Merge pull request #20 from OctopusDeploy/octocolby-patch-5

octocolby · web-flow · commit 80a654c6bbea · 2026-03-25T13:55:40.000+10:00
Remove Trivy
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -100,35 +100,35 @@ jobs:
           docker push $IMAGE:${{ steps.vars.outputs.VERSION }}
           docker push $IMAGE:latest
 
-      - name: Generate SBOM with Trivy
-        uses: aquasecurity/trivy-action@0.34.2
-        with:
-          format: 'cyclonedx'
-          scan-type: 'fs'
-          scan-ref: 'go.mod'
-          output: 'sbom.json'
-
-      - name: Upload SBOM as Artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: sbom.json
-          path: sbom.json
-          overwrite: true
-
-      - name: Upload SBOM to Dependency Track. How meta 🤯
-        run: |
-          docker run --rm \
-          -e SBOM_UPLOADER_URL='${{ secrets.DTRACK_URL }}' \
-          -e SBOM_UPLOADER_API_KEY='${{ secrets.DTRACK_KEY }}' \
-          -e SBOM_UPLOADER_NAME='upload-sbom-go' \
-          -e SBOM_UPLOADER_VERSION='${{ steps.vars.outputs.VERSION }}' \
-          -e SBOM_UPLOADER_PARENT='upload-sbom-go' \
-          -e SBOM_UPLOADER_TAGS='upload-sbom-go' \
-          -v "$(pwd)/sbom.json:/tmp/sbom.json" \
-          upload-sbom-go:${{ steps.vars.outputs.VERSION }} \
-          --sbom /tmp/sbom.json \
-          --latest \
-          --poll
+      # - name: Generate SBOM with Trivy
+      #   uses: aquasecurity/trivy-action@0.34.2
+      #   with:
+      #     format: 'cyclonedx'
+      #     scan-type: 'fs'
+      #     scan-ref: 'go.mod'
+      #     output: 'sbom.json'
+
+      # - name: Upload SBOM as Artifact
+      #   uses: actions/upload-artifact@v4
+      #   with:
+      #     name: sbom.json
+      #     path: sbom.json
+      #     overwrite: true
+
+      # - name: Upload SBOM to Dependency Track. How meta 🤯
+      #   run: |
+      #     docker run --rm \
+      #     -e SBOM_UPLOADER_URL='${{ secrets.DTRACK_URL }}' \
+      #     -e SBOM_UPLOADER_API_KEY='${{ secrets.DTRACK_KEY }}' \
+      #     -e SBOM_UPLOADER_NAME='upload-sbom-go' \
+      #     -e SBOM_UPLOADER_VERSION='${{ steps.vars.outputs.VERSION }}' \
+      #     -e SBOM_UPLOADER_PARENT='upload-sbom-go' \
+      #     -e SBOM_UPLOADER_TAGS='upload-sbom-go' \
+      #     -v "$(pwd)/sbom.json:/tmp/sbom.json" \
+      #     upload-sbom-go:${{ steps.vars.outputs.VERSION }} \
+      #     --sbom /tmp/sbom.json \
+      #     --latest \
+      #     --poll
 
   release:
     name: Create GitHub Release
