.gitea/workflows/ci.yml

@@ -78,47 +78,18 @@ jobs:
           # command: snyk
           args: snyk code test #--all-projects --exclude=.archive
 
-      - name: Snyk Vulnerability Scan
+      # - name: Snyk Vulnerability Scan
-        uses: snyk/actions/python@master
+      #   uses: snyk/actions/python@master
-        continue-on-error: true # Sometimes vulns aren't immediately fixable
+      #   continue-on-error: true # Sometimes vulns aren't immediately fixable
-        env:
+      #   env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-          DEBUG: "*snyk*"
+      #     DEBUG: "*snyk*"
-        with:
+      #   with:
-          # command: snyk
+      #     # command: snyk
-          args: snyk test #--all-projects --exclude=.archive
+      #     args: snyk test #--all-projects --exclude=.archive
       
       - name: Reverse set up environment for Snyk
         run: |
           rm -f requirements.txt
           mv pyproject.toml.bak pyproject.toml
           mv uv.lock.bak uv.lock
-
-      # - name: Trivy Setup
-      #   uses: aquasecurity/setup-trivy@v0.2.0
-      #   with:
-      #     cache: true
-      #     version: v0.61.1
-
-      # - name: Trivy Vulnerability Scan
-      #   uses: aquasecurity/trivy-action@master
-      #   with:
-      #     skip-setup-trivy: true
-      #     scan-type: "fs"
-      #     scan-ref: "${{ gitea.workspace }}"
-      #     exit-code: "1"
-      #     ignore-unfixed: true
-      #     format: "table"
-      #     severity: "CRITICAL,HIGH,MEDIUM"
-      #     scanners: "vuln,secret,misconfig,license"
-      
-      # - name: Trivy Vulnerability Scan (Docker)
-      #   uses: aquasecurity/trivy-action@master
-      #   with:
-      #     skip-setup-trivy: true
-      #     image-ref: "docker.io/my-organization/my-app:${{ github.sha }}"
-      #     format: "table"
-      #     exit-code: "1"
-      #     ignore-unfixed: true
-      #     vuln-type: 'os,library'
-      #     severity: "CRITICAL,HIGH,MEDIUM"