From 89858d64d0c1d0d1921afc7e407429e4d34fb43e Mon Sep 17 00:00:00 2001 From: Paul Abel <128620221+pdabelf5@users.noreply.github.com> Date: Fri, 20 Sep 2024 08:57:36 +0100 Subject: [PATCH] disable Trivy until SBOM 3.0 review (#6464) --- .github/workflows/build-oss.yml | 16 ++++----- .github/workflows/build-plus.yml | 16 ++++----- .github/workflows/image-promotion.yml | 48 +++++++++++++-------------- 3 files changed, 40 insertions(+), 40 deletions(-) diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml index e42fa316cb..ec1ede310c 100644 --- a/.github/workflows/build-oss.yml +++ b/.github/workflows/build-oss.yml @@ -183,14 +183,14 @@ jobs: mkdir -p "${{ inputs.image }}-results/" if: ${{ inputs.authenticated && steps.build-push.conclusion == 'success' }} - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 - with: - image-ref: ${{ steps.meta.outputs.tags }} - format: "sarif" - output: "${{ inputs.image }}-results/trivy.sarif" - ignore-unfixed: "true" - if: ${{ inputs.authenticated && steps.build-push.conclusion == 'success' }} + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 + # with: + # image-ref: ${{ steps.meta.outputs.tags }} + # format: "sarif" + # output: "${{ inputs.image }}-results/trivy.sarif" + # ignore-unfixed: "true" + # if: ${{ inputs.authenticated && steps.build-push.conclusion == 'success' }} - name: DockerHub Login for Docker Scout uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index 1b34a5e336..d0fbee6f05 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -204,14 +204,14 @@ jobs: mkdir -p "${{ inputs.image }}-results/" if: ${{ inputs.authenticated && steps.build-push.conclusion == 'success' }} - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 - with: - image-ref: ${{ steps.meta.outputs.tags }} - format: "sarif" - output: "${{ inputs.image }}-results/trivy.sarif" - ignore-unfixed: "true" - if: ${{ inputs.authenticated && steps.build-push.conclusion == 'success' }} + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 + # with: + # image-ref: ${{ steps.meta.outputs.tags }} + # format: "sarif" + # output: "${{ inputs.image }}-results/trivy.sarif" + # ignore-unfixed: "true" + # if: ${{ inputs.authenticated && steps.build-push.conclusion == 'success' }} - name: DockerHub Login for Docker Scout uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 diff --git a/.github/workflows/image-promotion.yml b/.github/workflows/image-promotion.yml index edda26d370..95e3b01948 100644 --- a/.github/workflows/image-promotion.yml +++ b/.github/workflows/image-promotion.yml @@ -432,14 +432,14 @@ jobs: username: oauth2accesstoken password: ${{ steps.auth.outputs.access_token }} - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 - continue-on-error: true - with: - image-ref: ${{ steps.meta.outputs.tags }} - format: "sarif" - output: "${{ steps.directory.outputs.directory }}/trivy.sarif" - ignore-unfixed: "true" + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 + # continue-on-error: true + # with: + # image-ref: ${{ steps.meta.outputs.tags }} + # format: "sarif" + # output: "${{ steps.directory.outputs.directory }}/trivy.sarif" + # ignore-unfixed: "true" - name: DockerHub Login for Docker Scout uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 @@ -522,14 +522,14 @@ jobs: username: oauth2accesstoken password: ${{ steps.auth.outputs.access_token }} - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 - continue-on-error: true - with: - image-ref: ${{ steps.meta.outputs.tags }} - format: "sarif" - output: "${{ steps.directory.outputs.directory }}/trivy.sarif" - ignore-unfixed: "true" + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 + # continue-on-error: true + # with: + # image-ref: ${{ steps.meta.outputs.tags }} + # format: "sarif" + # output: "${{ steps.directory.outputs.directory }}/trivy.sarif" + # ignore-unfixed: "true" - name: DockerHub Login for Docker Scout uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 @@ -619,14 +619,14 @@ jobs: username: oauth2accesstoken password: ${{ steps.auth.outputs.access_token }} - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 - continue-on-error: true - with: - image-ref: ${{ steps.meta.outputs.tags }} - format: "sarif" - output: "${{ steps.directory.outputs.directory }}/trivy.sarif" - ignore-unfixed: "true" + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 + # continue-on-error: true + # with: + # image-ref: ${{ steps.meta.outputs.tags }} + # format: "sarif" + # output: "${{ steps.directory.outputs.directory }}/trivy.sarif" + # ignore-unfixed: "true" - name: DockerHub Login for Docker Scout uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0