Skip to content

ci: drop Trivy vulnerability scanning#294

Merged
jbw976 merged 1 commit into
crossplane:mainfrom
stevendborrelli:disable-trivy
May 6, 2026
Merged

ci: drop Trivy vulnerability scanning#294
jbw976 merged 1 commit into
crossplane:mainfrom
stevendborrelli:disable-trivy

Conversation

@stevendborrelli
Copy link
Copy Markdown
Member

@stevendborrelli stevendborrelli commented May 5, 2026
edited
Loading

Description of your changes

Disable trivy scan. See crossplane/crossplane#7237.

I have:

  • Read and followed Crossplane's contribution process.
  • Run make reviewable to ensure this PR is ready for review.

How has this code been tested

@stevendborrelli
disable trivy
f22fd8a 
Signed-off-by: Steven Borrelli <steve@borrelli.org>
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 5, 2026

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1b088334-6bff-4ec7-b139-a847c51ab42c

📥 Commits

Reviewing files that changed from the base of the PR and between 1c756d2 and f22fd8a.

📒 Files selected for processing (1)
  • .github/workflows/ci.yml
💤 Files with no reviewable changes (1)
  • .github/workflows/ci.yml
📝 Walkthrough

Walkthrough

The PR removes the Trivy filesystem vulnerability scan job (trivy-scan-fs) from the CI workflow. CodeQL analysis and unit test stages remain intact. No public APIs or exported declarations are affected.

Changes

CI Workflow Simplification

Layer / File(s) Summary
Scan Job Removal
.github/workflows/ci.yml		 The trivy-scan-fs job (including its Checkout and Trivy Action steps) is removed from the CI pipeline, reducing 20 lines of configuration.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely describes the main change: removing Trivy vulnerability scanning from the CI workflow. It is under 72 characters and directly matches the changeset.
Description check ✅ Passed The description explains the purpose of disabling Trivy scanning and references a related upstream issue, which is directly related to the changeset.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Breaking Changes ✅ Passed PR only modifies .github/workflows/ci.yml (removes Trivy scanning job). No Go source files were changed, so breaking changes check does not apply.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

jbw976
jbw976 approved these changes May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jbw976 jbw976 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for adding this @stevendborrelli! (or removing it technically haha)

@jbw976 jbw976 merged commit 78a3dd8 into crossplane:main May 6, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jbw976 jbw976 jbw976 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stevendborrelli @jbw976