Switch to image scan for trivy scan

.github/workflows/scan.yml

@@ -7,6 +7,11 @@ on:
   workflow_dispatch:
   workflow_call:
 
+env:
+  CONTAINER_REGISTRY: ghcr.io
+  CONTAINER_IMAGE_NAME: ${{ github.repository }}
+  CONTAINER_IMAGE_VERSION: ${{ github.sha }}
+
 jobs:
   vulnerability-scan:
     runs-on: ubuntu-latest
@@ -31,15 +36,14 @@ jobs:
           # Specify multiple registries: try default GitHub registry, if too many requests, use the aws mirror.
           TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
         with:
-          scanners: "vuln"
-          scan-type: "fs"
+          image-ref: ${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:${{ env.CONTAINER_IMAGE_VERSION }}
           format: "sarif"
           # By default SARIF format enforces output of all vulnerabilities regardless of configured severities.
           # To override this set limit-severities-for-sarif to true.
-          limit-severities-for-sarif: true
+          # limit-severities-for-sarif: true
           output: "trivy-results.sarif"
-          severity: "CRITICAL,HIGH"
-          exit-code: "1" # Fail the build!
+          # severity: "CRITICAL,HIGH"
+          # exit-code: "1" # Fail the build!
 
       - name: Check trivy results
         run: |