Page Comparison

docker.scanImages

Runs scans on all or specified images. 

When set to True, only Docker image scan will occur. This will include the detection of Linux packages, and a general scan of the image file system for package managers' based resolution and identification of source files/binaries.

See here for more information on scanning Docker images.

Only the Docker image scan will occur.

Docker image scan will not take place.

False

-docker.scanImages

docker.includes 

Comma, space or line-delimited list specifying which images to include in the scan.

Values provided should come from either of the following:

• Repository (image name)

• Tag

• Image ID

N/A

N/A

The default value is ".*.*"

(All images will be scanned)

No

docker.excludes 

Comma, space or line-delimited list specifying which images to exclude in the scan.

Values provided should come from either of the following:

• Repository (image name)

• Tag

• Image ID

N/A

N/A

Empty

(No images will be excluded)

No

docker.excludeLayersByLabel

Enables scanning Docker layers defined after a specific label. This feature can be used to exclude certain Docker layers from the scan, for example, the layers that comprise the base image. The parameter should be set with a label string (key=value) which will direct the Unified Agent to scan only the Docker layers that appear after the specified label. 

NOTES:

• This feature is currently in Beta status. 

• The mechanism is based on the Docker LABEL instruction and is not applicable for labels defined via the docker build command.

N/A

N/A

Empty

No

docker.projectNameFormat 

Determine's the Docker project's name's format.

• If the value is set to default, the project name created in Mend comprises the Docker repository name, tag and ID, in the following format:

<Image Name> <Image Tag> <Image ID>

• If the value is set to repositoryNameAndTag, then the project name created in Mend comprises the Docker repository name and tag, in the following format:

<Image Name> <Image Tag>

• If the value is set to repositoryName,  the project name comprises only the Docker repository name:

<Image Name>

NOTE: Irrelevant when docker.scanTarFiles=true.

N/A

N/A

"DEFAULT"

No

docker.scanTarFiles

Used when the user supplies the tar file of a Docker image.

NOTE: The project name will be derived from the tar file name.

The Unified Agent will scan the .tar file as a Docker image.

The Unified Agent will not scan the .tar file as a Docker image.

False

No

docker.layers

Enables users scanning docker images to receive information regarding packages in layer granularity.  The layer granularity can be viewed in the interface under the hierarchical display.

Provides information packages in layer granularity. The scan will split the result into layers, each layer contains all packages/libraries and files found under the layer (in case a package was added at layer 2 and deleted from 3, it will not appear at all in the result, since its not part of the final result). 

Will not provide the aforementioned information.

False

No

docker.pull.enable 

Whether to execute "pull" from all from all relevant registries

Executes 'pull' from all relevant registries

Will not pull anything

False

No

docker.pull.images 

Pull Docker images that match the specified filter (string).

Can include regular expressions or a list of space-delimited values.

N/A

N/A

Empty

(all images will be pulled)

No

docker.pull.maxImages 

Defines the maximum number of images to be pulled. When this number of pulled images is reached, no more images are pulled.

N/A

N/A

10

No

docker.pull.tags 

Pulls Docker images whose tags match the specified filter (string).

Can include regular expressions or a list of space-delimited values.

N/A

N/A

Empty

(all images will be pulled)

No

docker.pull.digest 

Pull Docker images whose digests match the specified filter (string).

Can include regular expressions or a list of space-delimited values.

N/A

N/A

Empty

(all images will be pulled)

No

docker.delete.force 

Enables Mend to use Docker to delete images via the 'force' flag. This is required if the user pulled images that are related to other images, so in this case a regular delete may not work. 

NOTE: Use this parameter with caution.

Mend uses Docker to delete images via the 'force' flag.

Mend will not use Docker to delete images via the 'force' flag.

False

No

docker.login.sudo 

Whether the Unified Agent will run 'sudo docker login'.

The Unified Agent will run 'sudo docker login'.

The Unified Agent will not run 'sudo docker login'.

True

No

docker.aws.enable 

Enables pulling Docker Images from Amazon Elastic Container Registry (ECR).

NOTE: If set to True, the  'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True.

Pulls Docker Images from Amazon Elastic Container Registry (ECR).

Will not pull Docker Images from Amazon Elastic Container Registry (ECR).

False

No

docker.aws.registryIds 

The Registry IDs list on Amazon Web Services (the AWS 12-digit account IDs that correspond to the Amazon ECR registries). The  list must include the following:

• Full registry IDs and no GLOB patterns. 

• At least one registry ID. Values are space-delimited.

NOTE: Required if docker.aws.enable=true.

N/A

N/A

No default

No

docker.azure.enable 

Enables pulling Docker Images from Azure Container registry. 

NOTE: If set to True, the  'docker.scanImages' and 'docker.pull.enable' parameter values must also be set to True.

Pulls Docker Images from Azure Container registry. 

Will not pull Docker Images from Azure Container registry. 

False

No

docker.azure.userName 

Username for Azure Container registry. 

NOTE: Required if docker.azure.enable is True.

N/A

N/A

No default

No

docker.azure.userPassword 

Password for Azure Container registry.

NOTE: Required if if docker.azure.enable=true. However, it is not mandatory if you already logged in manually to your Azure account via the Azure Client CLI.

N/A

N/A

No default

No

docker.azure.registryNames 

Docker registry names in Azure Container registry, space-delimited.

NOTE: Required if docker.azure.enable=true.

N/A

N/A

No default

No

docker.azure.authenticationType

Whether to use “containerRegistry” or "userAccount" as the authentication type.

Using  "userAccount" login method requiere setting should be filled "docker.azure.userName" and "docker.azure.userPassword"

Using  "containerRegistry", login method  will login to each registry using registry username and password provided in config file in the param docker.azure.registryAuthenticationParameters

N/A

N/A

userAccount

No

docker.azure.registryAuthenticationParameters

Registry authentication parameters should contain username and password for each registry in the following format <registryUsername>:<registryPassword>. If there are more than one registry contain in docker.azure.registryNames param then username and password should be provided separated by space:

<registry1UserName>:<registry1Password> <registry2UserName>:<registry2Password>

N/A

N/A

No default

No

docker.artifactory.enable 

Enables pulling Docker Images from the Artifactory Pro Docker registry. 

NOTE: Verify that the  'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True.

Pulls Docker Images from the Artifactory Pro Docker registry. 

Will not pull Docker Images from the Artifactory Pro Docker registry.

False

No

docker.artifactory.url 

Artifactory URL including http:// or https:// and contextpath (Artifactory default contextPath is “/artifactory" )

NOTE:

• Required if if docker.artifactory.enable=true.

• Where read-only users are created via docker.artifactory.dockerAccessMethod, this must consist of http/s://<public server name>:<HTTP/S port>/<public context path>.

N/A

N/A

No default

No

docker.artifactory.pullUrl 

• If ‘docker.artifactory.pullUrl’ is empty, use original behavior of 'docker.artifactory.url'

• If ‘docker.artifactory.pullUrl’ is not empty use it as URL to docker [login/pull] commands while ‘docker.artifactory.url’ is used to run REST API command for artifactory.

N/A

N/A

No default

No

docker.artifactory.userName 

Username for Artifactory Pro Docker registry

NOTE: Required if docker.artifactory.enable=true.

N/A

N/A

No default

No

docker.artifactory.userPassword 

Password for Artifactory Pro Docker registry.

NOTE: Required if docker.artifactory.enable=true.

N/A

N/A

No default

No

docker.artifactory.repositoriesNames 

Repository names in Artifactory Pro Docker registry, space-delimited list.

NOTE: Required if docker.artifactory.enable=true.

N/A

N/A

No default

No

docker.artifactory.dockerAccessMethod 

Required when the user has read-only access.

Values are: repopath, subdomain, port.

In case customers use port method 'docker.artifactory.dockerAccessMethod=port', 'repository port' must be added to each repository in ‘docker.artifactory.repositoriesNames' in this format: <repositoryName>:<repositoryPort>

N/A

N/A

No default

No

docker.hub.enabled 

Enables pulling Docker Images from the Docker Hub registry. 

NOTE: Verify that the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True.

Pulls Docker Images from the Docker Hub registry. 

Will not pull Docker Images from the Docker Hub registry. 

False

No

docker.hub.userName 

Username for Docker Hub registry.

NOTE: Required if docker.hub.enable=true

N/A

N/A

No default

No

docker.hub.userPassword 

Password required for Password for Azure Container registry.

NOTE: Required if docker.hub.enable=true

N/A

N/A

No default

No

docker.hub.organizationsNames 

Space-delimited list of organizations under the user to be scanned.

NOTE: Required if docker.hub.enable=true.

N/A

N/A

No default

No

docker.gcr.repositories

A list of repositories, comma-delimited.
If empty, the Unified Agent will use the default repository.

Example value:
gcr.io/Mend-main,gcr.io/Mend-johnsmith

N/A

N/A

Empty

No

docker.gcr.enable

Enables pulling Docker Images from Google Container Registry with Docker.

NOTE: Verify that the  docker.scanImages and docker.pull.enable parameter values are also set to 'true'

Pulls Docker Images from Google Container Registry with Docker.

Will not pull Docker Images from Google Container Registry with Docker.

False

No

docker.gcr.account

Email of Google Container Registry account.

N/A

N/A

Empty

No

-c

String

Configuration file name (including file path).

No

The default file name is 'wss-unified-agent.config'

• Starting from version 19.1.1, the default file is 'wss-unified-agent.config'. 
  If this file is not found, then the Unified Agent searches for a 'Mend-fs-agent.config' file.

• When using the -detect flag, the generated configuration file is wss-generated-file.config and it should be explicitly stated: 
  -c wss-generated-file.config

-d

String

Comma-separated list of directories and/or files to scan

No

N/A

-f

String

File list path

No

N/A

-v

String

Query the Unified Agent for its version

No

N/A

-archiveFastUnpack 

Boolean

Fast unpacking of archive files

No

False

-requestFiles

String

Comma-separated list of paths to offline request files. 

Regarding the priority of the parameters usage, the Unified Agent searches for the CLI argument, then the configuration file parameter (if not found in the CLI), and then the offline request parameter (if not found in the configuration file).
If multiple request files are provided, then the data from the first offline request is used. Note that the 'projectName', 'projectToken', and 'projectVersion' are fetched from each request file.

If '-d' is explicitly provided when '-requestFiles' is also used, then the Unified Agent does not scan the local folder (which '-d' points to). Instead, it scans only the offline request file(s) provided. '-d' will be ignored in this scenario.

No

When a single request file is provided and if neither 'productName' or 'productToken' values are set in the CLI, Config and Offline request file, then the default product name is 'My Product'.

-MendFolderPath whiteSourceFolderPath 

String

A path to the 'Mend' directory. The Mend folder is created when checking policies and creating an offline file. Path can be absolute or relative. 

No

The default location of the 'Mend' folder is the working directory from which the Unified Agent is run.

-requirementsFileIncludes 

(there is only python)

String

Comma-separated list of dependency filenames specifying which files to be scanned for dependencies.

No

requirements.txt

-noConfig

Boolean

When set to True, you can run a scan without using a configuration file. However, in this case, parameters  -projectToken or -project 
and -apiKey are mandatory.

Unless explicitly provided, the default wss.url parameter value is https://saas.Mendsoftware.com/agent

No

False

-detect

When this parameter is added, the Unified Agent will analyze the scanned files and will create a new .config file with the relevant configuration parameters. The new configuration file will contain the resolveDependencies parameters according to the discovered package managers. For each manifest file, we will set the relevant parameter to True.

Usage:  java -jar unified-agent.jar -detect 

For example, if a bower.json file is found in the project folder, bower.resolveDependencies will be set to True in the newly created configuration file.

No

By default, the detection is based on the current directory where the Unified Agent jar is located. To change this, add the -d parameter.

For example use:  java -jar unified-agent.jar -detect -d projectFolder

-help or -h

Boolean

The Unified Agent prints the parameters that can be used from the CLI. 

No

-logLevel

String

Specifies the minimal log level printed to stdout. This parameter can be used to control console logging and is useful if a customer is trying to pull logs from a pipeline scan.

To disable console logging set log.level=off

To enable debug logging set log.level=debug

No

info

-proxy

String

Proxy info in the following format:
scheme://<user>:<password>@host:port/

No