refactor: add allowed values for CLI flags (aquasecurity#4800)

* refactor: rename Value to Default

* refactor: support allowed values for CLI flags

* docs: auto-generate

* test: fix

* test: add tests for flags

docs/docs/references/configuration/cli/trivy_aws.md

@@ -67,13 +67,13 @@ trivy aws [flags]
 ```
       --account string                  The AWS account to scan. It's useful to specify this when reviewing cached results for multiple accounts.
       --arn string                      The AWS ARN to show results for. Useful to filter results once a scan is cached.
-      --compliance string               compliance report to generate (aws-cis-1.2, aws-cis-1.4)
+      --compliance string               compliance report to generate (aws-cis-1.2,aws-cis-1.4)
       --config-data strings             specify paths from which data for the Rego policies will be recursively loaded
       --config-policy strings           specify the paths to the Rego policy files or to the directories containing them, applying config files
       --dependency-tree                 [EXPERIMENTAL] show dependency origin tree of vulnerable packages
       --endpoint string                 AWS Endpoint override
       --exit-code int                   specify exit code when any security issues are found
-  -f, --format string                   format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
+  -f, --format string                   format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
       --helm-set strings                specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
       --helm-set-file strings           specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
       --helm-set-string strings         specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
@@ -87,10 +87,10 @@ trivy aws [flags]
   -o, --output string                   output file name
       --policy-namespaces strings       Rego namespaces
       --region string                   AWS Region to scan
-      --report string                   specify a report format for the output. (all,summary) (default "all")
+      --report string                   specify a report format for the output (all,summary) (default "all")
       --reset-policy-bundle             remove policy bundle
       --service strings                 Only scan AWS Service(s) specified with this flag. Can specify multiple services using --service A --service B etc.
-  -s, --severity string                 severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
+  -s, --severity strings                severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
       --skip-policy-update              skip fetching rego policy updates
       --skip-service strings            Skip selected AWS Service(s) specified with this flag. Can specify multiple services using --skip-service A --skip-service B etc.
   -t, --template string                 output template

docs/docs/references/configuration/cli/trivy_config.md

@@ -18,7 +18,7 @@ trivy config [flags] DIR
       --enable-modules strings          [EXPERIMENTAL] module names to enable
       --exit-code int                   specify exit code when any security issues are found
       --file-patterns strings           specify config file patterns
-  -f, --format string                   format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
+  -f, --format string                   format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
       --helm-set strings                specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
       --helm-set-file strings           specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
       --helm-set-string strings         specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
@@ -36,9 +36,9 @@ trivy config [flags] DIR
       --redis-key string                redis key file location, if using redis as cache backend
       --redis-tls                       enable redis TLS with public certificates, if using redis as cache backend
       --registry-token string           registry token
-      --report string                   specify a compliance report format for the output. (all,summary) (default "all")
+      --report string                   specify a compliance report format for the output (all,summary) (default "all")
       --reset-policy-bundle             remove policy bundle
-  -s, --severity string                 severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
+  -s, --severity strings                severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
       --skip-dirs strings               specify the directories where the traversal is skipped
       --skip-files strings              specify the file paths to skip traversal
       --skip-policy-update              skip fetching rego policy updates

docs/docs/references/configuration/cli/trivy_convert.md

@@ -22,14 +22,14 @@ trivy convert [flags] RESULT_JSON
       --dependency-tree        [EXPERIMENTAL] show dependency origin tree of vulnerable packages
       --exit-code int          specify exit code when any security issues are found
       --exit-on-eol int        exit with the specified code when the OS reaches end of service/life
-  -f, --format string          format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
+  -f, --format string          format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
   -h, --help                   help for convert
       --ignore-policy string   specify the Rego file path to evaluate each vulnerability
       --ignorefile string      specify .trivyignore file (default ".trivyignore")
       --list-all-pkgs          enabling the option will output all packages regardless of vulnerability
   -o, --output string          output file name
-      --report string          specify a report format for the output. (all,summary) (default "all")
-  -s, --severity string        severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
+      --report string          specify a report format for the output (all,summary) (default "all")
+  -s, --severity strings       severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
   -t, --template string        output template
 ```
 

docs/docs/references/configuration/cli/trivy_filesystem.md

@@ -33,7 +33,7 @@ trivy filesystem [flags] PATH
       --enable-modules strings           [EXPERIMENTAL] module names to enable
       --exit-code int                    specify exit code when any security issues are found
       --file-patterns strings            specify config file patterns
-  -f, --format string                    format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
+  -f, --format string                    format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
       --helm-set strings                 specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
       --helm-set-file strings            specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
       --helm-set-string strings          specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
@@ -61,14 +61,14 @@ trivy filesystem [flags] PATH
       --redis-tls                        enable redis TLS with public certificates, if using redis as cache backend
       --registry-token string            registry token
       --rekor-url string                 [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
-      --report string                    specify a compliance report format for the output. (all,summary) (default "all")
+      --report string                    specify a compliance report format for the output (all,summary) (default "all")
       --reset                            remove all caches and database
       --reset-policy-bundle              remove policy bundle
       --sbom-sources strings             [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
       --scanners strings                 comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
       --secret-config string             specify a path to config file for secret scanning (default "trivy-secret.yaml")
       --server string                    server address in client mode
-  -s, --severity string                  severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
+  -s, --severity strings                 severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
       --skip-db-update                   skip updating vulnerability database
       --skip-dirs strings                specify the directories where the traversal is skipped
       --skip-files strings               specify the file paths to skip traversal

docs/docs/references/configuration/cli/trivy_image.md

@@ -50,7 +50,7 @@ trivy image [flags] IMAGE_NAME
       --exit-code int                    specify exit code when any security issues are found
       --exit-on-eol int                  exit with the specified code when the OS reaches end of service/life
       --file-patterns strings            specify config file patterns
-  -f, --format string                    format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
+  -f, --format string                    format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
       --helm-set strings                 specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
       --helm-set-file strings            specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
       --helm-set-string strings          specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
@@ -60,7 +60,7 @@ trivy image [flags] IMAGE_NAME
       --ignore-unfixed                   display only fixed vulnerabilities
       --ignored-licenses strings         specify a list of license to ignore
       --ignorefile string                specify .trivyignore file (default ".trivyignore")
-      --image-config-scanners string     comma-separated list of what security issues to detect on container image configurations (config,secret)
+      --image-config-scanners strings    comma-separated list of what security issues to detect on container image configurations (config,secret)
       --image-src strings                image source(s) to use, in priority order (docker,containerd,podman,remote) (default [docker,containerd,podman,remote])
       --include-non-failures             include successes and exceptions, available with '--scanners config'
       --input string                     input file path instead of image name
@@ -82,14 +82,14 @@ trivy image [flags] IMAGE_NAME
       --registry-token string            registry token
       --rekor-url string                 [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
       --removed-pkgs                     detect vulnerabilities of removed packages (only for Alpine)
-      --report string                    specify a format for the compliance report. (default "summary")
+      --report string                    specify a format for the compliance report. (all,summary) (default "summary")
       --reset                            remove all caches and database
       --reset-policy-bundle              remove policy bundle
       --sbom-sources strings             [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
       --scanners strings                 comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
       --secret-config string             specify a path to config file for secret scanning (default "trivy-secret.yaml")
       --server string                    server address in client mode
-  -s, --severity string                  severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
+  -s, --severity strings                 severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
       --skip-db-update                   skip updating vulnerability database
       --skip-dirs strings                specify the directories where the traversal is skipped
       --skip-files strings               specify the file paths to skip traversal

docs/docs/references/configuration/cli/trivy_kubernetes.md

@@ -31,8 +31,8 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
       --cache-backend string              cache backend (e.g. redis://localhost:6379) (default "fs")
       --cache-ttl duration                cache TTL when using redis as cache backend
       --clear-cache                       clear image caches without scanning
-      --compliance string                 compliance report to generate (k8s-nsa,k8s-cis, k8s-pss-baseline, k8s-pss-restricted)
-      --components strings                specify which components to scan (default [workload,infra])
+      --compliance string                 compliance report to generate (k8s-nsa,k8s-cis,k8s-pss-baseline,k8s-pss-restricted)
+      --components strings                specify which components to scan (workload,infra) (default [workload,infra])
       --config-data strings               specify paths from which data for the Rego policies will be recursively loaded
       --config-policy strings             specify the paths to the Rego policy files or to the directories containing them, applying config files
       --context string                    specify a context to scan
@@ -43,7 +43,7 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
       --exclude-nodes strings             indicate the node labels that the node-collector job should exclude from scanning (example: kubernetes.io/arch:arm64,team:dev)
       --exit-code int                     specify exit code when any security issues are found
       --file-patterns strings             specify config file patterns
-  -f, --format string                     format (table, json, cyclonedx) (default "table")
+  -f, --format string                     format (table,json,cyclonedx) (default "table")
       --helm-set strings                  specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
       --helm-set-file strings             specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
       --helm-set-string strings           specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
@@ -72,13 +72,13 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
       --redis-tls                         enable redis TLS with public certificates, if using redis as cache backend
       --registry-token string             registry token
       --rekor-url string                  [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
-      --report string                     specify a report format for the output. (all,summary) (default "all")
+      --report string                     specify a report format for the output (all,summary) (default "all")
       --reset                             remove all caches and database
       --reset-policy-bundle               remove policy bundle
       --sbom-sources strings              [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
       --scanners string                   comma-separated list of what security issues to detect (vuln,config,secret,license) (default "vuln,config,secret,rbac")
       --secret-config string              specify a path to config file for secret scanning (default "trivy-secret.yaml")
-  -s, --severity string                   severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
+  -s, --severity strings                  severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
       --skip-db-update                    skip updating vulnerability database
       --skip-dirs strings                 specify the directories where the traversal is skipped
       --skip-files strings                specify the file paths to skip traversal

docs/docs/references/configuration/cli/trivy_repository.md

@@ -31,7 +31,7 @@ trivy repository [flags] REPO_URL
       --enable-modules strings           [EXPERIMENTAL] module names to enable
       --exit-code int                    specify exit code when any security issues are found
       --file-patterns strings            specify config file patterns
-  -f, --format string                    format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
+  -f, --format string                    format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
       --helm-set strings                 specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
       --helm-set-file strings            specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
       --helm-set-string strings          specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
@@ -64,7 +64,7 @@ trivy repository [flags] REPO_URL
       --scanners strings                 comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
       --secret-config string             specify a path to config file for secret scanning (default "trivy-secret.yaml")
       --server string                    server address in client mode
-  -s, --severity string                  severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
+  -s, --severity strings                 severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
       --skip-db-update                   skip updating vulnerability database
       --skip-dirs strings                specify the directories where the traversal is skipped
       --skip-files strings               specify the file paths to skip traversal