Request to change --security-checks to --Scanners

[akhil-ph]

When I'm using trivy task in my pipeline, I'm getting a warning --security-checks is deprecated use --scanners instead. I'm using trivy version 0.42.1

please make this change in a way that we can choose the type of scanner to use via argument eg:

- task: trivy@1
  displayName: 'trivy container'
  inputs:
    version: 'v0.42.1'
    docker: false
    image: 'node:latest'
    scanners: 'vuln,secret'
    severities: 'HIGH,CRITICAL'
    exitCode: '1'
    ignoreUnfixed: true
    options: '--vuln-type library'

[srmds]

We are also encountering the deprecation warning.

Version : 1.4.1

Build output for trivy task:

2023-06-27T09:52:30.316Z WARN '--security-checks' is deprecated. Use '--scanners' instead.

[srmds]

By leveraging trivy.yaml config file, setting scanners instead of security-checks the deprecation warning goes away:

trivy ... --config trivy.yaml

trivy.yaml:

...

scan:
  ...
  scanners: 
    - config
    - vuln
    - secret 

[rainan16]

When I'm using trivy task in my pipeline, I'm getting a warning --security-checks is deprecated use --scanners instead. I'm using trivy version 0.42.1

This is maybe a duplicate of #36 ?

[mattduguid]

srmds

are you able to supply a a copy of your YAML, we tried with one but no change in behaviour using what you had above.

it may have been because we tried passing the YAML via "options:" parameter via their marketplace add on for azure devops, looks like you were using the binary on CLI,

- task: trivy@1
  displayName: 'Trivy (task)'
  inputs:
    path: '$(Agent.BuildDirectory)/devops/devops/terraform/modules/'
    exitCode: 1
    debug: false
    docker: false
    version: 'v0.52.2'
    options: '--config /tmp/trivy.yaml'

if we use the trivy binary inside an azure devops task of type "task: AzureCLI@2" no issues at all which is our current workaround