sec fixes
This commit is contained in:
Andrey Kondratev
12
.serena/memories/sarif_upload_removal.md
Normal file
12
.serena/memories/sarif_upload_removal.md
Normal file
@@ -0,0 +1,12 @@
|
||||
# SARIF Upload Removal
|
||||
|
||||
## Issue
|
||||
Docker Security Scan workflow was failing because code scanning is not enabled for the repository and the button to enable it doesn't work.
|
||||
|
||||
## Solution
|
||||
Removed the SARIF upload step from `.github/workflows/security.yml`:
|
||||
- Removed the "Upload Trivy scan results" step that was using `github/codeql-action/upload-sarif@v3`
|
||||
- This prevents the workflow failure while keeping the actual Trivy security scanning functionality intact
|
||||
|
||||
## Result
|
||||
The Docker security scan will now run without trying to upload results to GitHub's code scanning feature, eliminating the failure point.
|
||||
Reference in New Issue
Block a user