fix(ci): disable trivy-scan-repo

jsjoeio · jsjoeio · commit 3e078be0abc9 · 2021-05-10T17:01:10.000-07:00
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -461,30 +461,29 @@ jobs:
         uses: github/codeql-action/upload-sarif@v1
         with:
           sarif_file: "trivy-image-results.sarif"
-
+  # NOTE@jsjoeio 5/10/2021
+  # Disabling until fixed upstream
+  # See: https://github.com/aquasecurity/trivy-action/issues/22#issuecomment-833768084
   # We have to use two trivy jobs
   # because GitHub only allows
   # codeql/upload-sarif action per job
-  trivy-scan-repo:
-    runs-on: ubuntu-20.04
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-
-      - name: Run Trivy vulnerability scanner in repo mode
-        # Commit SHA for v0.0.14
-        uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
-        with:
-          scan-type: "fs"
-          scan-ref: "."
-          ignore-unfixed: true
-          format: "template"
-          template: "@/contrib/sarif.tpl"
-          output: "trivy-repo-results.sarif"
-          severity: "HIGH,CRITICAL"
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
-        with:
-          sarif_file: "trivy-repo-results.sarif"
+  # trivy-scan-repo:
+  #   runs-on: ubuntu-20.04
+  #   steps:
+  #     - name: Checkout code
+  #       uses: actions/checkout@v2
+  #     - name: Run Trivy vulnerability scanner in repo mode
+  # Commit SHA for v0.0.14
+  #   uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
+  #   with:
+  #     scan-type: "fs"
+  #     scan-ref: "."
+  #     ignore-unfixed: true
+  #     format: "template"
+  #     template: "@/contrib/sarif.tpl"
+  #     output: "trivy-repo-results.sarif"
+  #     severity: "HIGH,CRITICAL"
+  # - name: Upload Trivy scan results to GitHub Security tab
+  #   uses: github/codeql-action/upload-sarif@v1
+  #   with:
+  #     sarif_file: "trivy-repo-results.sarif"
