Trivy scan for Buildah images fails with message: Error: unknown flag: --exit-code

[amit-kumar-absg]

I am trying to use Trivy task to scan the local image which has been built by using Buildah. I am using the following Task set up to run the scan on a local image cache (.tar file):

- task: MicrosoftSecurityDevOps@1
  displayName: 'Microsoft Security DevOps'
  inputs:
    tools: 'terrascan,credscan,trivy'
  env:
    trivy_action: 'image --input'
    trivy_target: '/tmp/$(apiImageNameAndVersion).tar'

The Trivy task fails with the following error:

/nc/_work/_msdo/packages/nuget/Microsoft.Guardian.TrivyRedist_linux_amd64.0.45.0/tools/trivy "image --input" --exit-code 100 --format sarif --output /nc/_work/10/s/.gdn/.r/trivy/001/trivy.sarif /tmp/my-buildah-imagename.tar

Error: unknown flag: --exit-code

I want to know if this is the right approach to scan a local image built using Buildah and:

1. How to fix the unknown flag error for --exit-code?
2. How to specify the correct command to scan the image from a local path by using --input flag in the action?

This is the screenshot of the command and error message from Azure DevOps build log page:

[amit-kumar-absg]

I was able to fix it by using the following

- task: MicrosoftSecurityDevOps@1
  displayName: 'Microsoft Security DevOps'
  inputs:
    tools: 'terrascan,credscan,trivy'
  env:
    trivy_input: '/tmp/$(apiImageNameAndVersion).tar'