build(ci): fix trivy configuration

plaffitt · plaffitt · commit cfe8bfdc3d2a · 2025-04-09T12:52:25.000+02:00
diff --git a/.github/workflows/pr-dependency-review.yml b/.github/workflows/pr-dependency-review.yml
@@ -0,0 +1,20 @@
+name: Dependency Review
+
+on:
+  pull_request:
+    paths-ignore:
+      - "**/*.md"
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    name: Dependency Review
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v4
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -1,24 +1,19 @@
 name: Security
 
 on:
+  push:
+    branches: [main, protected]
   pull_request:
     paths-ignore:
       - "**/*.md"
+  schedule:
+    - cron: '30 10 * * 1'
+  workflow_dispatch:
 
 permissions:
   contents: read
 
 jobs:
-  dependency-review:
-    name: Dependency Review
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v4
-
-      - name: Dependency Review
-        uses: actions/dependency-review-action@v4
-
   vulnerability-scanner:
     name: Vulnerability Scanner
     permissions:
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -19,6 +19,11 @@ jobs:
       QUAY_IMAGE: "quay.io/enix/kube-image-keeper"
       TRIVY_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-db:2"
     steps:
+      - name: Trigger Security workflow
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: Security
+
       - name: Checkout Repository
         uses: actions/checkout@v4
         with:
@@ -28,19 +33,6 @@ jobs:
         id: check-for-cc
         uses: webiny/action-conventional-commits@v1.3.0
 
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.30.0
-        with:
-          scan-type: 'fs'
-          ignore-unfixed: true
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: 'trivy-results.sarif'
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
