aquasecurity
diff --git a/‎docs/advanced/container/embed-in-dockerfile.md
Lines changed: 2 additions & 2 deletions b/‎docs/advanced/container/embed-in-dockerfile.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/advanced/container/unpacked-filesystem.md
Lines changed: 1 addition & 1 deletion b/‎docs/advanced/container/unpacked-filesystem.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/getting-started/cli/fs.md
Lines changed: 0 additions & 2 deletions b/‎docs/getting-started/cli/fs.md
Lines changed: 0 additions & 2 deletions
diff --git a/‎docs/getting-started/cli/rootfs.md
Lines changed: 34 additions & 0 deletions b/‎docs/getting-started/cli/rootfs.md
Lines changed: 34 additions & 0 deletions
diff --git a/‎docs/getting-started/overview.md
Lines changed: 3 additions & 2 deletions b/‎docs/getting-started/overview.md
Lines changed: 3 additions & 2 deletions
diff --git a/‎docs/vulnerability/detection/language.md
Lines changed: 20 additions & 19 deletions b/‎docs/vulnerability/detection/language.md
Lines changed: 20 additions & 19 deletions
diff --git a/‎docs/vulnerability/scanning/filesystem.md
Lines changed: 1 addition & 55 deletions b/‎docs/vulnerability/scanning/filesystem.md
Lines changed: 1 addition & 55 deletions
diff --git a/‎docs/vulnerability/scanning/index.md
Lines changed: 2 additions & 1 deletion b/‎docs/vulnerability/scanning/index.md
Lines changed: 2 additions & 1 deletion
@@ -10,7 +10,7 @@ FROM alpine:3.7
 
 RUN apk add curl \
     && curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
-    && trivy filesystem --exit-code 1 --no-progress /
+    && trivy rootfs --exit-code 1 --no-progress /
 
 $ docker build -t vulnerable-image .
 ```
@@ -21,7 +21,7 @@ insecure `curl | sh`. Also the image is not changed.
 # Run vulnerability scan on build image
 FROM build AS vulnscan
 COPY --from=aquasec/trivy:latest /usr/local/bin/trivy /usr/local/bin/trivy
-RUN trivy filesystem --exit-code 1 --no-progress /
+RUN trivy rootfs --exit-code 1 --no-progress /
 [...]
 ```
 
 
@@ -6,7 +6,7 @@ In this case, Trivy works the same way when scanning containers
 
 ```bash
 $ docker export $(docker create alpine:3.10.2) | tar -C /tmp/rootfs -xvf -
-$ trivy fs /tmp/rootfs
+$ trivy rootfs /tmp/rootfs
 ```
 
 <details>
 
@@ -10,15 +10,13 @@ USAGE:
 OPTIONS:
    --template value, -t value                     output template [$TRIVY_TEMPLATE]
    --format value, -f value                       format (table, json, template) (default: "table") [$TRIVY_FORMAT]
-   --input value, -i value                        input file path instead of image name [$TRIVY_INPUT]
    --severity value, -s value                     severities of vulnerabilities to be displayed (comma separated) (default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL") [$TRIVY_SEVERITY]
    --output value, -o value                       output file name [$TRIVY_OUTPUT]
    --exit-code value                              Exit code when vulnerabilities were found (default: 0) [$TRIVY_EXIT_CODE]
    --skip-db-update, --skip-update                skip updating vulnerability database (default: false) [$TRIVY_SKIP_UPDATE, $TRIVY_SKIP_DB_UPDATE]
    --skip-policy-update                           skip updating built-in policies (default: false) [$TRIVY_SKIP_POLICY_UPDATE]
    --clear-cache, -c                              clear image caches without scanning (default: false) [$TRIVY_CLEAR_CACHE]
    --ignore-unfixed                               display only fixed vulnerabilities (default: false) [$TRIVY_IGNORE_UNFIXED]
-   --removed-pkgs                                 detect vulnerabilities of removed packages (only for Alpine) (default: false) [$TRIVY_REMOVED_PKGS]
    --vuln-type value                              comma-separated list of vulnerability types (os,library) (default: "os,library") [$TRIVY_VULN_TYPE]
    --security-checks value                        comma-separated list of what security issues to detect (vuln,config) (default: "vuln") [$TRIVY_SECURITY_CHECKS]
    --ignorefile value                             specify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]
 
@@ -0,0 +1,34 @@
+# Rootfs
+
+```bash
+NAME:
+   trivy rootfs - scan rootfs
+
+USAGE:
+   trivy rootfs [command options] dir
+
+OPTIONS:
+   --template value, -t value                     output template [$TRIVY_TEMPLATE]
+   --format value, -f value                       format (table, json, template) (default: "table") [$TRIVY_FORMAT]
+   --severity value, -s value                     severities of vulnerabilities to be displayed (comma separated) (default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL") [$TRIVY_SEVERITY]
+   --output value, -o value                       output file name [$TRIVY_OUTPUT]
+   --exit-code value                              Exit code when vulnerabilities were found (default: 0) [$TRIVY_EXIT_CODE]
+   --skip-db-update, --skip-update                skip updating vulnerability database (default: false) [$TRIVY_SKIP_UPDATE, $TRIVY_SKIP_DB_UPDATE]
+   --skip-policy-update                           skip updating built-in policies (default: false) [$TRIVY_SKIP_POLICY_UPDATE]
+   --clear-cache, -c                              clear image caches without scanning (default: false) [$TRIVY_CLEAR_CACHE]
+   --ignore-unfixed                               display only fixed vulnerabilities (default: false) [$TRIVY_IGNORE_UNFIXED]
+   --vuln-type value                              comma-separated list of vulnerability types (os,library) (default: "os,library") [$TRIVY_VULN_TYPE]
+   --security-checks value                        comma-separated list of what security issues to detect (vuln,config) (default: "vuln") [$TRIVY_SECURITY_CHECKS]
+   --ignorefile value                             specify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]
+   --cache-backend value                          cache backend (e.g. redis://localhost:6379) (default: "fs") [$TRIVY_CACHE_BACKEND]
+   --timeout value                                timeout (default: 5m0s) [$TRIVY_TIMEOUT]
+   --no-progress                                  suppress progress bar (default: false) [$TRIVY_NO_PROGRESS]
+   --ignore-policy value                          specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
+   --list-all-pkgs                                enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
+   --skip-files value                             specify the file paths to skip traversal [$TRIVY_SKIP_FILES]
+   --skip-dirs value                              specify the directories where the traversal is skipped [$TRIVY_SKIP_DIRS]
+   --config-policy value                          specify paths to the Rego policy files directory, applying config files [$TRIVY_CONFIG_POLICY]
+   --config-data value                            specify paths from which data for the Rego policies will be recursively loaded [$TRIVY_CONFIG_DATA]
+   --policy-namespaces value, --namespaces value  Rego namespaces (default: "users") [$TRIVY_POLICY_NAMESPACES]
+   --help, -h                                     show help (default: false)
+```
@@ -8,7 +8,7 @@ Trivy detects two types of security issues:
 Trivy can scan three different artifacts:
 
 - [Container Images][container]
-- [Filesystem][filesystem]
+- [Filesystem][filesystem] and [Rootfs][rootfs]
 - [Git Repositories][repo]
 
 Trivy can be run in two different modes:
@@ -53,7 +53,7 @@ See [Integrations][integrations] for details.
         - A remote image in Docker Registry such as Docker Hub, ECR, GCR and ACR
         - A tar archive stored in the `docker save` / `podman save` formatted file
         - An image directory compliant with [OCI Image Format][oci]
-    - local filesystem
+    - local filesystem and rootfs
     - remote git repository
 
 Please see [LICENSE][license] for Trivy licensing information.
@@ -64,6 +64,7 @@ Please see [LICENSE][license] for Trivy licensing information.
 [vuln]: ../vulnerability/scanning/index.md
 [misconf]: ../misconfiguration/index.md
 [container]: ../vulnerability/scanning/image.md
+[rootfs]: ../vulnerability/scanning/rootfs.md
 [filesystem]: ../vulnerability/scanning/filesystem.md
 [repo]: ../vulnerability/scanning/git-repository.md
 
 
@@ -2,23 +2,23 @@
 
 `Trivy` automatically detects the following files in the container and scans vulnerabilities in the application dependencies.
 
-| Language | File                     | Image[^6] | Filesystem[^7] |  Repository[^8] |Dev dependencies |
-|---------|-------------------------|:---------:|:--------------:|:---------------:|-----------------|
-| Ruby     | Gemfile.lock             | -         | ✅              | ✅              | included         |
-|          | gemspec                  | ✅        | ✅              | -               | included         |
-| Python   | Pipfile.lock             | -         | ✅              | ✅              | excluded         |
-|          | poetry.lock              | -         | ✅              | ✅              | included         |
-|          | requirements.txt         | -         | ✅              | ✅              | included         |
-|          | egg package[^1]          | ✅        | ✅              | -               | excluded         |
-|          | wheel package[^2]        | ✅        | ✅              | -               | excluded         |
-| PHP      | composer.lock            | ✅        | ✅              | ✅              | excluded         |
-| Node.js  | package-lock.json        | -         | ✅              | ✅              | excluded         |
-|          | yarn.lock                | -         | ✅              | ✅              | included         |
-|          | package.json             | ✅        | ✅              | -               | excluded         |
-| .NET     | packages.lock.json       | ✅        | ✅              | ✅              | included         |
-| Java     | JAR/WAR/EAR[^3][^4]      | ✅        | ✅              | ✅              | included         |
-| Go       | Binaries built by Go[^5] | ✅        | ✅              | -               | excluded         |
-|          | go.sum                   | -         | ✅              | ✅             | included         |
+| Language | File                     | Image[^6] | Rootfs[^7] | Filesysetm[^8] |  Repository[^9] |Dev dependencies |
+|----------|--------------------------|:---------:|:----------:|:--------------:|:---------------:|-----------------|
+| Ruby     | Gemfile.lock             | -         | -          | ✅             | ✅              | included        |
+|          | gemspec                  | ✅        | ✅         | -              | -               | included        |
+| Python   | Pipfile.lock             | -         | -          | ✅             | ✅              | excluded        |
+|          | poetry.lock              | -         | -          | ✅             | ✅              | included        |
+|          | requirements.txt         | -         | -          | ✅             | ✅              | included        |
+|          | egg package[^1]          | ✅        | ✅         | -              | -               | excluded        |
+|          | wheel package[^2]        | ✅        | ✅         | -              | -               | excluded        |
+| PHP      | composer.lock            | ✅        | ✅         | ✅             | ✅              | excluded        |
+| Node.js  | package-lock.json        | -         | -          | ✅             | ✅              | excluded        |
+|          | yarn.lock                | -         | -          | ✅             | ✅              | included        |
+|          | package.json             | ✅        | ✅         | -              | -               | excluded        |
+| .NET     | packages.lock.json       | ✅        | ✅         | ✅             | ✅              | included        |
+| Java     | JAR/WAR/EAR[^3][^4]      | ✅        | ✅         | ✅             | ✅              | included        |
+| Go       | Binaries built by Go[^5] | ✅        | ✅         | -              | -               | excluded        |
+|          | go.sum                   | -         | -          | ✅             | ✅              | included        |
 
 The path of these files does not matter.
 
@@ -30,5 +30,6 @@ Example: [Dockerfile](https://github.com/aquasecurity/trivy-ci-test/blob/main/Do
 [^4]: It requires the Internet access
 [^5]: UPX-compressed binaries don't work
 [^6]: ✅ means "enabled" and `-` means "disabled" in the image scanning
-[^7]: ✅ means "enabled" and `-` means "disabled" in the filesystem scanning
-[^8]: ✅ means "enabled" and `-` means "disabled" in the git repository scanning
+[^7]: ✅ means "enabled" and `-` means "disabled" in the rootfs scanning
+[^8]: ✅ means "enabled" and `-` means "disabled" in the filesystem scanning
+[^9]: ✅ means "enabled" and `-` means "disabled" in the git repository scanning
@@ -1,6 +1,6 @@
 # Filesystem
 
-Scan a filesystem (such as a host machine, a virtual machine image, or an unpacked container image filesystem).
+Scan a local project including language-specific files.
 
 ```bash
 $ trivy fs /path/to/project
@@ -47,57 +47,3 @@ Total: 10 (UNKNOWN: 2, LOW: 0, MEDIUM: 6, HIGH: 2, CRITICAL: 0)
 ```
 
 </details>
-
-## From Inside Containers
-Scan your container from inside the container.
-
-```bash
-$ docker run --rm -it alpine:3.11
-/ # curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
-/ # trivy fs /
-```
-
-<details>
-<summary>Result</summary>
-
-```
-2021-03-08T05:22:26.378Z        INFO    Need to update DB
-2021-03-08T05:22:26.380Z        INFO    Downloading DB...
-20.37 MiB / 20.37 MiB [-------------------------------------------------------------------------------------------------------------------------------------] 100.00% 8.24 MiB p/s 2s
-2021-03-08T05:22:30.134Z        INFO    Detecting Alpine vulnerabilities...
-2021-03-08T05:22:30.138Z        INFO    Trivy skips scanning programming language libraries because no supported file was detected
-
-313430f09696 (alpine 3.11.7)
-============================
-Total: 6 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 6, CRITICAL: 0)
-
-+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
-|   LIBRARY    | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
-+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
-| libcrypto1.1 | CVE-2021-23839   | HIGH     | 1.1.1i-r0         | 1.1.1j-r0     | openssl: incorrect SSLv2              |
-|              |                  |          |                   |               | rollback protection                   |
-|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-23839 |
-+              +------------------+          +                   +               +---------------------------------------+
-|              | CVE-2021-23840   |          |                   |               | openssl: integer                      |
-|              |                  |          |                   |               | overflow in CipherUpdate              |
-|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-23840 |
-+              +------------------+          +                   +               +---------------------------------------+
-|              | CVE-2021-23841   |          |                   |               | openssl: NULL pointer dereference     |
-|              |                  |          |                   |               | in X509_issuer_and_serial_hash()      |
-|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-23841 |
-+--------------+------------------+          +                   +               +---------------------------------------+
-| libssl1.1    | CVE-2021-23839   |          |                   |               | openssl: incorrect SSLv2              |
-|              |                  |          |                   |               | rollback protection                   |
-|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-23839 |
-+              +------------------+          +                   +               +---------------------------------------+
-|              | CVE-2021-23840   |          |                   |               | openssl: integer                      |
-|              |                  |          |                   |               | overflow in CipherUpdate              |
-|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-23840 |
-+              +------------------+          +                   +               +---------------------------------------+
-|              | CVE-2021-23841   |          |                   |               | openssl: NULL pointer dereference     |
-|              |                  |          |                   |               | in X509_issuer_and_serial_hash()      |
-|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-23841 |
-+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
-```
-
-</details>
@@ -1,10 +1,11 @@
 # Vulnerability Scanning
 
-Trivy scans [Container Images][image], [Filesystem][fs], and [Git Repositories][repo] to detect vulnerabilities.
+Trivy scans [Container Images][image], [Rootfs][rootfs], [Filesystem][fs], and [Git Repositories][repo] to detect vulnerabilities.
 
 ![vulnerability][vuln]
 
 [image]: image.md
+[rootfs]: rootfs.md
 [fs]: filesystem.md
 [repo]: git-repository.md
 [vuln]: ../../imgs/vulnerability.png