Remove Trivy scans from container CVE scan workflow

Trivy-based scanning steps and their summaries have been removed from the GitHub Actions workflow. This change focuses on streamlining the workflow by reducing redundancy and relying on alternate scanning methods.
2026-02-15 20:04:20 +01:00
parent 3e317abda8
commit 7f7cf9179f
1 changed files with 0 additions and 46 deletions
--- a/.github/workflows/container-cve-scan-development.yml
+++ b/.github/workflows/container-cve-scan-development.yml
@@ -55,50 +55,6 @@ jobs:
          provenance: false
          sbom: false

-      - name: Trivy scan (backend)
-        uses: aquasecurity/trivy-action@0.24.0
-        with:
-          image-ref: nexapg-backend:dev-scan
-          format: json
-          output: trivy-backend.json
-          severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-          ignore-unfixed: false
-          exit-code: 0
-
-      - name: Trivy scan (frontend)
-        uses: aquasecurity/trivy-action@0.24.0
-        with:
-          image-ref: nexapg-frontend:dev-scan
-          format: json
-          output: trivy-frontend.json
-          severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-          ignore-unfixed: false
-          exit-code: 0
-
-      - name: Summarize Trivy severities
-        run: |
-          python - <<'PY'
-          import json
-          from collections import Counter
-          
-          def summarize(path):
-              c = Counter()
-              with open(path, "r", encoding="utf-8") as f:
-                  data = json.load(f)
-              for result in data.get("Results", []):
-                  for v in result.get("Vulnerabilities", []) or []:
-                      c[v.get("Severity", "UNKNOWN")] += 1
-              for sev in ["CRITICAL", "HIGH", "MEDIUM", "LOW", "UNKNOWN"]:
-                  c.setdefault(sev, 0)
-              return c
-          
-          for label, path in [("backend", "trivy-backend.json"), ("frontend", "trivy-frontend.json")]:
-              s = summarize(path)
-              print(f"===== Trivy {label} =====")
-              print(f"CRITICAL={s['CRITICAL']} HIGH={s['HIGH']} MEDIUM={s['MEDIUM']} LOW={s['LOW']} UNKNOWN={s['UNKNOWN']}")
-              print()
-          PY
-
      - name: Docker Scout scan (backend)
        continue-on-error: true
        run: |
@@ -152,7 +108,5 @@ jobs:
        with:
          name: container-cve-scan-reports
          path: |
-            trivy-backend.json
-            trivy-frontend.json
            scout-backend.txt
            scout-frontend.txt