chore: remove Trivy scan (#422)

Removing the Trivy vulnerability scanner from the security-scans action.
Related to cloudnative-pg/cloudnative-pg#10343

Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>

Author: NiccoloFei

.github/actions/security-scans/README.md

@@ -28,10 +28,6 @@ permissions:
   - Detects vulnerabilities in OS packages, libraries, and dependencies.
   - Generates a `snyk.sarif` that gets uploaded to GitHub Code Scanning
 
-- [Trivy](https://github.com/aquasecurity/trivy-action):
-  - Detects vulnerabilities in OS packages, misconfigurations, sensitive information, licenses etc.
-  - Generates a `trivy-results.sarif` that gets uploaded to GitHub Code Scanning
-
 ---
 
 ## Inputs
@@ -48,9 +44,6 @@ Note:
 - If a `snyk_token` is not provided, Snyk scans won't be performed.
 - The `dockerfile` path is currently only required by Snyk.
 
-Important:
-- The action will fail if none of the vulnerability scanners is able to generate a Sarif output.
-
 ---
 
 ## Usage

.github/actions/security-scans/action.yml

@@ -62,26 +62,3 @@ runs:
       if: ${{ hashFiles('snyk.sarif') != '' }}
       with:
         sarif_file: snyk.sarif
-
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # 0.34.2
-      id: trivy
-      continue-on-error: true
-      with:
-        version: 'latest'
-        image-ref: '${{ inputs.image }}'
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-
-    - name: Upload Trivy scan results to GitHub Security tab
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4
-      if: ${{ hashFiles('trivy-results.sarif') != '' }}
-      with:
-        sarif_file: 'trivy-results.sarif'
-
-    - name: Review Security checks
-      if: ${{ hashFiles('snyk.sarif') == '' && hashFiles('trivy-results.sarif') == '' }}
-      shell: bash
-      run: |
-        echo "None of the security checks produced results (Snyk and Trivy)"
-        exit 1