From 7f7cf9179f7f2677ae5bfba040355f7020d6894c Mon Sep 17 00:00:00 2001
From: nessi <sascha@nesterovic.cc>
Date: Sun, 15 Feb 2026 20:04:20 +0100
Subject: [PATCH] Remove Trivy scans from container CVE scan workflow

Trivy-based scanning steps and their summaries have been removed from the GitHub Actions workflow. This change focuses on streamlining the workflow by reducing redundancy and relying on alternate scanning methods.
---
 .../container-cve-scan-development.yml        | 46 -------------------
 1 file changed, 46 deletions(-)

diff --git a/.github/workflows/container-cve-scan-development.yml b/.github/workflows/container-cve-scan-development.yml
index b18ce44..24662ed 100644
--- a/.github/workflows/container-cve-scan-development.yml
+++ b/.github/workflows/container-cve-scan-development.yml
@@ -55,50 +55,6 @@ jobs:
           provenance: false
           sbom: false
 
-      - name: Trivy scan (backend)
-        uses: aquasecurity/trivy-action@0.24.0
-        with:
-          image-ref: nexapg-backend:dev-scan
-          format: json
-          output: trivy-backend.json
-          severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-          ignore-unfixed: false
-          exit-code: 0
-
-      - name: Trivy scan (frontend)
-        uses: aquasecurity/trivy-action@0.24.0
-        with:
-          image-ref: nexapg-frontend:dev-scan
-          format: json
-          output: trivy-frontend.json
-          severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-          ignore-unfixed: false
-          exit-code: 0
-
-      - name: Summarize Trivy severities
-        run: |
-          python - <<'PY'
-          import json
-          from collections import Counter
-          
-          def summarize(path):
-              c = Counter()
-              with open(path, "r", encoding="utf-8") as f:
-                  data = json.load(f)
-              for result in data.get("Results", []):
-                  for v in result.get("Vulnerabilities", []) or []:
-                      c[v.get("Severity", "UNKNOWN")] += 1
-              for sev in ["CRITICAL", "HIGH", "MEDIUM", "LOW", "UNKNOWN"]:
-                  c.setdefault(sev, 0)
-              return c
-          
-          for label, path in [("backend", "trivy-backend.json"), ("frontend", "trivy-frontend.json")]:
-              s = summarize(path)
-              print(f"===== Trivy {label} =====")
-              print(f"CRITICAL={s['CRITICAL']} HIGH={s['HIGH']} MEDIUM={s['MEDIUM']} LOW={s['LOW']} UNKNOWN={s['UNKNOWN']}")
-              print()
-          PY
-
       - name: Docker Scout scan (backend)
         continue-on-error: true
         run: |
@@ -152,7 +108,5 @@ jobs:
         with:
           name: container-cve-scan-reports
           path: |
-            trivy-backend.json
-            trivy-frontend.json
             scout-backend.txt
             scout-frontend.txt