chore: update Trivy scan config (#7934)

2025-12-12 20:35:47 +01:00 · 2025-03-04 23:07:09 -05:00
parent 46a84fdad5
commit 2208f17e8e
2 changed files with 3 additions and 2 deletions
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -5,6 +5,7 @@ on:
      - main
  pull_request:
    paths:
+      - '.trivy.yaml'
      - 'Dockerfile'
      - 'docker/**'
      - '.github/workflows/docker.yml'
--- a/trivy.yaml
+++ b/trivy.yaml
@@ -1,7 +1,7 @@
 scan:
  skip-files:
-    # CVE patching of the following things is far behind and out of our control.
-    - "usr/sbin/gosu"
+    - "usr/sbin/gosu" # CVE patching is far behind and out of our control.
+    - "app/gogs/gogs" # False positives on main builds

 severity:
  - CRITICAL