Skip to content

Commit 4777d2c

Browse files
committed
fix(ci): remove trivy scanning
The Trivy supply-chain compromise (Feb/Mar 2026) deleted releases v0.27.0 through v0.69.1 and later published malicious binaries. Remove Trivy scanning entirely until the situation stabilizes.
1 parent c7e4d89 commit 4777d2c

1 file changed

Lines changed: 0 additions & 23 deletions

File tree

.github/workflows/build.yaml

Lines changed: 0 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -65,10 +65,6 @@ jobs:
6565
- name: Checkout
6666
uses: actions/checkout@v6
6767

68-
- name: Install Trivy using install script
69-
run: |
70-
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.69.3
71-
7268
- name: Set up Depot CLI
7369
uses: depot/setup-action@v1
7470
with:
@@ -79,25 +75,6 @@ jobs:
7975
${{ github.workspace }}/scripts/build_images.sh \
8076
--tag=ubuntu
8177
82-
- name: Scan ubuntu images
83-
run: |
84-
${{ github.workspace }}/scripts/scan_images.sh \
85-
--tag=ubuntu \
86-
--output-file=trivy-results-ubuntu.sarif
87-
88-
- name: Upload Trivy scan results to GitHub Security tab
89-
uses: github/codeql-action/upload-sarif@v4
90-
with:
91-
sarif_file: trivy-results-ubuntu.sarif
92-
category: trivy-ubuntu
93-
94-
- name: Upload Trivy scan results as an artifact
95-
uses: actions/upload-artifact@v6
96-
with:
97-
name: trivy-ubuntu
98-
path: trivy-results-ubuntu.sarif
99-
retention-days: 7
100-
10178
- name: Authenticate to Docker Hub
10279
if: github.event_name != 'pull_request'
10380
uses: docker/login-action@v3

0 commit comments

Comments
 (0)