diff --git a/.github/workflows/compiler_publish_docker_images.yml b/.github/workflows/compiler_publish_docker_images.yml index b161abca32..30c015228b 100644 --- a/.github/workflows/compiler_publish_docker_images.yml +++ b/.github/workflows/compiler_publish_docker_images.yml @@ -64,15 +64,16 @@ jobs: DOCKER_BUILDKIT=1 docker build --no-cache \ --label "commit-sha=${{ github.sha }}" -t ${{ matrix.image }} -f ${{ matrix.dockerfile }} . - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 - with: - image-ref: '${{ matrix.image }}' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + # disabled because of https://github.com/aquasecurity/trivy/discussions/7668 + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 + # with: + # image-ref: '${{ matrix.image }}' + # format: 'table' + # exit-code: '1' + # ignore-unfixed: true + # vuln-type: 'os,library' + # severity: 'CRITICAL,HIGH' - name: Tag and Publish Image run: | @@ -114,16 +115,17 @@ jobs: if: ${{ steps.login.conclusion != 'skipped' }} run: docker build -t "${IMAGE}" -f docker/Dockerfile.hpx-env . - - name: Run Trivy vulnerability scanner - if: ${{ steps.login.conclusion != 'skipped' }} - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 - with: - image-ref: '${{ env.IMAGE }}' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + # disabled because of https://github.com/aquasecurity/trivy/discussions/7668 + # - name: Run Trivy vulnerability scanner + # if: ${{ steps.login.conclusion != 'skipped' }} + # uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 + # with: + # image-ref: '${{ env.IMAGE }}' + # format: 'table' + # exit-code: '1' + # ignore-unfixed: true + # vuln-type: 'os,library' + # severity: 'CRITICAL,HIGH' - name: Publish if: ${{ steps.login.conclusion != 'skipped' }} @@ -172,16 +174,17 @@ jobs: docker image tag "${IMAGE}" "${IMAGE}:${{ matrix.tag }}" docker push "${IMAGE}:${{ matrix.tag }}" - - name: Run Trivy vulnerability scanner - if: ${{ steps.login.conclusion != 'skipped' }} - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 - with: - image-ref: '${{ env.IMAGE }}' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + # disabled because of https://github.com/aquasecurity/trivy/discussions/7668 + # - name: Run Trivy vulnerability scanner + # if: ${{ steps.login.conclusion != 'skipped' }} + # uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 + # with: + # image-ref: '${{ env.IMAGE }}' + # format: 'table' + # exit-code: '1' + # ignore-unfixed: true + # vuln-type: 'os,library' + # severity: 'CRITICAL,HIGH' - name: Push Latest Image if: ${{ steps.login.conclusion != 'skipped' && matrix.tag == '11-8' }} diff --git a/.github/workflows/concrete_python_push_docker_image.yml b/.github/workflows/concrete_python_push_docker_image.yml index b6403bb69e..f88248a464 100644 --- a/.github/workflows/concrete_python_push_docker_image.yml +++ b/.github/workflows/concrete_python_push_docker_image.yml @@ -34,15 +34,16 @@ jobs: mkdir empty_context docker image build -t ${{ env.NAME_TAG }} --build-arg version=${{ env.VERSION }} -f ${{ env.DOCKER_FILE }} empty_context - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 - with: - image-ref: '${{ env.NAME_TAG }}' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + # disabled because of https://github.com/aquasecurity/trivy/discussions/7668 + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 + # with: + # image-ref: '${{ env.NAME_TAG }}' + # format: 'table' + # exit-code: '1' + # ignore-unfixed: true + # vuln-type: 'os,library' + # severity: 'CRITICAL,HIGH' - name: Login to Docker Hub uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567