Offline Mode documentation unclear

[wkoot]

Description

Current documentation regarding Offline Mode is listing --skip-check-update and --offline-scan inconsistently.
The option --skip-check-update is not applied in the example, and the option --offline-scan is not explained.

Does --offline-scan even offer anything on top of the other options? To which API(s) does it send requests?
Also, only the --download-db-only option is specified while the --download-java-db-only would also be needed.
And since --skip-check-update is mentioned, what about --skip-vex-repo-update?
Are there --download-*-only parameters regarding the Vulnerability Exploitability and Misconfiguration checks?

Link

https://aquasecurity.github.io/trivy/v0.56/docs/advanced/air-gap/#offline-mode :

By default, Trivy will attempt to download latest databases. If it fails, the scan might fail. To avoid this behavior, you can tell Trivy to not attempt to download database files:

• --skip-db-update to skip updating the main vulnerability database.
• --skip-java-db-update to skip updating the Java vulnerability database.
• --skip-check-update to skip updating the misconfiguration database.

trivy image --skip-db-update --skip-java-db-update --offline-scan --skip-check-update myimage

Suggestions

Add a breakdown of the various parameters needed for offline mode, and their function.
Add an explanation of how to collect the various data sources, in preparation for offline mode.

[itaysk]

thanks for the feedback, we are redoing the offline documentaiton in #7732 . please feel free to review and add comments on that PR