docs: rewrite installation docs and general improvements (#3368)

improve installation guide, improve overview pages, rename cli section to docs

README.md

@@ -31,24 +31,25 @@ Scanners (what Trivy can find there):
 - Sensitive information and secrets
 - Software licenses
 
+To learn more, go to the [Trivy homepage][homepage] for feature highlights, or to the [Documentation site][docs] for detailed information.
+
 ## Quick Start
 
 ### Get Trivy
 
-Trivy is available in most common distribution methods. The full list of installation options is available in the [Installation] page, here are a few popular options:
+Trivy is available in most common distribution channels. The full list of installation options is available in the [Installation] page. Here are a few popular examples:
 
-- `apt-get install trivy`
-- `yum install trivy`
 - `brew install trivy`
 - `docker run aquasec/trivy`
 - Download binary from <https://github.com/aquasecurity/trivy/releases/latest/>
+- See [Installation] for more
 
-Trivy is integrated with many popular platforms and applications. The full list of integrations is available in the [Ecosystem] page. Here are a few popular options:
+Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the [Ecosystem] page. Here are a few popular examples:
 
 - [GitHub Actions](https://github.com/aquasecurity/trivy-action)
-- [CircleCI](https://circleci.com/developer/orbs/orb/fifteen5/trivy-orb)
 - [Kubernetes operator](https://github.com/aquasecurity/trivy-operator)
 - [VS Code plugin](https://github.com/aquasecurity/trivy-vscode-extension)
+- See [Ecosystem] for more
 
 ### General usage
 
@@ -91,36 +92,6 @@ trivy k8s --report summary cluster
 
 </details>
 
-## Highlights
-
-- Comprehensive vulnerability detection
-    - OS packages (Alpine Linux, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, AlmaLinux, Rocky Linux, CBL-Mariner, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
-    - **Language-specific packages** (Bundler, Composer, Pipenv, Poetry, npm, yarn, Cargo, NuGet, Maven, and Go)
-    - High accuracy, especially [Alpine Linux][alpine] and RHEL/CentOS
-- Supply chain security (SBOM support)
-    - Support CycloneDX
-    - Support SPDX
-    - Generating and Scanning SBOM
-    - Leveraging in-toto attestations
-    - Integrated with [Sigstore]
-- Misconfiguration detection (IaC scanning) 
-    - Wide variety of security checks are provided **out of the box**
-    - Kubernetes, Docker, Terraform, and more
-    - User-defined policies using [OPA Rego][rego]
-- Secret detection
-    - A wide variety of built-in rules are provided **out of the box**
-    - User-defined patterns
-    - Efficient scanning of container images
-- Simple
-    - Available in apt, yum, brew, dockerhub
-    - **No pre-requisites** such as a database, system libraries, or eny environmental requirements. The binary runs anywhere.
-    - The first scan will finish within 10 seconds (depending on your network). Consequent scans will finish instantaneously.
-- Fits your workflow
-    - **Great for CI** such as GitHub Actions, Jenkins, GitLab CI, etc.
-    - Available as extension for IDEs such as vscode, jetbrains, vim
-    - Available as extension for Docker Desktop, Rancher Desktop
-    - See [Ecosystem] section in the documentation.
-
 ## FAQ
 
 ### How to pronounce the name "Trivy"?
@@ -143,6 +114,7 @@ Contact us about any matter by opening a GitHub Discussion [here][discussions]
 [docker-pulls]: https://img.shields.io/docker/pulls/aquasec/trivy?logo=docker&label=docker%20pulls%20%2F%20trivy
 [license]: https://github.com/aquasecurity/trivy/blob/main/LICENSE
 [license-img]: https://img.shields.io/badge/License-Apache%202.0-blue.svg
+[homepage]: https://trivy.dev
 [docs]: https://aquasecurity.github.io/trivy
 [pronunciation]: #how-to-pronounce-the-name-trivy
 

docs/docs/advanced/private-registries/ecr.md

@@ -2,3 +2,34 @@ Trivy uses AWS SDK. You don't need to install `aws` CLI tool.
 You can use [AWS CLI's ENV Vars][env-var].
 
 [env-var]: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
+
+### AWS private registry permissions
+
+You may need to grant permissions to allow Trivy to pull images from private ECR.
+
+It depends on how you want to provide AWS Role to trivy.
+
+- [IAM Role Service account](https://github.com/aws/amazon-eks-pod-identity-webhook)
+- [Kube2iam](https://github.com/jtblin/kube2iam) or [Kiam](https://github.com/uswitch/kiam)
+
+#### IAM Role Service account
+
+Add the AWS role in trivy's service account annotations:
+
+```yaml
+trivy:
+
+  serviceAccount:
+    annotations: {}
+      # eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT_ID:role/IAM_ROLE_NAME
+```
+
+#### Kube2iam or Kiam
+
+Add the AWS role to pod's annotations:
+
+```yaml
+podAnnotations: {}
+  ## kube2iam/kiam annotation
+  # iam.amazonaws.com/role: arn:aws:iam::ACCOUNT_ID:role/IAM_ROLE_NAME
+```

docs/docs/index.md

@@ -1,72 +1,5 @@
 # Docs
 
-This documentation details how to use Trivy to access the features listed below.
+In this section you can find the complete reference documentation for all of the different features and settings that Trivy has to offer.
 
-## Features
-
-- Comprehensive vulnerability detection
-    - [OS packages][os] (Alpine, Wolfi, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, AlmaLinux, Rocky Linux, CBL-Mariner, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
-    - [**Language-specific packages**][lang] (Bundler, Composer, Pipenv, Poetry, npm, yarn, pnpm, Cargo, NuGet, Maven, and Go)
-- Detect IaC misconfigurations
-    - A wide variety of [built-in policies][builtin] are provided **out of the box**:
-        - Kubernetes
-        - Docker
-        - Terraform
-        - more coming soon
-    - Support custom policies
-- Simple
-    - Specify only an image name, a directory containing IaC configs, or an artifact name
-    - See [Quick Start][quickstart]
-- Fast
-    - The first scan will finish within 10 seconds (depending on your network). Consequent scans will finish in single seconds.
-    - Unlike other scanners that take long to fetch vulnerability information (~10 minutes) on the first run, and encourage you to maintain a durable vulnerability database, Trivy is stateless and requires no maintenance or preparation.
-- Easy installation
-    - `apt-get install`, `yum install` and `brew install` is possible (See [Installation][installation])
-    - **No pre-requisites** such as installation of DB, libraries, etc.
-- High accuracy
-    - **Especially Alpine Linux and RHEL/CentOS**
-    - Other OSes are also high
-- DevSecOps
-    - **Suitable for CI** such as Travis CI, CircleCI, Jenkins, GitLab CI, etc.
-    - See [CI Example][integrations]
-- Support multiple formats
-    - container image
-        - A local image in Docker Engine which is running as a daemon
-        - A local image in [Podman][podman] (>=2.0) which is exposing a socket
-        - A remote image in Docker Registry such as Docker Hub, ECR, GCR and ACR
-        - A tar archive stored in the `docker save` / `podman save` formatted file
-        - An image directory compliant with [OCI Image Format][oci]
-    - local filesystem and rootfs
-    - remote git repository
-- [SBOM][sbom] (Software Bill of Materials) support
-    - CycloneDX
-    - SPDX
-    - GitHub Dependency Snapshots
-
-Please see [LICENSE][license] for Trivy licensing information.
-
-[installation]: ../getting-started/installation.md
-[vuln]: ../docs/vulnerability/scanning/index.md
-[misconf]: ../docs/misconfiguration/scanning.md
-[kubernetesoperator]: ../docs/kubernetes/operator/index.md
-[container]: ../docs/vulnerability/scanning/image.md
-[rootfs]: ../docs/vulnerability/scanning/rootfs.md
-[filesystem]: ../docs/vulnerability/scanning/filesystem.md
-[repo]: ../docs/vulnerability/scanning/git-repository.md
-[kubernetes]: ../docs/kubernetes/cli/scanning.md
-
-[standalone]: ../docs/references/modes/standalone.md
-[client-server]: ../docs/references/modes/client-server.md
-[integrations]: ../tutorials/integrations/index.md
-
-[os]: ../docs/vulnerability/detection/os.md
-[lang]: ../docs/vulnerability/detection/language.md
-
-[builtin]: ../docs/misconfiguration/policy/builtin.md
-[quickstart]: ../index.md
-[podman]: ../docs/advanced/container/podman.md
-
-[sbom]: ../docs/sbom/index.md
-
-[oci]: https://github.com/opencontainers/image-spec
-[license]:  https://github.com/aquasecurity/trivy/blob/main/LICENSE
+👈 Please use the side-navigation on the left in order to browse the different topics.

docs/ecosystem/index.md

@@ -1,9 +1,9 @@
 #  Ecosystem
-Trivy is already integrated into many popular tools and applications, so that you can easily add security to your workflow.
+Trivy is integrated into many popular tools and applications, so that you can easily add security to your workflow.
 
 In this section you will find an aggregation of the different integrations. Integrations are listed as either "official" or "community". Official integrations are developed by the core Trivy team and supported by it. Community integrations are integrations developed by the community, and collected here for your convenience. For support or questions about community integrations, please contact the original developers.
 
-👈 Choose a category from the side menu to browse integrations.
+👈 Please use the side-navigation on the left in order to browse the different topics.
 
 ## Add missing integration