CCM-15551: Removing Trivi Observabilty (#51)

m-houston · web-flow · commit 47df0a8b0fcf · 2026-03-24T13:51:16.000Z
diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml
@@ -135,21 +135,6 @@ jobs:
         uses: actions/checkout@v4
       - name: "Lint Terraform"
         uses: ./.github/actions/lint-terraform
-  trivy:
-    name: "Trivy Scan"
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    needs: detect-terraform-changes
-    if: needs.detect-terraform-changes.outputs.terraform_changed == 'true'
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v4
-      - name: "Setup ASDF"
-        uses: asdf-vm/actions/setup@v4
-      - name: "Perform Setup"
-        uses: ./.github/actions/setup
-      - name: "Trivy Scan"
-        uses: ./.github/actions/trivy
   count-lines-of-code:
     name: "Count lines of code"
     runs-on: ubuntu-latest
diff --git a/.tool-versions b/.tool-versions
@@ -5,7 +5,8 @@ nodejs 22.11.0
 pre-commit 3.6.0
 terraform 1.9.2
 terraform-docs 0.19.0
-trivy 0.61.0
+# TODO - Re-visit Trivy usage https://nhsd-jira.digital.nhs.uk/browse/CCM-15549
+# trivy 0.61.0
 vale 3.6.0
 python 3.13.2
 
diff --git a/scripts/terraform/terraform.mk b/scripts/terraform/terraform.mk
@@ -55,13 +55,10 @@ terraform-shellscript-lint: # Lint all Terraform module shell scripts @Quality
 		file=$${file} scripts/shellscript-linter.sh
 	done
 
-terraform-sec: # TFSEC check against Terraform files - optional: terraform_dir|dir=[path to a directory where the command will be executed, relative to the project's top-level directory, default is one of the module variables or the example directory, if not set], terraform_opts|opts=[options to pass to the Terraform fmt command, default is '-recursive'] @Quality
-	tfsec infrastructure/terraform \
-		--force-all-dirs \
-		--exclude-downloaded-modules \
-		--tfvars-file infrastructure/terraform/etc/global.tfvars \
-		--tfvars-file infrastructure/terraform/etc/env_eu-west-2_main.tfvars \
-		--config-file scripts/config/tfsec.yaml
+# TODO - Re-visit Trivy usage https://nhsd-jira.digital.nhs.uk/browse/CCM-15549
+# terraform-sec: # Run Trivy IaC security scanning on Terraform code @Quality
+#	# Example: make terraform-sec
+#	./scripts/terraform/trivy-scan.sh --mode iac infrastructure/terraform
 
 terraform-docs: # Terraform-docs check against Terraform files - optional: terraform_dir|dir=[path to a directory where the command will be executed, relative to the project's top-level directory, default is one of the module variables or the example directory, if not set], terraform_opts|opts=[options to pass to the Terraform fmt command, default is '-recursive'] @Quality
 	for dir in ./infrastructure/terraform/components/* ./infrastructure/terraform/modules/*; do \
