fix(ci): remove deps vuln scan, rely on renovate

2025-05-31 12:05:24 +01:00 · 2025-05-31 12:05:24 +01:00 · b623858929
commit b623858929
parent ce8baa0bfb
1 changed files with 9 additions and 38 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@ -78,47 +78,18 @@ jobs:
          # command: snyk
          args: snyk code test #--all-projects --exclude=.archive

-      - name: Snyk Vulnerability Scan
-        uses: snyk/actions/python@master
-        continue-on-error: true # Sometimes vulns aren't immediately fixable
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-          DEBUG: "*snyk*"
-        with:
-          # command: snyk
-          args: snyk test #--all-projects --exclude=.archive
+      # - name: Snyk Vulnerability Scan
+      #   uses: snyk/actions/python@master
+      #   continue-on-error: true # Sometimes vulns aren't immediately fixable
+      #   env:
+      #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      #     DEBUG: "*snyk*"
+      #   with:
+      #     # command: snyk
+      #     args: snyk test #--all-projects --exclude=.archive
      
      - name: Reverse set up environment for Snyk
        run: |
          rm -f requirements.txt
          mv pyproject.toml.bak pyproject.toml
          mv uv.lock.bak uv.lock
-
-      # - name: Trivy Setup
-      #   uses: aquasecurity/setup-trivy@v0.2.0
-      #   with:
-      #     cache: true
-      #     version: v0.61.1
-
-      # - name: Trivy Vulnerability Scan
-      #   uses: aquasecurity/trivy-action@master
-      #   with:
-      #     skip-setup-trivy: true
-      #     scan-type: "fs"
-      #     scan-ref: "${{ gitea.workspace }}"
-      #     exit-code: "1"
-      #     ignore-unfixed: true
-      #     format: "table"
-      #     severity: "CRITICAL,HIGH,MEDIUM"
-      #     scanners: "vuln,secret,misconfig,license"
-      
-      # - name: Trivy Vulnerability Scan (Docker)
-      #   uses: aquasecurity/trivy-action@master
-      #   with:
-      #     skip-setup-trivy: true
-      #     image-ref: "docker.io/my-organization/my-app:${{ github.sha }}"
-      #     format: "table"
-      #     exit-code: "1"
-      #     ignore-unfixed: true
-      #     vuln-type: 'os,library'
-      #     severity: "CRITICAL,HIGH,MEDIUM"