CI: remove trivy from PRs, add CVE-2022-1996 to ignores (#4867)

This is breaking contributions when there is something new in trivy's databases. That's unfortunate, and will be turned off by this commit. We're still running the checks nightly, and that's good enough for raising the maintainers' attention. * .trivyignore: add CVE-2022-1996 Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
open-policy-agent · Jul 11, 2022 · eef861d · eef861d
1 parent 3f1ed13
commit eef861d
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 43 deletions.
diff --git a/.github/workflows/vuln-scans.yaml b/.github/workflows/vuln-scans.yaml
diff --git a/.trivyignore b/.trivyignore
@@ -11,3 +11,6 @@ CVE-2018-1098
 CVE-2019-11253
 CVE-2020-8558
 CVE-2021-25741
+
+# * github.com/emicklei/go-restful - we don't use its code in our handlers
+CVE-2022-1996