Disable trivy scans for now

Maik Hummel · Maik Hummel · commit 41285911aa22 · 2021-02-13T12:53:47.000+01:00
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -54,14 +54,15 @@ jobs:
           labels: ${{ steps.docker_meta.outputs.labels }}
           cache-from: type=local,src=${{ github.workspace }}/cache
           cache-to: type=local,dest=${{ github.workspace }}/cache
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ${{ env.imageName }}:${{ steps.docker_meta.outputs.version }}
-          format: "template"
-          template: "@/contrib/sarif.tpl"
-          output: "trivy-results.sarif"
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
-        with:
-          sarif_file: "trivy-results.sarif"
+      # temporarily disabled until https://github.com/aquasecurity/trivy-action/issues/22 is resolved
+      # - name: Run Trivy vulnerability scanner
+      #   uses: aquasecurity/trivy-action@master
+      #   with:
+      #     image-ref: ${{ env.imageName }}:${{ steps.docker_meta.outputs.version }}
+      #     format: "template"
+      #     template: "@/contrib/sarif.tpl"
+      #     output: "trivy-results.sarif"
+      # - name: Upload Trivy scan results to GitHub Security tab
+      #   uses: github/codeql-action/upload-sarif@v1
+      #   with:
+      #     sarif_file: "trivy-results.sarif"
