ci: Update Security analysis workflow

2021-03-13 20:59:01 +01:00
parent 828092ad75
commit ccf7a04053
3 changed files with 40 additions and 74 deletions
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -91,31 +91,3 @@ jobs:
          cache-to: type=local,dest=${{ env.CACHE_PATH }}
          push: true
          tags: ${{ steps.metadata.outputs.tags }}
-
-  security-analysis:
-    name: Security analysis
-    runs-on: ubuntu-latest
-    needs: publish
-    steps:
-      - name: Prepare metadata
-        id: metadata
-        run: |
-          IMAGE_REF="${IMAGE_NAME}:${GITHUB_REF_NAME:-latest}"
-          echo ::set-output name=image_ref::${IMAGE_REF}
-
-      - name: Import Docker images
-        run: docker pull ${{ steps.metadata.outputs.image_ref }}
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ${{ steps.metadata.outputs.image_ref }}
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results.sarif'
-          severity: 'HIGH,CRITICAL'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
-        with:
-          sarif_file: 'trivy-results.sarif'