fix(cli): secret scanning perf link fix (#2607)

pkg/commands/artifact/run.go

@@ -10,6 +10,7 @@ import (
 	"golang.org/x/exp/slices"
 	"golang.org/x/xerrors"
 
+	"github.com/aquasecurity/go-version/pkg/semver"
 	"github.com/aquasecurity/trivy-db/pkg/db"
 	tcache "github.com/aquasecurity/trivy/pkg/cache"
 	"github.com/aquasecurity/trivy/pkg/commands/operation"
@@ -39,6 +40,8 @@ const (
 	TargetRepository     TargetKind = "repo"
 	TargetImageArchive   TargetKind = "archive"
 	TargetSBOM           TargetKind = "sbom"
+
+	devVersion = "dev"
 )
 
 var (
@@ -471,9 +474,10 @@ func initScannerConfig(opts flag.Options, cacheClient cache.Cache) (ScannerConfi
 
 	// Do not load config file for secret scanning
 	if slices.Contains(opts.SecurityChecks, types.SecurityCheckSecret) {
+		ver := canonicalVersion(opts.AppVersion)
 		log.Logger.Info("Secret scanning is enabled")
 		log.Logger.Info("If your scanning is slow, please try '--security-checks vuln' to disable secret scanning")
-		log.Logger.Infof("Please see also https://aquasecurity.github.io/trivy/%s/docs/secret/scanning/#recommendation for faster secret detection", opts.AppVersion)
+		log.Logger.Infof("Please see also https://aquasecurity.github.io/trivy/%s/docs/secret/scanning/#recommendation for faster secret detection", ver)
 	} else {
 		opts.SecretConfigPath = ""
 	}
@@ -543,3 +547,21 @@ func Exit(opts flag.Options, failedResults bool) {
 		os.Exit(opts.ExitCode)
 	}
 }
+
+func canonicalVersion(ver string) string {
+	if ver == devVersion {
+		return ver
+	}
+	v, err := semver.Parse(ver)
+	if err != nil {
+		return devVersion
+	}
+	// Replace pre-release with "dev"
+	// e.g. v0.34.0-beta1+snapshot-1
+	if v.IsPreRelease() || v.Metadata() != "" {
+		return devVersion
+	}
+
+	// Add "v" prefix, "0.34.0" => "v0.34.0" for the url
+	return "v" + ver
+}