You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|`-x`, `--exit-on`|`stringSlice`|| Comma separated list of conditions to fail the action step if worse or changed, options are: vulnerability, policy, package |
15
-
|`--format`|`string`|`text`| Output format of the generated vulnerability report:<br>- text: default output, plain text with or without colors depending on the terminal<br>- markdown: Markdown output<br> |
16
-
|`--hide-policies`||| Hide policy status from the output |
17
-
|`--ignore-base`||| Filter out CVEs introduced from base image |
18
-
|`--ignore-suppressed`||| Filter CVEs found in Scout exceptions based on the specified exception scope |
19
-
|`--ignore-unchanged`||| Filter out unchanged packages |
20
-
|`--multi-stage`||| Show packages from multi-stage Docker builds |
21
-
|`--only-fixed`||| Filter to fixable CVEs |
22
-
|`--only-package-type`|`stringSlice`|| Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
23
-
|`--only-policy`|`stringSlice`|| Comma separated list of policies to evaluate |
24
-
|`--only-severity`|`stringSlice`|| Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
25
-
|`--only-stage`|`stringSlice`|| Comma separated list of multi-stage Docker build stage names |
26
-
|`--only-unfixed`||| Filter to unfixed CVEs |
27
-
|`--only-vex-affected`||| Filter CVEs by VEX statements with status not affected |
28
-
|`--org`|`string`|| Namespace of the Docker organization |
29
-
|`-o`, `--output`|`string`|| Write the report to a file |
30
-
|`--platform`|`string`|| Platform of image to analyze |
31
-
|`--ref`|`string`|| Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive |
32
-
|`--to`|`string`|| Image, directory, or archive to compare to |
33
-
|`--to-env`|`string`|| Name of environment to compare to |
34
-
|`--to-latest`||| Latest image processed to compare to |
35
-
|`--to-ref`|`string`|| Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
36
-
|`--vex-author`|`stringSlice`|`[<.*@docker.com>]`| List of VEX statement authors to accept |
37
-
|`--vex-location`|`stringSlice`|| File location of directory or file containing VEX statements |
|`-x`, `--exit-on`|`stringSlice`|| Comma separated list of conditions to fail the action step if worse or changed, options are: vulnerability, policy, package |
15
+
|`--format`|`string`|`text`| Output format of the generated vulnerability report:<br>- text: default output, plain text with or without colors depending on the terminal<br>- markdown: Markdown output<br>- json: JSON output<br>|
16
+
|`--hide-policies`||| Hide policy status from the output |
17
+
|`--ignore-base`||| Filter out CVEs introduced from base image |
18
+
|`--ignore-suppressed`||| Filter CVEs found in Scout exceptions based on the specified exception scope |
19
+
|`--ignore-unchanged`||| Filter out unchanged packages |
20
+
|`--multi-stage`||| Show packages from multi-stage Docker builds |
21
+
|`--only-fixed`||| Filter to fixable CVEs |
22
+
|`--only-package-type`|`stringSlice`|| Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
23
+
|`--only-policy`|`stringSlice`|| Comma separated list of policies to evaluate |
24
+
|`--only-severity`|`stringSlice`|| Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
25
+
|`--only-stage`|`stringSlice`|| Comma separated list of multi-stage Docker build stage names |
26
+
|`--only-unfixed`||| Filter to unfixed CVEs |
27
+
|`--only-vex-affected`||| Filter CVEs by VEX statements with status not affected |
28
+
|`--org`|`string`|| Namespace of the Docker organization |
29
+
|`-o`, `--output`|`string`|| Write the report to a file |
30
+
|`--platform`|`string`|| Platform of image to analyze |
31
+
|`--ref`|`string`|| Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive |
32
+
|`--to`|`string`|| Image, directory, or archive to compare to |
33
+
|`--to-env`|`string`|| Name of environment to compare to |
34
+
|`--to-latest`||| Latest image processed to compare to |
35
+
|`--to-ref`|`string`|| Reference to use if the provided tarball contains multiple references.<br>Can only be used with archive. |
36
+
|`--vex-author`|`stringSlice`|`[<.*@docker.com>]`| List of VEX statement authors to accept |
37
+
|`--vex-location`|`stringSlice`|| File location of directory or file containing VEX statements |
0 commit comments