...
For a list of supported archive file types, refer here.
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
---|---|---|---|---|---|
#archiveExtractionDepth | The number of levels to extract from archive files (up to 10) | N/A | N/A | 0 (archive extraction is disabled) | No |
#archiveIncludes=**/*.war **/*.ear | Comma, space or line-delimited list specifying which archive files to include during the scan | N/A | N/A | Empty | No |
#archiveExcludes=**/*sources.jar | Comma, space or line-delimited list specifying which archive files to exclude during the scan | N/A | N/A | Empty | No |
...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|
docker.scanImages | Runs scans on all or specified images. See here for more information on scanning Docker images. | Only the Docker image scan will occur. | Docker image scan will not take place. | False | -docker.scanImages | ||||||
docker.includes | Comma, space or line-delimited list specifying which images to include in the scan. Values provided should come from either of the following:
| N/A | N/A | The default value is ".*.*" (All images will be scanned) | No | ||||||
docker.excludes | Comma, space or line-delimited list specifying which images to exclude in the scan. Values provided should come from either of the following:
| N/A | N/A | Empty (No images will be excluded) | No | ||||||
docker.excludeLayersByLabel | Enables scanning Docker layers defined after a specific label. This feature can be used to exclude certain Docker layers from the scan, for example, the layers that comprise the base image. The parameter should be set with a label string (key=value) which will direct the Unified Agent to scan only the Docker layers that appear after the specified label. NOTES:
| N/A | N/A | Empty | No | ||||||
docker.projectNameFormat | Determine's the Docker project's name's format.
NOTE: Irrelevant when docker.scanTarFiles=true. | N/A | N/A | "DEFAULT" | No | ||||||
docker.scanTarFiles | Used when the user supplies the tar file of a Docker image. NOTE: The project name will be derived from the tar file name. | The Unified Agent will scan the .tar file as a Docker image. | The Unified Agent will not scan the .tar file as a Docker image. | False | No | ||||||
docker.layers | Enables users scanning docker images to receive information regarding packages in layer granularity. The layer granularity can be viewed in the interface under the hierarchical display. | Provides information packages in layer granularity. The scan will split the result into layers, each layer contains all packages/libraries and files found under the layer (in case a package was added at layer 2 and deleted from 3, it will not appear at all in the result, since its not part of the final result). | Will not provide the aforementioned information. | False | No | ||||||
docker.pull.enable | Whether to execute "pull" from all from all relevant registries | Executes 'pull' from all relevant registries | Will not pull anything | False | No | ||||||
docker.pull.images | Pull Docker images that match the specified filter (string). Can include regular expressions or a list of space-delimited values. | N/A | N/A | Empty (all images will be pulled) | No | ||||||
docker.pull.maxImages | Defines the maximum number of images to be pulled. When this number of pulled images is reached, no more images are pulled. | N/A | N/A | 10 | No | ||||||
docker.pull.tags | Pulls Docker images whose tags match the specified filter (string). Can include regular expressions or a list of space-delimited values. | N/A | N/A | Empty (all images will be pulled) | No | ||||||
docker.pull.digest | Pull Docker images whose digests match the specified filter (string). Can include regular expressions or a list of space-delimited values. | N/A | N/A | Empty (all images will be pulled) | No | ||||||
docker.delete.force | Enables Mend to use Docker to delete images via the 'force' flag. This is required if the user pulled images that are related to other images, so in this case a regular delete may not work. NOTE: Use this parameter with caution. | Mend uses Docker to delete images via the 'force' flag. | Mend will not use Docker to delete images via the 'force' flag. | False | No | ||||||
docker.login.sudo | Whether the Unified Agent will run 'sudo docker login'. | The Unified Agent will run 'sudo docker login'. | The Unified Agent will not run 'sudo docker login'. | True | No | ||||||
docker.aws.enable | Enables pulling Docker Images from Amazon Elastic Container Registry (ECR). NOTE: If set to True, the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True. | Pulls Docker Images from Amazon Elastic Container Registry (ECR). | Will not pull Docker Images from Amazon Elastic Container Registry (ECR). | False | No | ||||||
docker.aws.registryIds | The Registry IDs list on Amazon Web Services (the AWS 12-digit account IDs that correspond to the Amazon ECR registries). The list must include the following:
NOTE: Required if docker.aws.enable=true. | N/A | N/A | No default | No | ||||||
docker.azure.enable | Enables pulling Docker Images from Azure Container registry. NOTE: If set to True, the 'docker.scanImages' and 'docker.pull.enable' parameter values must also be set to True. | Pulls Docker Images from Azure Container registry. | Will not pull Docker Images from Azure Container registry. | False | No | ||||||
docker.azure.userName | Username for Azure Container registry. NOTE: Required if docker.azure.enable is True. | N/A | N/A | No default | No | ||||||
docker.azure.userPassword | Password for Azure Container registry. NOTE: Required if if docker.azure.enable=true. However, it is not mandatory if you already logged in manually to your Azure account via the Azure Client CLI. | N/A | N/A | No default | No | ||||||
docker.azure.registryNames | Docker registry names in Azure Container registry, space-delimited. NOTE: Required if docker.azure.enable=true. | N/A | N/A | No default | No | ||||||
docker.azure.authenticationType | Whether to use “containerRegistry” or "userAccount" as the authentication type. Using "userAccount" login method requiere setting should be filled "docker.azure.userName" and "docker.azure.userPassword" Using "containerRegistry", login method will login to each registry using registry username and password provided in config file in the param docker.azure.registryAuthenticationParameters | N/A | N/A | userAccount | No | ||||||
docker.azure.registryAuthenticationParameters | Registry authentication parameters should contain username and password for each registry in the following format <registryUsername>:<registryPassword>. If there are more than one registry contain in docker.azure.registryNames param then username and password should be provided separated by space: <registry1UserName>:<registry1Password> <registry2UserName>:<registry2Password> | N/A | N/A | No default | No | ||||||
docker.artifactory.enable | Enables pulling Docker Images from the Artifactory Pro Docker registry. NOTE: Verify that the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True. | Pulls Docker Images from the Artifactory Pro Docker registry. | Will not pull Docker Images from the Artifactory Pro Docker registry. | False | No | ||||||
docker.artifactory.url | Artifactory URL including http:// or https:// and contextpath (Artifactory default contextPath is “/artifactory" ) NOTE:
| N/A | N/A | No default | No | ||||||
docker.artifactory.pullUrl |
| N/A | N/A | No default | No | ||||||
docker.artifactory.userName | Username for Artifactory Pro Docker registry NOTE: Required if docker.artifactory.enable=true. | N/A | N/A | No default | No | ||||||
docker.artifactory.userPassword | Password for Artifactory Pro Docker registry. NOTE: Required if docker.artifactory.enable=true. | N/A | N/A | No default | No | ||||||
docker.artifactory.repositoriesNames | Repository names in Artifactory Pro Docker registry, space-delimited list. NOTE: Required if docker.artifactory.enable=true. | N/A | N/A | No default | No | ||||||
docker.artifactory.dockerAccessMethod | Required when the user has read-only access. Values are: repopath, subdomain, port. In case customers use port method 'docker.artifactory.dockerAccessMethod=port', 'repository port' must be added to each repository in ‘docker.artifactory.repositoriesNames' in this format: <repositoryName>:<repositoryPort> | N/A | N/A | No default | No | ||||||
docker.hub.enabled | Enables pulling Docker Images from the Docker Hub registry. NOTE: Verify that the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True. | Pulls Docker Images from the Docker Hub registry. | Will not pull Docker Images from the Docker Hub registry. | False | No | ||||||
docker.hub.userName | Username for Docker Hub registry. NOTE: Required if docker.hub.enable=true | N/A | N/A | No default | No | ||||||
docker.hub.userPassword | Password required for Password for Azure Container registry. NOTE: Required if docker.hub.enable=true | N/A | N/A | No default | No | ||||||
docker.hub.organizationsNames | Space-delimited list of organizations under the user to be scanned. NOTE: Required if docker.hub.enable=true. | N/A | N/A | No default | No | ||||||
docker.gcr.repositories | A list of repositories, comma-delimited. Example value: | N/A | N/A | Empty | No | ||||||
docker.gcr.enable | Enables pulling Docker Images from Google Container Registry with Docker. NOTE: Verify that the docker.scanImages and docker.pull.enable parameter values are also set to 'true' | Pulls Docker Images from Google Container Registry with Docker. | Will not pull Docker Images from Google Container Registry with Docker. | False | No | ||||||
docker.gcr.account | Email of Google Container Registry account. | N/A | N/A | Empty | No |
...
Parameter | Type | Description | Required | Default |
---|---|---|---|---|
-c | String | Configuration file name (including file path). | No | The default file name is 'wss-unified-agent.config'
|
-d | String | Comma-separated list of directories and/or files to scan | No | N/A |
-f | String | File list path | No | N/A |
-v | String | Query the Unified Agent for its version | No | N/A |
-archiveFastUnpack | Boolean | Fast unpacking of archive files | No | False |
-requestFiles | String | Comma-separated list of paths to offline request files. Regarding the priority of the parameters usage, the Unified Agent searches for the CLI argument, then the configuration file parameter (if not found in the CLI), and then the offline request parameter (if not found in the configuration file). If '-d' is explicitly provided when '-requestFiles' is also used, then the Unified Agent does not scan the local folder (which '-d' points to). Instead, it scans only the offline request file(s) provided. '-d' will be ignored in this scenario. | No | When a single request file is provided and if neither 'productName' or 'productToken' values are set in the CLI, Config and Offline request file, then the default product name is 'My Product'. |
-MendFolderPath whiteSourceFolderPath | String | A path to the 'Mend' directory. The Mend folder is created when checking policies and creating an offline file. Path can be absolute or relative. | No | The default location of the 'Mend' folder is the working directory from which the Unified Agent is run. |
-requirementsFileIncludes (there is only python) | String | Comma-separated list of dependency filenames specifying which files to be scanned for dependencies. | No | requirements.txt |
-noConfig | Boolean | When set to True, you can run a scan without using a configuration file. However, in this case, parameters - Unless explicitly provided, the default wss.url parameter value is https://saas.Mendsoftware.com/agent | No | False |
-detect | When this parameter is added, the Unified Agent will analyze the scanned files and will create a new .config file with the relevant configuration parameters. The new configuration file will contain the Usage: For example, if a | No | By default, the detection is based on the current directory where the Unified Agent jar is located. To change this, add the For example use: | |
-help or -h | Boolean | The Unified Agent prints the parameters that can be used from the CLI. | No | |
-logLevel | String | Specifies the minimal log level printed to stdout. This parameter can be used to control console logging and is useful if a customer is trying to pull logs from a pipeline scan. To disable console logging set log.level=off To enable debug logging set log.level=debug | No | info |
-proxy | String | Proxy info in the following format: | No |
...