fix(trivy): custom clean cache command

templates/gitlab-ci-docker.yml

@@ -167,6 +167,9 @@ spec:
       - HIGH,CRITICAL
       - CRITICAL
       default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
+    trivy-clean-cache-cmd:
+      description: Command used to clean the Trivy cache
+      default: clean --scan-cache
     trivy-args:
       description: Additional `trivy client` arguments
       default: --ignore-unfixed --vuln-type os --exit-on-eol 1
@@ -254,6 +257,7 @@ variables:
   DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD: $[[ inputs.trivy-security-level-threshold ]]
   DOCKER_TRIVY_IMAGE: $[[ inputs.trivy-image ]]
   DOCKER_TRIVY_ARGS: $[[ inputs.trivy-args ]]
+  DOCKER_TRIVY_CLEAN_CACHE_CMD: $[[ inputs.trivy-clean-cache-cmd ]]
   DOCKER_TRIVY_DB_REPOSITORY: $[[ inputs.trivy-db-repository ]]
   DOCKER_TRIVY_JAVA_DB_REPOSITORY: $[[ inputs.trivy-java-db-repository ]]
 
@@ -930,7 +934,7 @@ docker-trivy:
     TRIVY_CACHE_DIR: ".trivycache/"
   script: |
     # cache cleanup is needed when scanning images with the same tags, it does not remove the database
-    trivy image --clear-cache
+    trivy $DOCKER_TRIVY_CLEAN_CACHE_CMD
     export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}}
     export TRIVY_PASSWORD=${DOCKER_REGISTRY_SNAPSHOT_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}}
     basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')