From 7cdd11a47128da864d5e0e3f1168fbaf9841ee57 Mon Sep 17 00:00:00 2001
From: raffis <raffael.sahli@doodle.com>
Date: Thu, 22 Aug 2024 11:48:55 +0200
Subject: [PATCH] ci: remove license scanning in trivy vulnerabiltiy job (#182)

---
 .github/ISSUE_TEMPLATE/VULN-TEMPLATE.md          | 7 +++++++
 .github/workflows/report-on-vulnerabilities.yaml | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 .github/ISSUE_TEMPLATE/VULN-TEMPLATE.md

diff --git a/.github/ISSUE_TEMPLATE/VULN-TEMPLATE.md b/.github/ISSUE_TEMPLATE/VULN-TEMPLATE.md
new file mode 100644
index 0000000..66e6938
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/VULN-TEMPLATE.md
@@ -0,0 +1,7 @@
+---
+title: Vulnerabilities detected
+labels: security
+---
+High or critical vulnerabilities detected. Scan results are below:
+
+{{ env.RESULTS }}
diff --git a/.github/workflows/report-on-vulnerabilities.yaml b/.github/workflows/report-on-vulnerabilities.yaml
index 3a7c48e..c1b4cdd 100644
--- a/.github/workflows/report-on-vulnerabilities.yaml
+++ b/.github/workflows/report-on-vulnerabilities.yaml
@@ -23,7 +23,7 @@ jobs:
       with: 
         image-ref: ghcr.io/doodlescheduling/flux-build:latest
         format: json
-        scanners: license,vuln,secret
+        scanners: vuln,secret
         ignore-unfixed: false
         severity: HIGH,CRITICAL
         output: scan.json