username. Comma-separated usernames allowed.
```

### Options inherited from parent commands
Expand Down
5 changes: 5 additions & 0 deletions pkg/commands/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -582,6 +582,11 @@ func NewServerCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
RegistryFlagGroup: flag.NewRegistryFlagGroup(),
}

// java-db only works on client side.
serverFlags.DBFlagGroup.DownloadJavaDBOnly = nil // disable '--download-java-db-only'
serverFlags.DBFlagGroup.SkipJavaDBUpdate = nil // disable '--skip-java-db-update'
serverFlags.DBFlagGroup.JavaDBRepository = nil // disable '--java-db-repository'

cmd := &cobra.Command{
Use: "server [flags]",
Aliases: []string{"s"},
Expand Down

0 comments on commit 0ccbb4f

Please sign in to comment.