To me, this implies that use of image-ref is discouraged and preserved only for compatibility. Is that correct? If so, what should users prefer instead?
I tried using scan-ref, but this results in images not being scanned at all, and no error message being emitted either (the checks pass and the logs only show Trivy's help output).
The image-ref description has the following:
https://github.com/aquasecurity/trivy-action/blob/9c21d3ca2c14eb35419e2a8b66d1195946d579b8/action.yaml#L10
To me, this implies that use of
image-ref
is discouraged and preserved only for compatibility. Is that correct? If so, what should users prefer instead?I tried using
scan-ref
, but this results in images not being scanned at all, and no error message being emitted either (the checks pass and the logs only show Trivy's help output).