diff --git a/.github/workflows/quality-gates.yml b/.github/workflows/quality-gates.yml index aa74bf6..e15b237 100644 --- a/.github/workflows/quality-gates.yml +++ b/.github/workflows/quality-gates.yml @@ -63,7 +63,7 @@ jobs: actions: read packages: read uses: >- - modeled-information-format/.github/.github/workflows/reusable-trivy.yml@5c856f8118976bfd3bb64a8911f69dc9b00b4cad + modeled-information-format/.github/.github/workflows/reusable-trivy.yml@bf1c8e219de5b134c82d51c1b66507cd86e2d711 with: scan-iac: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 801373b..98d4916 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -149,7 +149,7 @@ jobs: needs: [meta] permissions: { contents: read, security-events: write, actions: read, packages: read } uses: >- - modeled-information-format/.github/.github/workflows/reusable-trivy.yml@5c856f8118976bfd3bb64a8911f69dc9b00b4cad + modeled-information-format/.github/.github/workflows/reusable-trivy.yml@bf1c8e219de5b134c82d51c1b66507cd86e2d711 with: { scan-iac: true } gate-shellcheck: needs: [meta] diff --git a/trivy.yaml b/trivy.yaml deleted file mode 100644 index 481a3a9..0000000 --- a/trivy.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# Trivy configuration — auto-loaded from the repo root by the Trivy CLI. Governs -# the filesystem scan run by the `trivy` job in quality-gates.yml (misconfig + -# license). Plugin source trees that vendor dependencies (e.g. an MCP server's -# node_modules) are dependency noise covered by the SCA/OSV gate, so skip them. -scan: - skip-dirs: - - "**/node_modules" - - "**/.venv"