@@ -80,26 +80,27 @@ jobs:
8080 --push \
8181 ./
8282
83- trivy :
84- name : Check Release with Trivy
85- runs-on : ubuntu-latest
86- needs : [prepare-version, build-push]
87- permissions :
88- contents : read # for actions/checkout to fetch code
89- security-events : write # for github/codeql-action/upload-sarif to upload SARIF results
90- steps :
91- - name : Checkout code
92- uses : actions/checkout@v6
93-
94- - name : Run Trivy vulnerability scanner
95- uses : aquasecurity/trivy-action@0.35.0
96- with :
97- image-ref : ${{ vars.DOCKERHUB_ORGANIZATION }}/${{ vars.DOCKERHUB_REPOSITORY }}:${{ needs.prepare-version.outputs.version }}
98- format : ' sarif'
99- output : ' trivy-results.sarif'
100- severity : ' CRITICAL,HIGH'
101-
102- - name : Upload Trivy scan results to GitHub Security tab
103- uses : github/codeql-action/upload-sarif@v4
104- with :
105- sarif_file : ' trivy-results.sarif'
83+ # Trivy release scan disabled — uncomment the job below to re-enable
84+ # trivy:
85+ # name: Check Release with Trivy
86+ # runs-on: ubuntu-latest
87+ # needs: [prepare-version, build-push]
88+ # permissions:
89+ # contents: read # for actions/checkout to fetch code
90+ # security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
91+ # steps:
92+ # - name: Checkout code
93+ # uses: actions/checkout@v6
94+ #
95+ # - name: Run Trivy vulnerability scanner
96+ # uses: aquasecurity/trivy-action@0.35.0
97+ # with:
98+ # image-ref: ${{ vars.DOCKERHUB_ORGANIZATION }}/${{ vars.DOCKERHUB_REPOSITORY }}:${{ needs.prepare-version.outputs.version }}
99+ # format: 'sarif'
100+ # output: 'trivy-results.sarif'
101+ # severity: 'CRITICAL,HIGH'
102+ #
103+ # - name: Upload Trivy scan results to GitHub Security tab
104+ # uses: github/codeql-action/upload-sarif@v4
105+ # with:
106+ # sarif_file: 'trivy-results.sarif'
0 commit comments