docs: update argument list (#4443)

* fixes: #4393 Updated the arguments list in both MANUAL.md and README.md Signed-off-by: Aryan Bakliwal <[email protected]>
intel · Sep 16, 2024 · 31f15bf · 31f15bf
1 parent d69451f
commit 31f15bf
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -174,7 +174,7 @@ cve-bin-tool file -f csv,json,json2,html -o report
 Note: You must not use spaces between the commas (',') and the output formats.
 
 The reported vulnerabilities can additionally be reported in the
-Vulnerability Exchange (VEX) format by specifying `--vex-output` with type defined using `--vex-type` command line option.
+Vulnerability Exploitability  eXchange (VEX) format by specifying `--vex-output` with type defined using `--vex-type` command line option.
 The generated VEX file can then be used as a `--vex-file` to support
 a triage process.
 
@@ -445,7 +445,7 @@ CVE Data Download:
                         Specify NVD API key (used to improve NVD rate limit).
                         Set to `no` to ignore any keys in the environment.
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#-d-nvdosvgadcurl-nvdosvgadcurl----disable-data-source-nvdosvgadcurl-nvdosvgadcurl-">-d DISABLE_DATA_SOURCE, --disable-data-source DISABLE_DATA_SOURCE</a>
-                        comma-separated list of data sources (CURL, EPSS, GAD, NVD, OSV, REDHAT, RSD) to disable (default: NONE) 
+                        comma-separated list of data sources (CURL, EPSS, GAD, NVD, OSV, PURL2CPE, REDHAT, RSD) to disable (default: NONE)
 
   --use-mirror USE_MIRROR
                         use an mirror to update the database
@@ -463,7 +463,7 @@ Input:
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--sbom-file-sbom_file">--sbom-file SBOM_FILE</a>
                         provide sbom filename
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#d--vex-file-vex_file">--vex-file VEX_FILE</a>
-                        provide vex filename used for triage processing, the type of vex will be automatically detected.
+                        provide vulnerability exploitability exchange (vex) filename for triage processing
 
 
 Output:
@@ -486,9 +486,9 @@ Output:
   --metrics             
                         check for metrics (e.g., EPSS) from found cves
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--epss-percentile">--epss-percentile EPSS_PERCENTILE</a>
-                        minimum epss percentile of CVE range between 0 to 100 to report
+                        minimum epss percentile of CVE range between 0 to 100 to report. Automatically enables `--metrics`
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--epss-probability">--epss-probability EPSS_PROBABILITY</a>
-                        minimum epss probability of CVE range between 0 to 100 to report
+                        minimum epss probability of CVE range between 0 to 100 to report. Automatically enables `--metrics`
   --no-0-cve-report     only produce report when CVEs are found
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#-a-distro_name-distro_version_name---available-fix-distro_name-distro_version_name">-A [<distro_name>-<distro_version_name>], --available-fix [<distro_name>-<distro_version_name>]</a>
                         Lists available fixes of the package from Linux distribution
@@ -501,10 +501,21 @@ Output:
                         specify type of software bill of materials (sbom) to generate (default: spdx)
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--sbom-format">--sbom-format {tag,json,yaml}</a>
                         specify format of software bill of materials (sbom) to generate (default: tag)
-  <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--vex-type">--vex-type {cyclonedx, csaf, openvex}</a>
-                        specify type of vulnerability exploitability exchange (vex) to generate (default: cyclonedx)
+
+Vex Output:
+  Arguments related to Vex output document.
+
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--vex-output-vex_output">--vex-ouptput VEX_OUTPUT</a>
                         Provide vulnerability exploitability exchange (vex) filename to generate
+  <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--vex-type">--vex-type {cyclonedx, csaf, openvex}</a>
+                        specify type of vulnerability exploitability exchange (vex) to generate (default: cyclonedx)
+  --product PRODUCT     Product Name
+  --release RELEASE     Release Version
+  --vendor VENDOR       Vendor/Supplier of Product
+  -rr REVISION_REASON, --revision-reason REVISION_REASON
+                        a reason for the update to the vex document should be specified in double quotes
+  --filter-triage       Filter cves based on triage data from Vex file
+
 Merge Report:
   Arguments related to Intermediate and Merged Reports
 
@@ -542,6 +553,8 @@ Exploits:
   --exploits            check for exploits from found cves
 
 Deprecated:
+  --triage-input-file TRIAGE_INPUT_FILE
+                        replaced by --vex-file
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#-x---extract">-x, --extract</a>         autoextract compressed files
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--report">--report</a>              Produces a report even if there are no CVE for the respective output format
 </pre>

diff --git a/doc/MANUAL.md b/doc/MANUAL.md
@@ -107,7 +107,7 @@ You can also do `python -m cve_bin_tool.cli`
 which is useful if you're trying the latest code from
 [the cve-bin-tool github](https://github.com/intel/cve-bin-tool).
 
-    optional arguments:
+    options:
       -h, --help            show this help message and exit
       -e EXCLUDE, --exclude EXCLUDE
                             Comma separated Exclude directory path
@@ -117,20 +117,22 @@ which is useful if you're trying the latest code from
       --disable-validation-check
                             skips checking xml files against schema
       --offline             operate in offline mode
-      --detailed            display detailed report
+      --detailed            add CVE description in csv or json report (no effect on console, html or pdf)
 
     CVE Data Download:
       Arguments related to data sources and Cache Configuration
 
-      -n {api,api2,json-nvd,json-mirror}, --nvd {api,api2,json-nvd,json-mirror}
+      -n {api,api2,json,json-mirror,json-nvd}, --nvd {api,api2,json,json-mirror,json-nvd}
                             choose method for getting CVE lists from NVD
       -u {now,daily,never,latest}, --update {now,daily,never,latest}
                             update schedule for data sources and exploits database (default: daily)
       --nvd-api-key NVD_API_KEY
                             Specify NVD API key (used to improve NVD rate limit).
                             Set to `no` to ignore any keys in the environment.
-      -d {NVD,OSV,GAD,REDHAT,CURL} [{NVD,OSV,GAD,REDHAT,CURL} ...], --disable-data-source {NVD,OSV,GAD,REDHAT,CURL} [{NVD,OSV,GAD,REDHAT,CURL} ...]
-                            specify data sources that should be disabled
+      -d DISABLE_DATA_SOURCE, --disable-data-source DISABLE_DATA_SOURCE
+                            comma-separated list of data sources (CURL, EPSS, GAD, NVD, OSV, PURL2CPE, REDHAT, RSD) to disable (default: NONE)
+      --use-mirror USE_MIRROR
+                            use an mirror to update the database
 
     Input:
       directory             directory to scan
@@ -144,6 +146,7 @@ which is useful if you're trying the latest code from
                             specify type of software bill of materials (sbom) (default: spdx)
       --sbom-file SBOM_FILE
                             provide sbom filename
+      --vex-file VEX_FILE   provide vulnerability exploitability exchange (vex) filename for triage processing
 
     Output:
       -q, --quiet           suppress output
@@ -157,29 +160,42 @@ which is useful if you're trying the latest code from
                             update output format (default: console)
                             specify multiple output formats by using comma (',') as a separator
                             note: don't use spaces between comma (',') and the output formats.
+      --generate-config {yaml,toml,yaml,toml,toml,yaml}
+                            generate config file for cve bin tool in toml and yaml formats.
       -c CVSS, --cvss CVSS  minimum CVSS score (as integer in range 0 to 10) to report (default: 0)
-      --epss-percentile     minimum EPSS percentile of CVE range between 0 to 100 to report 
-                            (input value can also be floating point)(default: 0)
-      --epss-probability     minimum EPSS probability of CVE range between 0 to 100 to report 
-                            (input value can also be floating point)(default: 0)
       -S {low,medium,high,critical}, --severity {low,medium,high,critical}
                             minimum CVE severity to report (default: low)
+      --metrics             check for metrics (e.g., EPSS) from found cves
+      --epss-percentile EPSS_PERCENTILE
+                            minimum epss percentile of CVE range between 0 to 100 to report. Automatically enables `--metrics`
+      --epss-probability EPSS_PROBABILITY
+                            minimum epss probability of CVE range between 0 to 100 to report. Automatically enables `--metrics`
       --no-0-cve-report     only produce report when CVEs are found
       -A [<distro_name>-<distro_version_name>], --available-fix [<distro_name>-<distro_version_name>]
                             Lists available fixes of the package from Linux distribution
       -b [<distro_name>-<distro_version_name>], --backport-fix [<distro_name>-<distro_version_name>]
                             Lists backported fixes if available from Linux distribution
       --affected-versions   Lists versions of product affected by a given CVE (to facilitate upgrades)
       --sbom-output SBOM_OUTPUT
-                            provide software bill of materials (sbom) filename to generate
+                            Provide software bill of materials (sbom) filename to generate
       --sbom-type {spdx,cyclonedx}
                             specify type of software bill of materials (sbom) to generate (default: spdx)
       --sbom-format {tag,json,yaml}
                             specify format of software bill of materials (sbom) to generate (default: tag)
-      --vex-type {cyclonedx, csaf, openvex}
-                            specify type of vulnerability exploitability exchange (vex) to generate (default: cyclonedx)
+
+    Vex Output:
+      Arguments related to Vex output document.
+
       --vex-output VEX_OUTPUT
-                            provide vulnerability exploitability exchange (vex) filename to generate
+                            Provide vulnerability exploitability exchange (vex) filename to generate
+      --vex-type {cyclonedx,csaf,openvex}
+                            specify type of vulnerability exploitability exchange (vex) to generate (default: cyclonedx)
+      --product PRODUCT     Product Name
+      --release RELEASE     Release Version
+      --vendor VENDOR       Vendor/Supplier of Product
+      -rr REVISION_REASON, --revision-reason REVISION_REASON
+                            a reason for the update to the vex document should be specified in double quotes
+      --filter-triage       Filter cves based on triage data from Vex file
 
     Merge Report:
       Arguments related to Intermediate and Merged Reports
@@ -198,17 +214,30 @@ which is useful if you're trying the latest code from
       -r RUNS, --runs RUNS  comma-separated list of checkers to enable
 
     Database Management:
+      --import-json IMPORT_JSON
+                            import database from json files chopped by years
+      --ignore-sig          do not verify PGP signature while importing json data
+      --log-signature-error
+                            when the signature doesn't match log the error only instead of halting (UNSAFE)
+      --verify PGP_PUBKEY_PATH
+                            verify PGP sign while importing json files
+      --export-json EXPORT_JSON
+                            export database as json files chopped by years
+      --pgp-sign PGP_PRIVATE_KEY_PATH
+                            sign exported json files with PGP
+      --passphrase PASSPHRASE
+                            required passphrase for signing with PGP
       --export EXPORT       export database filename
       --import IMPORT       import database filename
 
     Exploits:
       --exploits            check for exploits from found cves
 
     Deprecated:
+      --triage-input-file TRIAGE_INPUT_FILE
+                            replaced by --vex-file
       -x, --extract         autoextract compressed files
-      CVE Binary Tool autoextracts all compressed files by default now
       --report              Produces a report even if there are no CVE for the respective output format
-      CVE Binary Tool produces report by default even if there are no CVEs
 
 <!--CHECKERS TABLE BEGIN-->
 |   |  |  | Available checkers |  |  |  |