ci: adjust scanner actions

[NARSimoes]

Summary

• Adjusting scanner actions, I'll add a follow up to introduce a new one.

Release Note

Summary by CodeRabbit

• Chores
  • Removed automated Docker image security scanning from the continuous integration pipeline.
  • Removed associated build tool configuration variables and the related build system target.

[mm-cloud-bot]

@NARSimoes: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Details

I understand the commands that are listed here

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 22a035e4-c2a1-4ad0-9631-6973da471027

📥 Commits

Reviewing files that changed from the base of the PR and between 2af4bd5 and 1720ae4.

📒 Files selected for processing (2)

• .github/workflows/ci.yml
• Makefile

💤 Files with no reviewable changes (2)

• .github/workflows/ci.yml
• Makefile

---

📝 Walkthrough

Walkthrough

This pull request removes Trivy-based Docker security scanning from the CI/CD pipeline and build tooling. The changes eliminate SARIF-generating scan steps from the GitHub Actions workflow and remove corresponding Trivy configuration variables and build targets from the Makefile.

Changes

Cohort / File(s)	Summary
CI/CD Security Scanning Removal .github/workflows/ci.yml	Removed Trivy security scanning steps for both standard and FIPS Docker images, including SARIF report generation and upload actions (aquasecurity/trivy-action@v0.34.2 and github/codeql-action/upload-sarif@v3.29.5).
Build System Configuration Cleanup Makefile	Removed Trivy-related make variables (TRIVY_SEVERITY, TRIVY_EXIT_CODE, TRIVY_VULN_TYPE) and the trivy make target that executed image scanning against the operator image.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'ci: adjust scanner actions' is vague and does not clearly specify which scanner actions were adjusted or what the primary change is.	Consider a more specific title such as 'ci: remove Trivy-based Docker security scanning' or 'ci: remove Trivy scanner from CI workflow' to clearly indicate the main change.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch nasimoes-ci-aqua

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}