Merge pull request #1129 from zama-ai/ci/disable-trivy

fix(ci): disable trivy as it's failing to get vuln DB
zama-ai · Oct 31, 2024 · dbf16ef · dbf16ef
2 parents 263f5d0 + c442aad
commit dbf16ef
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 38 deletions.
diff --git a/.github/workflows/compiler_publish_docker_images.yml b/.github/workflows/compiler_publish_docker_images.yml
@@ -64,15 +64,16 @@ jobs:
           DOCKER_BUILDKIT=1 docker build --no-cache \
             --label "commit-sha=${{ github.sha }}" -t ${{ matrix.image }} -f ${{ matrix.dockerfile }} .
 
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
-        with:
-          image-ref: '${{ matrix.image }}'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+      # disabled because of https://github.com/aquasecurity/trivy/discussions/7668
+      # - name: Run Trivy vulnerability scanner
+      #   uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
+      #   with:
+      #     image-ref: '${{ matrix.image }}'
+      #     format: 'table'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH'
 
       - name: Tag and Publish Image
         run: |
@@ -114,16 +115,17 @@ jobs:
         if: ${{ steps.login.conclusion != 'skipped' }}
         run: docker build -t "${IMAGE}" -f docker/Dockerfile.hpx-env .
 
-      - name: Run Trivy vulnerability scanner
-        if: ${{ steps.login.conclusion != 'skipped' }}
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
-        with:
-          image-ref: '${{ env.IMAGE }}'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+      # disabled because of https://github.com/aquasecurity/trivy/discussions/7668
+      # - name: Run Trivy vulnerability scanner
+      #   if: ${{ steps.login.conclusion != 'skipped' }}
+      #   uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
+      #   with:
+      #     image-ref: '${{ env.IMAGE }}'
+      #     format: 'table'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH'
 
       - name: Publish
         if: ${{ steps.login.conclusion != 'skipped' }}
@@ -172,16 +174,17 @@ jobs:
           docker image tag "${IMAGE}" "${IMAGE}:${{ matrix.tag }}"
           docker push "${IMAGE}:${{ matrix.tag }}"
 
-      - name: Run Trivy vulnerability scanner
-        if: ${{ steps.login.conclusion != 'skipped' }}
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
-        with:
-          image-ref: '${{ env.IMAGE }}'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+      # disabled because of https://github.com/aquasecurity/trivy/discussions/7668
+      # - name: Run Trivy vulnerability scanner
+      #   if: ${{ steps.login.conclusion != 'skipped' }}
+      #   uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
+      #   with:
+      #     image-ref: '${{ env.IMAGE }}'
+      #     format: 'table'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH'
 
       - name: Push Latest Image
         if: ${{ steps.login.conclusion != 'skipped' && matrix.tag == '11-8' }}

diff --git a/.github/workflows/concrete_python_push_docker_image.yml b/.github/workflows/concrete_python_push_docker_image.yml
@@ -34,15 +34,16 @@ jobs:
           mkdir empty_context
           docker image build -t ${{ env.NAME_TAG }} --build-arg version=${{ env.VERSION }} -f ${{ env.DOCKER_FILE }} empty_context
 
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
-        with:
-          image-ref: '${{ env.NAME_TAG }}'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+      # disabled because of https://github.com/aquasecurity/trivy/discussions/7668
+      # - name: Run Trivy vulnerability scanner
+      #   uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
+      #   with:
+      #     image-ref: '${{ env.NAME_TAG }}'
+      #     format: 'table'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH'
 
       - name: Login to Docker Hub
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567