fix: [#251] focus CVE scanning only, display all issues for visibility

josecelano · josecelano · commit 7013bc041b99 · 2025-12-23T18:20:59.000Z
diff --git a/.github/workflows/docker-security-scan.yml b/.github/workflows/docker-security-scan.yml
@@ -50,7 +50,6 @@ jobs:
           format: "table"
           severity: "HIGH,CRITICAL"
           exit-code: "0" # Don't fail here, just display
-          scanners: "vuln" # Only vulnerabilities, skip secrets (test containers have legitimate SSH keys)
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.28.0
@@ -99,6 +98,7 @@ jobs:
           output: "trivy-results.sarif"
           severity: "HIGH,CRITICAL"
           exit-code: "1"
+          scanners: "vuln" # Focus on CVEs, not secrets
 
       - name: Upload Trivy results to GitHub Security
         uses: github/codeql-action/upload-sarif@v4
