Merge pull request #1129 from zama-ai/ci/disable-trivy

fix(ci): disable trivy as it's failing to get vuln DB
2026-01-14 07:17:57 -05:00 · 2024-10-31 14:11:50 +01:00
parent 263f5d0f61 c442aadbeb
commit dbf16efeb2
2 changed files with 42 additions and 38 deletions
--- a/.github/workflows/compiler_publish_docker_images.yml
+++ b/.github/workflows/compiler_publish_docker_images.yml
@@ -64,15 +64,16 @@ jobs:
          DOCKER_BUILDKIT=1 docker build --no-cache \
            --label "commit-sha=${{ github.sha }}" -t ${{ matrix.image }} -f ${{ matrix.dockerfile }} .

-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
-        with:
-          image-ref: '${{ matrix.image }}'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+      # disabled because of https://github.com/aquasecurity/trivy/discussions/7668
+      # - name: Run Trivy vulnerability scanner
+      #   uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
+      #   with:
+      #     image-ref: '${{ matrix.image }}'
+      #     format: 'table'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH'

      - name: Tag and Publish Image
        run: |
@@ -114,16 +115,17 @@ jobs:
        if: ${{ steps.login.conclusion != 'skipped' }}
        run: docker build -t "${IMAGE}" -f docker/Dockerfile.hpx-env .

-      - name: Run Trivy vulnerability scanner
-        if: ${{ steps.login.conclusion != 'skipped' }}
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
-        with:
-          image-ref: '${{ env.IMAGE }}'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+      # disabled because of https://github.com/aquasecurity/trivy/discussions/7668
+      # - name: Run Trivy vulnerability scanner
+      #   if: ${{ steps.login.conclusion != 'skipped' }}
+      #   uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
+      #   with:
+      #     image-ref: '${{ env.IMAGE }}'
+      #     format: 'table'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH'

      - name: Publish
        if: ${{ steps.login.conclusion != 'skipped' }}
@@ -172,16 +174,17 @@ jobs:
          docker image tag "${IMAGE}" "${IMAGE}:${{ matrix.tag }}"
          docker push "${IMAGE}:${{ matrix.tag }}"

-      - name: Run Trivy vulnerability scanner
-        if: ${{ steps.login.conclusion != 'skipped' }}
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
-        with:
-          image-ref: '${{ env.IMAGE }}'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+      # disabled because of https://github.com/aquasecurity/trivy/discussions/7668
+      # - name: Run Trivy vulnerability scanner
+      #   if: ${{ steps.login.conclusion != 'skipped' }}
+      #   uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
+      #   with:
+      #     image-ref: '${{ env.IMAGE }}'
+      #     format: 'table'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH'

      - name: Push Latest Image
        if: ${{ steps.login.conclusion != 'skipped' && matrix.tag == '11-8' }}
--- a/.github/workflows/concrete_python_push_docker_image.yml
+++ b/.github/workflows/concrete_python_push_docker_image.yml
@@ -34,15 +34,16 @@ jobs:
          mkdir empty_context
          docker image build -t ${{ env.NAME_TAG }} --build-arg version=${{ env.VERSION }} -f ${{ env.DOCKER_FILE }} empty_context

-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
-        with:
-          image-ref: '${{ env.NAME_TAG }}'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+      # disabled because of https://github.com/aquasecurity/trivy/discussions/7668
+      # - name: Run Trivy vulnerability scanner
+      #   uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
+      #   with:
+      #     image-ref: '${{ env.NAME_TAG }}'
+      #     format: 'table'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH'

      - name: Login to Docker Hub
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567