Flag provided but not defined (-severity) since 0.23.0

[TomCools]

Description

Our build server has started failing. We use Trivy to scan, using Docker containers.
Since the new release of 0.23.0 on Docker hub (we are on :latest in our build server, a questionable choice but here we are), we are getting an error.

What did you expect to happen?

Trivy to recognize the Severity flag.

What happened instead?

Incorrect Usage. flag provided but not defined: -severity

NAME:
trivy - A simple and comprehensive vulnerability scanner for containers

USAGE:
trivy [global options] command [command options] target

VERSION:
0.23.0

This is weird, because we haven't changed our build scripts in a while, so it worked fine on 0.22.0.
Our script is using following command:

    aquasec/trivy \
    --severity HIGH,CRITICAL \
    --exit-code=0 \
    --format template --template "@contrib/junit.tpl" -o /trivy-report/junit-report.xml \
    --ignore-unfixed \
    --skip-dirs "${{ parameters.trivySkipDirs }}" \
    ${{ parameters.containerRegistryUrl }}/${{ parameters.name }}:${{ parameters.tag }}

After pinning our Docker container for Trivy back to tag 0.22.0, our build works again.

Additional details (base image name, container registry info...):

Happens on all images. For reference, the severity option is still in the "help" list.

[knqyf263]

Please see here.
#1515

[TomCools]

Missed that notice. Thanks!

[TomCools]

For those who find this issue. The solution was to add "image" to the command. (see line 2)

aquasec/trivy
image \
--severity HIGH,CRITICAL
--exit-code=0
--format template --template "@contrib/junit.tpl" -o /trivy-report/junit-report.xml
--ignore-unfixed
--skip-dirs "${{ parameters.trivySkipDirs }}"
${{ parameters.containerRegistryUrl }}/${{ parameters.name }}:${{ parameters.tag }}