chore: PR review comments

Updates based on the PR comments and regeneration of the docs

Author: owenrumney

docs/docs/references/configuration/cli/trivy_config.md

@@ -15,11 +15,11 @@ trivy config [flags] DIR
       --check-namespaces strings          Rego namespaces
       --checks-bundle-repository string   OCI registry URL to retrieve checks bundle from (default "mirror.gcr.io/aquasec/trivy-checks:1")
       --cloud-api-url string              API URL for Trivy Cloud platform (default "https://api.trivy.dev")
-      --cloud-download-secret-config      Download secret configurations from Trivy Cloud platform (default true)
       --cloud-server-scanning             Use server-side image scanning in Trivy Cloud platform (default true)
       --cloud-token string                Token used to athenticate with Trivy Cloud platform
       --cloud-trivy-server-url string     Trivy Server URL for Trivy Cloud platform (default "https://scan.trivy.dev")
       --cloud-upload-results              Upload results to Trivy Cloud platform (default true)
+      --cloud-use-secret-config           Use secret configurations from Trivy Cloud platform (default true)
       --compliance string                 compliance report to generate
       --config-check strings              specify the paths to the Rego check files or to the directories containing them, applying config files
       --config-data strings               specify paths from which data for the Rego checks will be recursively loaded

docs/docs/references/configuration/cli/trivy_filesystem.md

@@ -25,11 +25,11 @@ trivy filesystem [flags] PATH
       --check-namespaces strings          Rego namespaces
       --checks-bundle-repository string   OCI registry URL to retrieve checks bundle from (default "mirror.gcr.io/aquasec/trivy-checks:1")
       --cloud-api-url string              API URL for Trivy Cloud platform (default "https://api.trivy.dev")
-      --cloud-download-secret-config      Download secret configurations from Trivy Cloud platform (default true)
       --cloud-server-scanning             Use server-side image scanning in Trivy Cloud platform (default true)
       --cloud-token string                Token used to athenticate with Trivy Cloud platform
       --cloud-trivy-server-url string     Trivy Server URL for Trivy Cloud platform (default "https://scan.trivy.dev")
       --cloud-upload-results              Upload results to Trivy Cloud platform (default true)
+      --cloud-use-secret-config           Use secret configurations from Trivy Cloud platform (default true)
       --compliance string                 compliance report to generate
       --config-check strings              specify the paths to the Rego check files or to the directories containing them, applying config files
       --config-data strings               specify paths from which data for the Rego checks will be recursively loaded

docs/docs/references/configuration/cli/trivy_image.md

@@ -39,11 +39,11 @@ trivy image [flags] IMAGE_NAME
       --check-namespaces strings          Rego namespaces
       --checks-bundle-repository string   OCI registry URL to retrieve checks bundle from (default "mirror.gcr.io/aquasec/trivy-checks:1")
       --cloud-api-url string              API URL for Trivy Cloud platform (default "https://api.trivy.dev")
-      --cloud-download-secret-config      Download secret configurations from Trivy Cloud platform (default true)
       --cloud-server-scanning             Use server-side image scanning in Trivy Cloud platform (default true)
       --cloud-token string                Token used to athenticate with Trivy Cloud platform
       --cloud-trivy-server-url string     Trivy Server URL for Trivy Cloud platform (default "https://scan.trivy.dev")
       --cloud-upload-results              Upload results to Trivy Cloud platform (default true)
+      --cloud-use-secret-config           Use secret configurations from Trivy Cloud platform (default true)
       --compliance string                 compliance report to generate (built-in compliance's: docker-cis-1.6.0)
       --config-check strings              specify the paths to the Rego check files or to the directories containing them, applying config files
       --config-data strings               specify paths from which data for the Rego checks will be recursively loaded

docs/docs/references/configuration/cli/trivy_repository.md

@@ -25,11 +25,11 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
       --check-namespaces strings          Rego namespaces
       --checks-bundle-repository string   OCI registry URL to retrieve checks bundle from (default "mirror.gcr.io/aquasec/trivy-checks:1")
       --cloud-api-url string              API URL for Trivy Cloud platform (default "https://api.trivy.dev")
-      --cloud-download-secret-config      Download secret configurations from Trivy Cloud platform (default true)
       --cloud-server-scanning             Use server-side image scanning in Trivy Cloud platform (default true)
       --cloud-token string                Token used to athenticate with Trivy Cloud platform
       --cloud-trivy-server-url string     Trivy Server URL for Trivy Cloud platform (default "https://scan.trivy.dev")
       --cloud-upload-results              Upload results to Trivy Cloud platform (default true)
+      --cloud-use-secret-config           Use secret configurations from Trivy Cloud platform (default true)
       --commit string                     pass the commit hash to be scanned
       --config-check strings              specify the paths to the Rego check files or to the directories containing them, applying config files
       --config-data strings               specify paths from which data for the Rego checks will be recursively loaded

docs/docs/references/configuration/cli/trivy_rootfs.md

@@ -28,11 +28,11 @@ trivy rootfs [flags] ROOTDIR
       --check-namespaces strings          Rego namespaces
       --checks-bundle-repository string   OCI registry URL to retrieve checks bundle from (default "mirror.gcr.io/aquasec/trivy-checks:1")
       --cloud-api-url string              API URL for Trivy Cloud platform (default "https://api.trivy.dev")
-      --cloud-download-secret-config      Download secret configurations from Trivy Cloud platform (default true)
       --cloud-server-scanning             Use server-side image scanning in Trivy Cloud platform (default true)
       --cloud-token string                Token used to athenticate with Trivy Cloud platform
       --cloud-trivy-server-url string     Trivy Server URL for Trivy Cloud platform (default "https://scan.trivy.dev")
       --cloud-upload-results              Upload results to Trivy Cloud platform (default true)
+      --cloud-use-secret-config           Use secret configurations from Trivy Cloud platform (default true)
       --config-check strings              specify the paths to the Rego check files or to the directories containing them, applying config files
       --config-data strings               specify paths from which data for the Rego checks will be recursively loaded
       --config-file-schemas strings       specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking

docs/docs/references/configuration/cli/trivy_vm.md

@@ -25,11 +25,11 @@ trivy vm [flags] VM_IMAGE
       --cache-ttl duration                cache TTL when using redis as cache backend
       --checks-bundle-repository string   OCI registry URL to retrieve checks bundle from (default "mirror.gcr.io/aquasec/trivy-checks:1")
       --cloud-api-url string              API URL for Trivy Cloud platform (default "https://api.trivy.dev")
-      --cloud-download-secret-config      Download secret configurations from Trivy Cloud platform (default true)
       --cloud-server-scanning             Use server-side image scanning in Trivy Cloud platform (default true)
       --cloud-token string                Token used to athenticate with Trivy Cloud platform
       --cloud-trivy-server-url string     Trivy Server URL for Trivy Cloud platform (default "https://scan.trivy.dev")
       --cloud-upload-results              Upload results to Trivy Cloud platform (default true)
+      --cloud-use-secret-config           Use secret configurations from Trivy Cloud platform (default true)
       --compliance string                 compliance report to generate
       --config-file-schemas strings       specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking
       --custom-headers strings            custom headers in client mode

pkg/cloud/hooks/report_hook_test.go

@@ -213,7 +213,7 @@ func TestReportHook_PostReport(t *testing.T) {
 
 			if tt.errorContains != "" {
 				require.Error(t, err)
-				assert.Contains(t, err.Error(), tt.errorContains)
+				require.ErrorContains(t, err, tt.errorContains)
 				return
 			}
 
@@ -257,7 +257,7 @@ func TestReportHook_uploadResults(t *testing.T) {
 
 			if tt.errorContains != "" {
 				require.Error(t, err)
-				assert.Contains(t, err.Error(), tt.errorContains)
+				require.ErrorContains(t, err, tt.errorContains)
 				return
 			}
 
@@ -304,13 +304,12 @@ func TestReportHook_getPresignedUploadUrl(t *testing.T) {
 
 			if tt.errorContains != "" {
 				require.Error(t, err)
-				assert.Contains(t, err.Error(), tt.errorContains)
+				require.ErrorContains(t, err, tt.errorContains)
 				assert.Empty(t, url)
 				return
 			}
 
 			require.NoError(t, err)
-			assert.NotEmpty(t, url)
 			assert.Contains(t, url, mockServer.server.URL)
 			assert.Contains(t, url, "/upload-report")
 		})

pkg/cloud/token.go

@@ -14,6 +14,10 @@ import (
 	xhttp "github.com/aquasecurity/trivy/pkg/x/http"
 )
 
+type accessTokenResponse struct {
+	Token string `json:"token"`
+}
+
 const (
 	accessTokenPath = "/api-keys/access-tokens"
 )
@@ -30,12 +34,12 @@ func GetAccessToken(ctx context.Context, opts flag.Options) (string, error) {
 	logger := log.WithPrefix(log.PrefixCloud)
 
 	client := xhttp.Client()
-	url, err := url.JoinPath(opts.CloudOptions.ApiURL, accessTokenPath)
+	u, err := url.JoinPath(opts.CloudOptions.ApiURL, accessTokenPath)
 	if err != nil {
 		return "", xerrors.Errorf("failed to join server URL and token path: %w", err)
 	}
-	logger.Debug("Requesting access token from Trivy Cloud", log.String("url", url))
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, http.NoBody)
+	logger.Debug("Requesting access token from Trivy Cloud", log.String("url", u))
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, u, http.NoBody)
 	if err != nil {
 		return "", xerrors.Errorf("failed to create token request: %w", err)
 	}
@@ -50,13 +54,11 @@ func GetAccessToken(ctx context.Context, opts flag.Options) (string, error) {
 		return "", xerrors.Errorf("failed to get access token: received status code %d", resp.StatusCode)
 	}
 
-	var accessTokenResponse struct {
-		Token string `json:"token"`
-	}
-	if err := json.NewDecoder(resp.Body).Decode(&accessTokenResponse); err != nil {
+	var tokenResponse accessTokenResponse
+	if err := json.NewDecoder(resp.Body).Decode(&tokenResponse); err != nil {
 		return "", xerrors.Errorf("failed to decode access token response: %w", err)
 	}
 
 	logger.Debug("Created a new access token")
-	return accessTokenResponse.Token, nil
+	return tokenResponse.Token, nil
 }

pkg/flag/cloud_flags.go

@@ -37,10 +37,10 @@ var (
 	}
 
 	CloudSecretConfigFlag = Flag[bool]{
-		Name:          "cloud-download-secret-config",
-		ConfigName:    "cloud.download-secret-config",
+		Name:          "cloud-use-secret-config",
+		ConfigName:    "cloud.use-secret-config",
 		Default:       true,
-		Usage:         "Download secret configurations from Trivy Cloud platform",
+		Usage:         "Use secret configurations from Trivy Cloud platform",
 		TelemetrySafe: true,
 	}