refactor: rename security-checks to scanners (aquasecurity#3467)

Author: knqyf263

README.md

@@ -54,7 +54,7 @@ Trivy is integrated with many popular platforms and applications. The complete l
 ### General usage
 
 ```bash
-trivy <target> [--security-checks <scanner1,scanner2>] <subject>
+trivy <target> [--scanners <scanner1,scanner2>] <subject>
 ```
 
 Examples:
@@ -71,7 +71,7 @@ https://user-images.githubusercontent.com/1161307/171013513-95f18734-233d-45d3-a
 </details>
 
 ```bash
-trivy fs --security-checks vuln,secret,config myproject/
+trivy fs --scanners vuln,secret,config myproject/
 ```
 
 <details>

docs/docs/attestation/rekor.md

@@ -21,7 +21,7 @@ You need to pass `--sbom-sources rekor` so that Trivy will look for SBOM attesta
 $ trivy image --sbom-sources rekor otms61/alpine:3.7.3                                                                            [~/src/github.com/aquasecurity/trivy]
 2022-09-16T17:37:13.258+0900	INFO	Vulnerability scanning is enabled
 2022-09-16T17:37:13.258+0900	INFO	Secret scanning is enabled
-2022-09-16T17:37:13.258+0900	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
+2022-09-16T17:37:13.258+0900	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
 2022-09-16T17:37:13.258+0900	INFO	Please see also https://aquasecurity.github.io/trivy/dev/docs/secret/scanning/#recommendation for faster secret detection
 2022-09-16T17:37:14.827+0900	INFO	Detected SBOM format: cyclonedx-json
 2022-09-16T17:37:14.901+0900	INFO	Found SBOM (cyclonedx) attestation in Rekor
@@ -105,7 +105,7 @@ Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
 Also, it is applied to non-packaged binaries even in container images.
 
 ```bash
-$ trivy image --sbom-sources rekor --security-checks vuln alpine-with-bat
+$ trivy image --sbom-sources rekor --scanners vuln alpine-with-bat
 2022-10-25T13:40:14.920+0300    INFO    Vulnerability scanning is enabled
 2022-10-25T13:40:18.047+0300    INFO    Found SBOM attestation in Rekor: bat
 2022-10-25T13:40:18.186+0300    INFO    Detected OS: alpine

docs/docs/kubernetes/cli/scanning.md

@@ -27,12 +27,12 @@ Filter by severity:
 $ trivy k8s --severity=CRITICAL --report=all cluster
 ```
 
-Filter by security check (Vulnerabilities, Secrets or Misconfigurations):
+Filter by scanners (Vulnerabilities, Secrets or Misconfigurations):
 
 ```
-$ trivy k8s --security-checks=secret --report=summary cluster
+$ trivy k8s --scanners=secret --report=summary cluster
 # or
-$ trivy k8s --security-checks=config --report=summary cluster
+$ trivy k8s --scanners=config --report=summary cluster
 ```
 
 Scan a specific namespace:
@@ -263,16 +263,16 @@ Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN
 The infra checks are based on CIS Benchmarks recommendations for kubernetes.
 
 
-If you want filter only for the infra checks, you can use the flag `--components` along with the `--security-checks=config`
+If you want filter only for the infra checks, you can use the flag `--components` along with the `--scanners=config`
 
 ```
-$ trivy k8s cluster --report summary --components=infra --security-checks=config # scan only infra
+$ trivy k8s cluster --report summary --components=infra --scanners=config # scan only infra
 ```
 
 Or, to filter for all other checks besides the infra checks, you can:
 
 ```
-$ trivy k8s cluster --report summary --components=workload --security-checks=config # scan all components besides infra
+$ trivy k8s cluster --report summary --components=workload --scanners=config # scan all components besides infra
 ```
 
 

docs/docs/licenses/scanning.md

@@ -47,10 +47,10 @@ License checking classifies the identified licenses and map the classification t
 This section shows how to scan license in container image and filesystem.
 
 ### Standard scanning
-Specify an image name with `--security-checks license`.
+Specify an image name with `--scanners license`.
 
 ``` shell
-$ trivy image --security-checks license --severity UNKNOWN,HIGH,CRITICAL alpine:3.15
+$ trivy image --scanners license --severity UNKNOWN,HIGH,CRITICAL alpine:3.15
 2022-07-13T17:28:39.526+0300    INFO    License scanning is enabled
 
 OS Packages (license)
@@ -78,7 +78,7 @@ Total: 6 (UNKNOWN: 0, HIGH: 6, CRITICAL: 0)
 Specify `--license-full`
 
 ``` shell
-$ trivy image --security-checks license --severity UNKNOWN,HIGH,CRITICAL --license-full grafana/grafana
+$ trivy image --scanners license --severity UNKNOWN,HIGH,CRITICAL --license-full grafana/grafana
 2022-07-13T17:48:40.905+0300    INFO    Full license scanning is enabled
 
 OS Packages (license)
@@ -141,7 +141,7 @@ Trivy has number of configuration flags for use with license scanning;
 Trivy license scanning can ignore licenses that are identified to explicitly remove them from the results using the `--ignored-licenses` flag;
 
 ```shell
-$ trivy image --security-checks license --ignored-licenses MPL-2.0,MIT --severity LOW grafana/grafana:latest
+$ trivy image --scanners license --ignored-licenses MPL-2.0,MIT --severity LOW grafana/grafana:latest
 2022-07-13T18:15:28.605Z        INFO    License scanning is enabled
 
 OS Packages (license)

docs/docs/misconfiguration/scanning.md

@@ -37,28 +37,28 @@ $ trivy config [YOUR_IaC_DIRECTORY]
     ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
     ```
 
-You can also enable misconfiguration detection in container image, filesystem and git repository scanning via `--security-checks config`.
+You can also enable misconfiguration detection in container image, filesystem and git repository scanning via `--scanners config`.
 
 ```bash
-$ trivy image --security-checks config IMAGE_NAME
+$ trivy image --scanners config IMAGE_NAME
 ```
 
 ```bash
-$ trivy fs --security-checks config /path/to/dir
+$ trivy fs --scanners config /path/to/dir
 ```
 
 !!! note
     Misconfiguration detection is not enabled by default in `image`, `fs` and `repo` subcommands.
 
 Unlike the `config` subcommand, `image`, `fs` and `repo` subcommands can also scan for vulnerabilities and secrets at the same time. 
-You can specify `--security-checks vuln,config,secret` to enable vulnerability and secret detection as well as misconfiguration detection.
+You can specify `--scanners vuln,config,secret` to enable vulnerability and secret detection as well as misconfiguration detection.
 
 
 !!! example
     ``` bash
     $ ls myapp/
     Dockerfile Pipfile.lock
-    $ trivy fs --security-checks vuln,config,secret --severity HIGH,CRITICAL myapp/
+    $ trivy fs --scanners vuln,config,secret --severity HIGH,CRITICAL myapp/
     2022-05-16T13:42:21.440+0100	INFO	Number of language-specific files: 1
     2022-05-16T13:42:21.440+0100	INFO	Detecting pipenv vulnerabilities...
     2022-05-16T13:42:21.440+0100	INFO	Detected config files: 1

docs/docs/references/cli/client.md

@@ -9,7 +9,7 @@ Aliases:
 
 Scan Flags
       --offline-scan             do not issue API requests to identify dependencies
-      --security-checks string   comma-separated list of what security issues to detect (vuln,config,secret) (default "vuln,secret")
+      --scanners string          comma-separated list of what security issues to detect (vuln,config,secret) (default "vuln,secret")
       --skip-dirs strings        specify the directories where the traversal is skipped
       --skip-files strings       specify the file paths to skip traversal
 
@@ -47,8 +47,8 @@ Vulnerability Flags
 Misconfiguration Flags
       --config-data strings         specify paths from which data for the Rego policies will be recursively loaded
       --config-policy strings       specify paths to the Rego policy files directory, applying config files
-      --file-patterns strings       specify config file patterns, available with '--security-checks config'
-      --include-non-failures        include successes and exceptions, available with '--security-checks config'
+      --file-patterns strings       specify config file patterns, available with '--scanners config'
+      --include-non-failures        include successes and exceptions, available with '--scanners config'
       --policy-namespaces strings   Rego namespaces
       --trace                       enable more verbose trace output for custom queries
 

docs/docs/references/cli/config.md

@@ -32,8 +32,8 @@ Cache Flags
 Misconfiguration Flags
       --config-data strings         specify paths from which data for the Rego policies will be recursively loaded
       --config-policy strings       specify paths to the Rego policy files directory, applying config files
-      --file-patterns strings       specify config file patterns, available with '--security-checks config'
-      --include-non-failures        include successes and exceptions, available with '--security-checks config'
+      --file-patterns strings       specify config file patterns, available with '--scanners config'
+      --include-non-failures        include successes and exceptions, available with '--scanners config'
       --policy-namespaces strings   Rego namespaces
       --trace                       enable more verbose trace output for custom queries
 

docs/docs/references/cli/fs.md

@@ -18,7 +18,7 @@ Examples:
 
 Scan Flags
       --offline-scan             do not issue API requests to identify dependencies
-      --security-checks string   comma-separated list of what security issues to detect (vuln,config,secret) (default "vuln,secret")
+      --scanners string          comma-separated list of what security issues to detect (vuln,config,secret) (default "vuln,secret")
       --skip-dirs strings        specify the directories where the traversal is skipped
       --skip-files strings       specify the file paths to skip traversal
 
@@ -55,8 +55,8 @@ Vulnerability Flags
 Misconfiguration Flags
       --config-data strings         specify paths from which data for the Rego policies will be recursively loaded
       --config-policy strings       specify paths to the Rego policy files directory, applying config files
-      --file-patterns strings       specify config file patterns, available with '--security-checks config'
-      --include-non-failures        include successes and exceptions, available with '--security-checks config'
+      --file-patterns strings       specify config file patterns, available with '--scanners config'
+      --include-non-failures        include successes and exceptions, available with '--scanners config'
       --policy-namespaces strings   Rego namespaces
       --trace                       enable more verbose trace output for custom queries
 

docs/docs/references/cli/image.md

@@ -33,7 +33,7 @@ Examples:
 
 Scan Flags
       --offline-scan             do not issue API requests to identify dependencies
-      --security-checks string   comma-separated list of what security issues to detect (vuln,config,secret) (default "vuln,secret")
+      --scanners string          comma-separated list of what security issues to detect (vuln,config,secret) (default "vuln,secret")
       --skip-dirs strings        specify the directories where the traversal is skipped
       --skip-files strings       specify the file paths to skip traversal
 
@@ -73,8 +73,8 @@ Vulnerability Flags
 Misconfiguration Flags
       --config-data strings         specify paths from which data for the Rego policies will be recursively loaded
       --config-policy strings       specify paths to the Rego policy files directory, applying config files
-      --file-patterns strings       specify config file patterns, available with '--security-checks config'
-      --include-non-failures        include successes and exceptions, available with '--security-checks config'
+      --file-patterns strings       specify config file patterns, available with '--scanners config'
+      --include-non-failures        include successes and exceptions, available with '--scanners config'
       --policy-namespaces strings   Rego namespaces
       --trace                       enable more verbose trace output for custom queries
 

docs/docs/references/cli/repo.md

@@ -15,7 +15,7 @@ Examples:
 
 Scan Flags
       --offline-scan             do not issue API requests to identify dependencies
-      --security-checks string   comma-separated list of what security issues to detect (vuln,config,secret) (default "vuln,secret")
+      --scanners string          comma-separated list of what security issues to detect (vuln,config,secret) (default "vuln,secret")
       --skip-dirs strings        specify the directories where the traversal is skipped
       --skip-files strings       specify the file paths to skip traversal
 
@@ -52,8 +52,8 @@ Vulnerability Flags
 Misconfiguration Flags
       --config-data strings         specify paths from which data for the Rego policies will be recursively loaded
       --config-policy strings       specify paths to the Rego policy files directory, applying config files
-      --file-patterns strings       specify config file patterns, available with '--security-checks config'
-      --include-non-failures        include successes and exceptions, available with '--security-checks config'
+      --file-patterns strings       specify config file patterns, available with '--scanners config'
+      --include-non-failures        include successes and exceptions, available with '--scanners config'
       --policy-namespaces strings   Rego namespaces
       --trace                       enable more verbose trace output for custom queries