fix: [#251] disable secret scanning for test containers with SSH keys

josecelano · josecelano · commit c13afa8a5c02 · 2025-12-23T18:04:13.000Z
diff --git a/.github/workflows/docker-security-scan.yml b/.github/workflows/docker-security-scan.yml
@@ -50,6 +50,7 @@ jobs:
           format: "table"
           severity: "HIGH,CRITICAL"
           exit-code: "0" # Don't fail here, just display
+          scanners: "vuln" # Only vulnerabilities, skip secrets (test containers have legitimate SSH keys)
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.28.0
@@ -59,6 +60,7 @@ jobs:
           output: "trivy-results-${{ matrix.image.name }}.sarif"
           severity: "HIGH,CRITICAL"
           exit-code: "1"
+          scanners: "vuln" # Only vulnerabilities, skip secrets (test containers have legitimate SSH keys)
 
       - name: Upload Trivy results to GitHub Security
         uses: github/codeql-action/upload-sarif@v4
