chore: add more flags and ensure flag has a name before including

Author: owenrumney

docs/docs/advanced/telemetry.md

@@ -17,18 +17,22 @@ The following information could be collected:
 The following flags will be included with their value:
 <!-- telemetry start -->
 ```
+--debug
 --detection-priority
 --format
 --ignore-status
 --include-dev-deps
+--insecure
 --list-all-pkgs
 --misconfig-scanners
 --pkg-relationships
 --pkg-types
+--quiet
 --report
 --scanners
 --severity
 --show-suppressed
+--timeout
 --vuln-severity-source
 ```
 <!-- telemetry end -->

pkg/commands/artifact/run.go

@@ -118,12 +118,11 @@ func NewRunner(ctx context.Context, cliOptions flag.Options, opts ...RunnerOptio
 		opt(r)
 	}
 
-	commandName := "trivy" // backup command, but expecting sub command
+	// get the sub command name with fallback to trivy for version check telemetry
+	commandName := "trivy"
 	if len(os.Args) > 1 {
 		commandName = os.Args[1]
 	}
-
-	// If the user has not disabled notices or is running in quiet mode
 	r.versionChecker = notification.NewVersionChecker(commandName, &cliOptions)
 
 	// Update the vulnerability database if needed.

pkg/flag/aws_flags.go

@@ -12,14 +12,16 @@ var (
 		Usage:      "AWS Endpoint override",
 	}
 	awsServiceFlag = Flag[[]string]{
-		Name:       "service",
-		ConfigName: "cloud.aws.service",
-		Usage:      "Only scan AWS Service(s) specified with this flag. Can specify multiple services using --service A --service B etc.",
+		Name:          "service",
+		ConfigName:    "cloud.aws.service",
+		Usage:         "Only scan AWS Service(s) specified with this flag. Can specify multiple services using --service A --service B etc.",
+		TelemetrySafe: true,
 	}
 	awsSkipServicesFlag = Flag[[]string]{
-		Name:       "skip-service",
-		ConfigName: "cloud.aws.skip-service",
-		Usage:      "Skip selected AWS Service(s) specified with this flag. Can specify multiple services using --skip-service A --skip-service B etc.",
+		Name:          "skip-service",
+		ConfigName:    "cloud.aws.skip-service",
+		Usage:         "Skip selected AWS Service(s) specified with this flag. Can specify multiple services using --skip-service A --skip-service B etc.",
+		TelemetrySafe: true,
 	}
 	awsAccountFlag = Flag[string]{
 		Name:       "account",

pkg/flag/global_flags.go

@@ -27,31 +27,35 @@ var (
 		Persistent: true,
 	}
 	QuietFlag = Flag[bool]{
-		Name:       "quiet",
-		ConfigName: "quiet",
-		Shorthand:  "q",
-		Usage:      "suppress progress bar and log output",
-		Persistent: true,
+		Name:          "quiet",
+		ConfigName:    "quiet",
+		Shorthand:     "q",
+		Usage:         "suppress progress bar and log output",
+		Persistent:    true,
+		TelemetrySafe: true,
 	}
 	DebugFlag = Flag[bool]{
-		Name:       "debug",
-		ConfigName: "debug",
-		Shorthand:  "d",
-		Usage:      "debug mode",
-		Persistent: true,
+		Name:          "debug",
+		ConfigName:    "debug",
+		Shorthand:     "d",
+		Usage:         "debug mode",
+		Persistent:    true,
+		TelemetrySafe: true,
 	}
 	InsecureFlag = Flag[bool]{
-		Name:       "insecure",
-		ConfigName: "insecure",
-		Usage:      "allow insecure server connections",
-		Persistent: true,
+		Name:          "insecure",
+		ConfigName:    "insecure",
+		Usage:         "allow insecure server connections",
+		Persistent:    true,
+		TelemetrySafe: true,
 	}
 	TimeoutFlag = Flag[time.Duration]{
-		Name:       "timeout",
-		ConfigName: "timeout",
-		Default:    time.Second * 300, // 5 mins
-		Usage:      "timeout",
-		Persistent: true,
+		Name:          "timeout",
+		ConfigName:    "timeout",
+		Default:       time.Second * 300, // 5 mins
+		Usage:         "timeout",
+		Persistent:    true,
+		TelemetrySafe: true,
 	}
 	CacheDirFlag = Flag[string]{
 		Name:       "cache-dir",

pkg/flag/options.go

@@ -76,7 +76,7 @@ type Flag[T FlagType] struct {
 	// Aliases represents aliases
 	Aliases []Alias
 
-	// TelemetrySafe indicates if the flag is safe to be used in telemetry.
+	// TelemetrySafe indicates if the flag value is safe to be included in telemetry.
 	TelemetrySafe bool
 
 	// value is the value passed through CLI flag, env, or config file.

pkg/notification/flags.go

@@ -43,12 +43,14 @@ func getUsedFlags(cliOptions *flag.Options) string {
 					case flagger[[]string]:
 						val = strings.Join(ff.Value(), ",")
 					default:
-						val = "" // Default case for unsupported types
+						val = "***" // Default case for unsupported types
 					}
 				} else {
-					val = "******"
+					val = "***"
+				}
+				if f.GetName() != "" {
+					usedFlags = append(usedFlags, fmt.Sprintf("--%s=%s", f.GetName(), val))
 				}
-				usedFlags = append(usedFlags, fmt.Sprintf("--%s=%s", f.GetName(), val))
 			}
 		}
 	}

pkg/notification/flags_test.go

@@ -43,7 +43,7 @@ func TestFlagExtraction(t *testing.T) {
 		{
 			name:        "fs with discrete valued flags",
 			commandArgs: []string{"fs", "--severity", "HIGH", "--vex", "repo", "--vuln-severity-source", "nvd,debian", "../trivy-ci-test"},
-			expected:    "--severity=HIGH --vex=****** --vuln-severity-source=nvd,debian",
+			expected:    "--severity=HIGH --vex=*** --vuln-severity-source=nvd,debian",
 		},
 		{
 			name:        "use short and long flags for same option",

pkg/notification/notice_test.go

@@ -401,15 +401,15 @@ func TestCheckCommandHeaders(t *testing.T) {
 			command:                   "fs",
 			commandArgs:               []string{"--severity=HIGH", "--vex", "repo", "--vuln-severity-source", "nvd,debian", "../trivy-ci-test"},
 			expectedCommandHeader:     "fs",
-			expectedCommandArgsHeader: "--severity=HIGH --vex=****** --vuln-severity-source=nvd,debian",
+			expectedCommandArgsHeader: "--severity=HIGH --vex=*** --vuln-severity-source=nvd,debian",
 		},
 		{
 			name:                      "filesystem command with flags including an invalid flag",
 			command:                   "fs",
 			commandArgs:               []string{"--severity=HIGH", "--vex", "repo", "--vuln-severity-source", "nvd,debian", "--invalid-flag", "../trivy-ci-test"},
 			ignoreParseError:          true,
 			expectedCommandHeader:     "fs",
-			expectedCommandArgsHeader: "--severity=HIGH --vex=****** --vuln-severity-source=nvd,debian",
+			expectedCommandArgsHeader: "--severity=HIGH --vex=*** --vuln-severity-source=nvd,debian",
 		},
 		{
 			name:        "filesystem with environment variables",
@@ -419,7 +419,7 @@ func TestCheckCommandHeaders(t *testing.T) {
 				"TRIVY_SCANNERS": "secret,misconfig",
 			},
 			expectedCommandHeader:     "fs",
-			expectedCommandArgsHeader: "--severity=HIGH --scanners=secret,misconfig --vex=******",
+			expectedCommandArgsHeader: "--severity=HIGH --scanners=secret,misconfig --vex=***",
 		},
 	}