diff --git a/building-blocks/trivy-scan.yml b/building-blocks/trivy-scan.yml
index 9323593df5d9bef28ddceb55bad646b648196f07..2fe19634247d1b1077230d129b0798101e3399e4 100644
--- a/building-blocks/trivy-scan.yml
+++ b/building-blocks/trivy-scan.yml
@@ -19,9 +19,9 @@
         cat ${TRIVY_IGNORE_FILE}
       fi
       if [ -n "${TRIVY_SEVERITY}" ]; then
-        export TRIVY_SEVERITY="--severity ${TRIVY_SEVERITY}"
+        export TRIVY_SEVERITY="${TRIVY_SEVERITY}"
       else
-        export TRIVY_SEVERITY="--severity CRITICAL"
+        export TRIVY_SEVERITY="CRITICAL"
       fi
       echo "Scanning $FULL_IMAGE_NAME"
       trivy --version
@@ -35,7 +35,7 @@
       # Prints full report
       time trivy image --exit-code 0 --cache-dir .trivycache/ --no-progress --timeout 15m $TRIVY_IGNORE "$FULL_IMAGE_NAME"
       # Fail on critical vulnerabilities
-      time trivy image --exit-code 1 --cache-dir .trivycache/ $TRIVY_SEVERITY --no-progress --timeout 15m $TRIVY_IGNORE "$FULL_IMAGE_NAME"
+      time trivy image --exit-code 1 --cache-dir .trivycache/ --no-progress --timeout 15m $TRIVY_IGNORE "$FULL_IMAGE_NAME"
   cache:
     paths:
       - .trivycache/