How to use the --security-checks flag in trivy?

Question

I am getting this error when using this flag --security-checks:

$ trivy --quiet image --security-checks .secrets  $TRIVY_ARGS $TRIVY_SCAN_IMAGE
2023-02-03T17:49:34.457Z    FATAL   flag error: scan flag error: unable to parse security checks: unknown security check: .secrets
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1

What I am trying to resolve is that I am getting an "Asymmetric Private Key" error because Trivy requires a private key when scanning secrets file.

================================================
Total: 1 (HIGH: 1, CRITICAL: 0)
HIGH: AsymmetricPrivateKey (private-key)
════════════════════════════════════════
Asymmetric Private Key
────────────────────────────────────────
 /etc/ssl/private/ssl-cert-snakeoil.key:1 (added by 'apt-get install -y  jq unzip python3-pan')

I am using the Trivy documentation to fix this error by adding this flag --security-checks. My initial code is this:

trivy --quiet image $TRIVY_ARGS $TRIVY_SCAN_IMAGE

I changed it to this:

trivy --quiet image --security-checks .secrets $TRIVY_ARGS $TRIVY_SCAN_IMAGE

I am getting this error:

$ trivy --quiet image --security-checks .secrets  $TRIVY_ARGS $TRIVY_SCAN_IMAGE
2023-02-03T17:49:34.457Z    FATAL   flag error: scan flag error: unable to parse security checks: unknown security check: .secrets
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1

Answer 1

I needed to add a valid parameter

trivy --quiet image --security-checks vuln $TRIVY_ARGS $TRIVY_SCAN_IMAGE