Rename flag --list-all-pkgs to --list-pkgs

Resolves aquasecurity#828

In order to avoid confusion on the effect of `--list-all-pkgs` flag,
rename the flag to solely `--list-pkgs` which will result in listing
the packages alongside scanning for vulnerabilities according to the
given behavior.

In essence,

 -                                    | OS package list | OS package vulnerabilities | Langueage-specific package list | Language-specific vulnerabilities
------------------------------------- | --------------- | -------------------------- | ------------------------------- | ---------------------------------
`--vuln-type os`	              |       x	        |             v              |                x                |                x
`--vuln-type library`	              |       x	        |             x	             |                x	               |                v
`--vuln-type os,library`	      |       x         |             v	             |                x                |                v
`--vuln-type os --list-pkgs`          |	      v         |             v              |                x                |                x
`--vuln-type library --list-pkgs`     |	      x	        |             x	             |                v                |                v
`--vuln-type os,library --list-pkgs`  |       v         |             v              |                v                |                v

Signed-off-by: Yuval Goldberg <yuvigoldi@gmail.com>

docs/docs/references/cli/client.md

@@ -21,7 +21,7 @@ OPTIONS:
    --ignorefile value          specify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]
    --timeout value             timeout (default: 5m0s) [$TRIVY_TIMEOUT]
    --ignore-policy value       specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
-   --list-all-pkgs             enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
+   --list-pkgs                 enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_PKGS]
    --offline-scan              do not issue API requests to identify dependencies (default: false) [$TRIVY_OFFLINE_SCAN]
    --token value               for authentication [$TRIVY_TOKEN]
    --token-header value        specify a header name for token (default: "Trivy-Token") [$TRIVY_TOKEN_HEADER]

docs/docs/references/cli/fs.md

@@ -24,7 +24,7 @@ OPTIONS:
    --timeout value                                timeout (default: 5m0s) [$TRIVY_TIMEOUT]
    --no-progress                                  suppress progress bar (default: false) [$TRIVY_NO_PROGRESS]
    --ignore-policy value                          specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
-   --list-all-pkgs                                enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
+   --list-pkgs                                    enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_PKGS]
    --offline-scan                                 do not issue API requests to identify dependencies (default: false) [$TRIVY_OFFLINE_SCAN]
    --skip-files value                             specify the file paths to skip traversal [$TRIVY_SKIP_FILES]
    --skip-dirs value                              specify the directories where the traversal is skipped [$TRIVY_SKIP_DIRS]

docs/docs/references/cli/image.md

@@ -25,7 +25,7 @@ OPTIONS:
    --ignorefile value          specify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]
    --timeout value             timeout (default: 5m0s) [$TRIVY_TIMEOUT]
    --ignore-policy value       specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
-   --list-all-pkgs             enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
+   --list-pkgs                 enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_PKGS]
    --offline-scan              do not issue API requests to identify dependencies (default: false) [$TRIVY_OFFLINE_SCAN]
    --skip-files value          specify the file path to skip traversal [$TRIVY_SKIP_FILES]
    --skip-dirs value           specify the directory where the traversal is skipped [$TRIVY_SKIP_DIRS]

docs/docs/references/cli/repo.md

@@ -25,7 +25,7 @@ OPTIONS:
    --no-progress               suppress progress bar (default: false) [$TRIVY_NO_PROGRESS]
    --quiet, -q                      suppress progress bar and log output (default: false) [$TRIVY_QUIET]
    --ignore-policy value       specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
-   --list-all-pkgs             enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
+   --list-pkgs                 enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_PKGS]
    --offline-scan              do not issue API requests to identify dependencies (default: false) [$TRIVY_OFFLINE_SCAN]
    --skip-files value          specify the file path to skip traversal [$TRIVY_SKIP_FILES]
    --skip-dirs value           specify the directory where the traversal is skipped [$TRIVY_SKIP_DIRS]

docs/docs/references/cli/rootfs.md

@@ -24,7 +24,7 @@ OPTIONS:
    --timeout value                                timeout (default: 5m0s) [$TRIVY_TIMEOUT]
    --no-progress                                  suppress progress bar (default: false) [$TRIVY_NO_PROGRESS]
    --ignore-policy value                          specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
-   --list-all-pkgs                                enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
+   --list-pkgs                                    enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_PKGS]
    --offline-scan                                 do not issue API requests to identify dependencies (default: false) [$TRIVY_OFFLINE_SCAN]
    --skip-files value                             specify the file paths to skip traversal [$TRIVY_SKIP_FILES]
    --skip-dirs value                              specify the directories where the traversal is skipped [$TRIVY_SKIP_DIRS]

integration/client_server_test.go

@@ -36,7 +36,7 @@ type csArgs struct {
 	Input             string
 	ClientToken       string
 	ClientTokenHeader string
-	ListAllPackages   bool
+	ListPackages      bool
 	Target            string
 }
 

integration/fs_test.go

@@ -22,7 +22,7 @@ func TestFilesystem(t *testing.T) {
 		ignoreIDs      []string
 		policyPaths    []string
 		namespaces     []string
-		listAllPkgs    bool
+		listPkgs       bool
 		input          string
 	}
 	tests := []struct {
@@ -50,7 +50,7 @@ func TestFilesystem(t *testing.T) {
 			name: "pip",
 			args: args{
 				securityChecks: "vuln",
-				listAllPkgs:    true,
+				listPkgs:       true,
 				input:          "testdata/fixtures/fs/pip",
 			},
 			golden: "testdata/pip.json.golden",
@@ -139,8 +139,8 @@ func TestFilesystem(t *testing.T) {
 				outputFile = tt.golden
 			}
 
-			if tt.args.listAllPkgs {
-				osArgs = append(osArgs, "--list-all-pkgs")
+			if tt.args.listPkgs {
+				osArgs = append(osArgs, "--list-pkgs")
 			}
 
 			osArgs = append(osArgs, "--output", outputFile)

pkg/commands/app.go

@@ -227,10 +227,10 @@ var (
 		EnvVars: []string{"TRIVY_IGNORE_POLICY"},
 	}
 
-	listAllPackages = cli.BoolFlag{
-		Name:    "list-all-pkgs",
+	listPackages = cli.BoolFlag{
+		Name:    "list-pkgs",
 		Usage:   "enabling the option will output all packages regardless of vulnerability",
-		EnvVars: []string{"TRIVY_LIST_ALL_PKGS"},
+		EnvVars: []string{"TRIVY_LIST_PKGS"},
 	}
 
 	skipFiles = cli.StringSliceFlag{
@@ -448,7 +448,7 @@ func NewImageCommand() *cli.Command {
 			&timeoutFlag,
 			&lightFlag,
 			&ignorePolicy,
-			&listAllPackages,
+			&listPackages,
 			&cacheBackendFlag,
 			&redisBackendCACert,
 			&redisBackendCert,
@@ -490,7 +490,7 @@ func NewFilesystemCommand() *cli.Command {
 			&timeoutFlag,
 			&noProgressFlag,
 			&ignorePolicy,
-			&listAllPackages,
+			&listPackages,
 			&offlineScan,
 			&dbRepositoryFlag,
 			stringSliceFlag(skipFiles),
@@ -537,7 +537,7 @@ func NewRootfsCommand() *cli.Command {
 			&timeoutFlag,
 			&noProgressFlag,
 			&ignorePolicy,
-			&listAllPackages,
+			&listPackages,
 			&offlineScan,
 			&dbRepositoryFlag,
 			stringSliceFlag(skipFiles),
@@ -580,7 +580,7 @@ func NewRepositoryCommand() *cli.Command {
 			&noProgressFlag,
 			&quietFlag,
 			&ignorePolicy,
-			&listAllPackages,
+			&listPackages,
 			&offlineScan,
 			&insecureFlag,
 			&dbRepositoryFlag,
@@ -617,7 +617,7 @@ func NewClientCommand() *cli.Command {
 			stringSliceFlag(skipFiles),
 			stringSliceFlag(skipDirs),
 			stringSliceFlag(configPolicy),
-			&listAllPackages,
+			&listPackages,
 			&offlineScan,
 			&insecureFlag,
 

pkg/commands/artifact/run.go

@@ -208,7 +208,7 @@ func scan(ctx context.Context, opt Option, initializeScanner InitializeScanner,
 		VulnType:            opt.VulnType,
 		SecurityChecks:      opt.SecurityChecks,
 		ScanRemovedPackages: opt.ScanRemovedPkgs, // this is valid only for image subcommand
-		ListAllPackages:     opt.ListAllPkgs,
+		ListPackages:        opt.ListPkgs,
 	}
 	log.Logger.Debugf("Vulnerability type:  %s", scanOptions.VulnType)
 

pkg/commands/option/report.go

@@ -35,7 +35,7 @@ type ReportOption struct {
 	SecurityChecks []string
 	Output         io.Writer
 	Severities     []dbTypes.Severity
-	ListAllPkgs    bool
+	ListPkgs       bool
 }
 
 // NewReportOption is the factory method to return ReportOption
@@ -52,7 +52,7 @@ func NewReportOption(c *cli.Context) ReportOption {
 		IgnoreFile:     c.String("ignorefile"),
 		IgnoreUnfixed:  c.Bool("ignore-unfixed"),
 		ExitCode:       c.Int("exit-code"),
-		ListAllPkgs:    c.Bool("list-all-pkgs"),
+		ListPkgs:       c.Bool("list-pkgs"),
 	}
 }
 
@@ -70,14 +70,14 @@ func (c *ReportOption) Init(output io.Writer, logger *zap.SugaredLogger) error {
 		}
 	}
 
-	// "--list-all-pkgs" option is unavailable with "--format table".
-	// If user specifies "--list-all-pkgs" with "--format table", we should warn it.
-	if c.ListAllPkgs && c.Format == "table" {
-		logger.Warn(`"--list-all-pkgs" cannot be used with "--format table". Try "--format json" or other formats.`)
+	// "--list-pkgs" option is unavailable with "--format table".
+	// If user specifies "--list-pkgs" with "--format table", we should warn it.
+	if c.ListPkgs && c.Format == "table" {
+		logger.Warn(`"--list-pkgs" cannot be used with "--format table". Try "--format json" or other formats.`)
 	}
 
-	if c.forceListAllPkgs(logger) {
-		c.ListAllPkgs = true
+	if c.forceListPkgs(logger) {
+		c.ListPkgs = true
 	}
 
 	c.Severities = splitSeverity(logger, c.severities)
@@ -136,9 +136,9 @@ func (c *ReportOption) populateSecurityChecks() error {
 	return nil
 }
 
-func (c *ReportOption) forceListAllPkgs(logger *zap.SugaredLogger) bool {
-	if c.Format == "cyclonedx" && !c.ListAllPkgs {
-		logger.Debugf("'--format cyclonedx' automatically enables '--list-all-pkgs'.")
+func (c *ReportOption) forceListPkgs(logger *zap.SugaredLogger) bool {
+	if c.Format == "cyclonedx" && !c.ListPkgs {
+		logger.Debugf("'--format cyclonedx' automatically enables '--list-pkgs'.")
 		return true
 	}
 	return false

pkg/commands/option/report_test.go

@@ -24,7 +24,7 @@ func TestReportReportConfig_Init(t *testing.T) {
 		severities     string
 		IgnoreFile     string
 		IgnoreUnfixed  bool
-		listAllPksgs   bool
+		listPkgs       bool
 		ExitCode       int
 		VulnType       []string
 		Output         *os.File
@@ -79,7 +79,7 @@ func TestReportReportConfig_Init(t *testing.T) {
 				vulnType:       "os,library",
 				securityChecks: "vuln",
 				Format:         "cyclonedx",
-				listAllPksgs:   true,
+				listPkgs:       true,
 			},
 			args: []string{"centos:7"},
 			want: ReportOption{
@@ -88,22 +88,22 @@ func TestReportReportConfig_Init(t *testing.T) {
 				SecurityChecks: []string{types.SecurityCheckVulnerability},
 				Format:         "cyclonedx",
 				Output:         os.Stdout,
-				ListAllPkgs:    true,
+				ListPkgs:       true,
 			},
 		},
 		{
-			name: "happy path with an cyclonedx option list-all-pkgs is false",
+			name: "happy path with an cyclonedx option list-pkgs is false",
 			fields: fields{
 				severities:     "CRITICAL",
 				vulnType:       "os,library",
 				securityChecks: "vuln",
 				Format:         "cyclonedx",
-				listAllPksgs:   false,
+				listPkgs:       false,
 				debug:          true,
 			},
 			args: []string{"centos:7"},
 			logs: []string{
-				"'--format cyclonedx' automatically enables '--list-all-pkgs'.",
+				"'--format cyclonedx' automatically enables '--list-pkgs'.",
 				"Severities: CRITICAL",
 			},
 			want: ReportOption{
@@ -112,7 +112,7 @@ func TestReportReportConfig_Init(t *testing.T) {
 				SecurityChecks: []string{types.SecurityCheckVulnerability},
 				Format:         "cyclonedx",
 				Output:         os.Stdout,
-				ListAllPkgs:    true,
+				ListPkgs:       true,
 			},
 		},
 		{
@@ -178,25 +178,25 @@ func TestReportReportConfig_Init(t *testing.T) {
 			},
 		},
 		{
-			name: "invalid option combination: --list-all-pkgs with --format table",
+			name: "invalid option combination: --list-pkgs with --format table",
 			fields: fields{
 				Format:         "table",
 				severities:     "LOW",
 				vulnType:       "os",
 				securityChecks: "vuln",
-				listAllPksgs:   true,
+				listPkgs:       true,
 			},
 			args: []string{"centos:7"},
 			logs: []string{
-				`"--list-all-pkgs" cannot be used with "--format table". Try "--format json" or other formats.`,
+				`"--list-pkgs" cannot be used with "--format table". Try "--format json" or other formats.`,
 			},
 			want: ReportOption{
 				Format:         "table",
 				Output:         os.Stdout,
 				Severities:     []dbTypes.Severity{dbTypes.SeverityLow},
 				VulnType:       []string{types.VulnTypeOS},
 				SecurityChecks: []string{types.SecurityCheckVulnerability},
-				ListAllPkgs:    true,
+				ListPkgs:       true,
 			},
 		},
 	}
@@ -223,7 +223,7 @@ func TestReportReportConfig_Init(t *testing.T) {
 				IgnoreFile:     tt.fields.IgnoreFile,
 				IgnoreUnfixed:  tt.fields.IgnoreUnfixed,
 				ExitCode:       tt.fields.ExitCode,
-				ListAllPkgs:    tt.fields.listAllPksgs,
+				ListPkgs:       tt.fields.listPkgs,
 				Output:         tt.fields.Output,
 			}
 			err := c.Init(os.Stdout, logger.Sugar())

pkg/rpc/client/client.go

@@ -71,9 +71,9 @@ func (s Scanner) Scan(target, artifactKey string, blobKeys []string, options typ
 			ArtifactId: artifactKey,
 			BlobIds:    blobKeys,
 			Options: &rpc.ScanOptions{
-				VulnType:        options.VulnType,
-				SecurityChecks:  options.SecurityChecks,
-				ListAllPackages: options.ListAllPackages,
+				VulnType:       options.VulnType,
+				SecurityChecks: options.SecurityChecks,
+				ListPackages:   options.ListPackages,
 			},
 		})
 		return err

pkg/rpc/server/server.go

@@ -39,9 +39,9 @@ func NewScanServer(s scanner.Driver, vulnClient result.Client) *ScanServer {
 // Scan scans and return response
 func (s *ScanServer) Scan(_ context.Context, in *rpcScanner.ScanRequest) (*rpcScanner.ScanResponse, error) {
 	options := types.ScanOptions{
-		VulnType:        in.Options.VulnType,
-		SecurityChecks:  in.Options.SecurityChecks,
-		ListAllPackages: in.Options.ListAllPackages,
+		VulnType:       in.Options.VulnType,
+		SecurityChecks: in.Options.SecurityChecks,
+		ListPackages:   in.Options.ListPackages,
 	}
 	results, os, err := s.localScanner.Scan(in.Target, in.ArtifactId, in.BlobIds, options)
 	if err != nil {

pkg/scanner/local/scan.go

@@ -157,7 +157,7 @@ func (s Scanner) scanOSPkgs(target string, detail ftypes.ArtifactDetail, options
 		return nil, eosl, nil
 	}
 
-	if options.ListAllPackages {
+	if options.ListPackages {
 		sort.Slice(pkgs, func(i, j int) bool {
 			return strings.Compare(pkgs[i].Name, pkgs[j].Name) <= 0
 		})
@@ -225,7 +225,7 @@ func (s Scanner) scanLibrary(apps []ftypes.Application, options types.ScanOption
 			Class:           types.ClassLangPkg,
 			Type:            app.Type,
 		}
-		if options.ListAllPackages {
+		if options.ListPackages {
 			libReport.Packages = app.Libraries
 		}
 		results = append(results, libReport)

pkg/scanner/local/scan_test.go

@@ -157,9 +157,9 @@ func TestScanner_Scan(t *testing.T) {
 				target:   "alpine:latest",
 				layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
 				options: types.ScanOptions{
-					VulnType:        []string{types.VulnTypeOS, types.VulnTypeLibrary},
-					SecurityChecks:  []string{types.SecurityCheckVulnerability},
-					ListAllPackages: true,
+					VulnType:       []string{types.VulnTypeOS, types.VulnTypeLibrary},
+					SecurityChecks: []string{types.SecurityCheckVulnerability},
+					ListPackages:   true,
 				},
 			},
 			fixtures: []string{"testdata/fixtures/happy.yaml"},

pkg/types/scanoptions.go

@@ -5,5 +5,5 @@ type ScanOptions struct {
 	VulnType            []string
 	SecurityChecks      []string
 	ScanRemovedPackages bool
-	ListAllPackages     bool
+	ListPackages        bool
 }