$ roxctl image [command] [flags]
Commands that you can run on a specific image.
$ roxctl image [command] [flags]
Command | Description |
---|---|
|
Check images for build time policy violations, and report them. |
|
Scan the specified image, and return the scan results. |
-t , --timeout duration |
Set the timeout for API requests representing the maximum duration of a request. The default value is 10m0s . |
---|
The roxctl image
command supports the following options inherited from the parent roxctl
command:
Option | Description |
---|---|
|
Specify a custom CA certificate file path for secure connections. Alternatively, you can specify the file path by using the |
|
Set |
|
Set the endpoint for the service to contact. Alternatively, you can set the endpoint by using the |
|
Force the use of HTTP/1 for all connections. Alternatively, by setting the |
|
enable insecure connection options. Alternatively, by setting the |
|
Skip the TLS certificate validation. Alternatively, by setting the |
|
Disable the color output. Alternatively, by setting the |
|
Specify the password for basic authentication. Alternatively, you can set the password by using the |
|
Use an unencrypted connection. Alternatively, by setting the |
|
Set the TLS server name to use for SNI. Alternatively, you can set the server name by using the |
|
Use the API token provided in the specified file for authentication. Alternatively, you can set the token by using the |
These options are applicable to all the sub-commands of the |
Scan the specified image, and return the scan results.
$ roxctl image scan [flags]
Option | Description |
---|---|
|
Specify the cluster name or ID to which you want to delegate the image scan. |
|
Print JSON output in a compact format. The default value is |
|
Fail if vulnerabilities have been found. The default value is |
|
Ignore Central’s cache and force a fresh re-pull from Scanner. The default value is |
|
Specify the headers to print in a tabular output. The default values include |
|
Print headers as comments in a CSV tabular output. The default value is |
|
Specify the image name and reference to scan. For example, |
|
Include snoozed and unsnoozed CVes in the scan results. The default value is |
|
Merge duplicate cells in a tabular output. The default value is |
|
Do not print headers for a tabular output. The default value is |
|
Specify the output format. Output formats include |
|
Specify the number of retries before exiting as an error. The default value is |
|
Set the time to wait between retries in seconds. The default value is |
|
Specify JSON path expressions to create a row from the JSON object. For more details, run the |
|
List of severities to include in the output. Use this to filter for specific severities. The default values include |
Check images for build time policy violations, and report them.
$ roxctl image check [flags]
Option | Description |
---|---|
|
List of the policy categories that you want to execute. By default, all the policy categories are used. |
|
Define the cluster name or ID that you want to use as the context for evaluation. |
|
Print JSON output in a compact format. The default value is |
|
Bypass the Central cache for the image and force a new pull from the Scanner. The default value is |
|
Define headers to print in a tabular output. The default values include |
|
Print headers as comments in a CSV tabular output. The default value is |
|
Specify the image name and reference. For example, |
|
Set the name of the JUnit test suite. Default value is |
|
Merge duplicate cells in a tabular output. The default value is |
|
Do not print headers for a tabular output. The default value is |
|
Choose the output format. Output formats include |
|
Set the number of retries before exiting as an error. The default value is |
|
Set the time to wait between retries in seconds. The default value is |
|
Create a row from the JSON object by using JSON path expression. For more details, run the |
|
Define whether you want to send notifications in the event of violations. The default value is |