docs: update argument list #4443
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -107,7 +107,7 @@ You can also do `python -m cve_bin_tool.cli` | |
| which is useful if you're trying the latest code from | ||
| [the cve-bin-tool github](https://github.com/intel/cve-bin-tool). | ||
|
|
||
| options: | ||
| -h, --help show this help message and exit | ||
| -e EXCLUDE, --exclude EXCLUDE | ||
| Comma separated Exclude directory path | ||
|
|
@@ -117,20 +117,22 @@ which is useful if you're trying the latest code from | |
| --disable-validation-check | ||
| skips checking xml files against schema | ||
| --offline operate in offline mode | ||
| --detailed add CVE description in csv or json report (no effect on console, html or pdf) | ||
|
|
||
| CVE Data Download: | ||
| Arguments related to data sources and Cache Configuration | ||
|
|
||
| -n {api,api2,json,json-mirror,json-nvd}, --nvd {api,api2,json,json-mirror,json-nvd} | ||
|
There was a problem hiding this comment. @terriko I was wondering should we remove "api" its been time since we deprecated nvd api 1 There was a problem hiding this comment. I'm intending to keep it until we declare 4.0. Right now it's barely any work to just leave it there so I wasn't going to worry about it until we start looking at stuff like re-architecting for no-scan mode. |
||
| choose method for getting CVE lists from NVD | ||
| -u {now,daily,never,latest}, --update {now,daily,never,latest} | ||
| update schedule for data sources and exploits database (default: daily) | ||
| --nvd-api-key NVD_API_KEY | ||
| Specify NVD API key (used to improve NVD rate limit). | ||
| Set to `no` to ignore any keys in the environment. | ||
| -d DISABLE_DATA_SOURCE, --disable-data-source DISABLE_DATA_SOURCE | ||
| comma-separated list of data sources (CURL, EPSS, GAD, NVD, OSV, PURL2CPE, REDHAT, RSD) to disable (default: NONE) | ||
| --use-mirror USE_MIRROR | ||
| use an mirror to update the database | ||
|
|
||
| Input: | ||
| directory directory to scan | ||
|
|
@@ -144,6 +146,7 @@ which is useful if you're trying the latest code from | |
| specify type of software bill of materials (sbom) (default: spdx) | ||
| --sbom-file SBOM_FILE | ||
| provide sbom filename | ||
| --vex-file VEX_FILE provide vulnerability exchange (vex) filename for triage processing | ||
AryanBakliwal marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| Output: | ||
| -q, --quiet suppress output | ||
|
|
@@ -157,29 +160,42 @@ which is useful if you're trying the latest code from | |
| update output format (default: console) | ||
| specify multiple output formats by using comma (',') as a separator | ||
| note: don't use spaces between comma (',') and the output formats. | ||
| --generate-config {yaml,toml,yaml,toml,toml,yaml} | ||
| generate config file for cve bin tool in toml and yaml formats. | ||
| -c CVSS, --cvss CVSS minimum CVSS score (as integer in range 0 to 10) to report (default: 0) | ||
| -S {low,medium,high,critical}, --severity {low,medium,high,critical} | ||
| minimum CVE severity to report (default: low) | ||
| --metrics check for metrics (e.g., EPSS) from found cves | ||
| --epss-percentile EPSS_PERCENTILE | ||
| minimum epss percentile of CVE range between 0 to 100 to report. Automatically enables `--metrics` | ||
| --epss-probability EPSS_PROBABILITY | ||
| minimum epss probability of CVE range between 0 to 100 to report. Automatically enables `--metrics` | ||
| --no-0-cve-report only produce report when CVEs are found | ||
| -A [<distro_name>-<distro_version_name>], --available-fix [<distro_name>-<distro_version_name>] | ||
| Lists available fixes of the package from Linux distribution | ||
| -b [<distro_name>-<distro_version_name>], --backport-fix [<distro_name>-<distro_version_name>] | ||
| Lists backported fixes if available from Linux distribution | ||
| --affected-versions Lists versions of product affected by a given CVE (to facilitate upgrades) | ||
| --sbom-output SBOM_OUTPUT | ||
| Provide software bill of materials (sbom) filename to generate | ||
| --sbom-type {spdx,cyclonedx} | ||
| specify type of software bill of materials (sbom) to generate (default: spdx) | ||
| --sbom-format {tag,json,yaml} | ||
| specify format of software bill of materials (sbom) to generate (default: tag) | ||
|
|
||
| Vex Output: | ||
| Arguments related to Vex output document. | ||
|
|
||
| --vex-output VEX_OUTPUT | ||
| Provide vulnerability exchange (vex) filename to generate | ||
| --vex-type {cyclonedx,csaf,openvex} | ||
| specify type of vulnerability exchange (vex) to generate (default: cyclonedx) | ||
| --product PRODUCT Product Name | ||
| --release RELEASE Release Version | ||
| --vendor VENDOR Vendor/Supplier of Product | ||
| -rr REVISION_REASON, --revision-reason REVISION_REASON | ||
| a reason for the update to the vex document should be specified in double quotes | ||
| --filter-triage Filter cves based on triage data from Vex file | ||
|
|
||
| Merge Report: | ||
| Arguments related to Intermediate and Merged Reports | ||
|
|
@@ -198,17 +214,30 @@ which is useful if you're trying the latest code from | |
| -r RUNS, --runs RUNS comma-separated list of checkers to enable | ||
|
|
||
| Database Management: | ||
| --import-json IMPORT_JSON | ||
| import database from json files chopped by years | ||
| --ignore-sig do not verify PGP signature while importing json data | ||
| --log-signature-error | ||
| when the signature doesn't match log the error only instead of halting (UNSAFE) | ||
| --verify PGP_PUBKEY_PATH | ||
| verify PGP sign while importing json files | ||
| --export-json EXPORT_JSON | ||
| export database as json files chopped by years | ||
| --pgp-sign PGP_PRIVATE_KEY_PATH | ||
| sign exported json files with PGP | ||
| --passphrase PASSPHRASE | ||
| required passphrase for signing with PGP | ||
| --export EXPORT export database filename | ||
| --import IMPORT import database filename | ||
|
|
||
| Exploits: | ||
| --exploits check for exploits from found cves | ||
|
|
||
| Deprecated: | ||
| --triage-input-file TRIAGE_INPUT_FILE | ||
| replaced by --vex-file | ||
| -x, --extract autoextract compressed files | ||
| --report Produces a report even if there are no CVE for the respective output format | ||
|
|
||
| <!--CHECKERS TABLE BEGIN--> | ||
| | | | | Available checkers | | | | | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.