From e3ee3b41f89933ca594ff813ccb3a61d0af847d0 Mon Sep 17 00:00:00 2001
From: Tommy Schmidt <tommy.schmidt@idealo.de>
Date: Wed, 22 Jan 2025 13:01:42 +0100
Subject: [PATCH] chore: remove trivy scans due to
 https://github.com/aquasecurity/trivy-action/issues/408

---
 .github/workflows/build.yml             | 18 ----------
 .github/workflows/scan-docker-image.yml | 44 -------------------------
 2 files changed, 62 deletions(-)
 delete mode 100644 .github/workflows/scan-docker-image.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d73c8c5..01e7ce0 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -18,8 +18,6 @@ permissions:
   pull-requests: write
   # used to publish the docker image
   packages: write
-  # used by trivy
-  security-events: write
 
 jobs:
   verify:
@@ -88,19 +86,3 @@ jobs:
             @semantic-release/exec
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Get Image Name
-        id: get-image-name
-        run: echo "image-name=$(mvn help:evaluate -Dexpression=image.name -q -DforceStdout)" >> $GITHUB_OUTPUT
-
-      - name: Scan Docker Image for Vulnerabilities
-        uses: aquasecurity/trivy-action@0.29.0
-        with:
-          image-ref: ${{ steps.get-image-name.outputs.image-name }}
-          format: sarif
-          output: trivy-results.sarif
-
-      - name: Upload Trivy Results to GitHub Security Tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: trivy-results.sarif
diff --git a/.github/workflows/scan-docker-image.yml b/.github/workflows/scan-docker-image.yml
deleted file mode 100644
index 41dd337..0000000
--- a/.github/workflows/scan-docker-image.yml
+++ /dev/null
@@ -1,44 +0,0 @@
-name: Scan Docker Image
-on:
-  workflow_dispatch:
-  schedule:
-    # every monday at 10:00 UTC
-    - cron: "0 10 * * 1"
-
-permissions:
-  # used by trivy
-  contents: read
-  packages: read
-  security-events: write
-
-jobs:
-  scan-docker-image:
-    name: Scan Docker Image
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
-
-      - name: Set up JDK 17
-        uses: actions/setup-java@v4
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-          cache: maven
-
-      - name: Get Image Name
-        id: get-image-name
-        run: echo "image-name=$(mvn help:evaluate -Dexpression=image.name -q -DforceStdout)" >> $GITHUB_OUTPUT
-
-      - name: Scan Docker Image for Vulnerabilities
-        uses: aquasecurity/trivy-action@0.29.0
-        with:
-          image-ref: ${{ steps.get-image-name.outputs.image-name }}
-          format: sarif
-          output: trivy-results.sarif
-
-      - name: Upload Trivy Results to GitHub Security Tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: trivy-results.sarif