_content/security/vuln: update docs

Change-Id: Ib7fd65687c7b8e0ed0c45985ab50fea5c5feae17
Reviewed-on: https://go-review.googlesource.com/c/website/+/485955
Reviewed-by: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>

1 files changed, 1 insertions, 4 deletions

diff --git a/_content/security/vuln/database.md b/_content/security/vuln/database.md
index b4e4334f..06389842 100644
--- a/_content/security/vuln/database.md
+++ b/_content/security/vuln/database.md
@@ -123,10 +123,7 @@ The endpoints are:
 
 By default, `govulncheck` uses the canonical Go vulnerability database at [vuln.go.dev](https://vuln.go.dev).
 
-The command can be configured to contact a different vulnerability database using the
-GOVULNDB environment variable,
-which accepts a vulnerability database URL with protocol `http://`, `https://`, or
-`file://`.
+The command can be configured to contact a different vulnerability database using the `-db` flag,which accepts a vulnerability database URL with protocol `http://`, `https://`, or `file://`.
 
 To work correctly with `govulncheck`, the vulnerability database specified must implement the API described above. The `govulncheck` command uses compressed ".json.gz" endpoints when reading from an http(s) source, and the ".json" endpoints when reading from a file source.