From 30d3749641894130da18001404d0a06d7189694b Mon Sep 17 00:00:00 2001
From: Michael Wiegand <michael.wiegand@greenbone.net>
Date: Fri, 6 Mar 2026 14:27:24 +0100
Subject: [PATCH] change: deactivate image scanners added for evaluation

---
 .github/workflows/research-vuln-scan.yml | 114 -----------------------
 1 file changed, 114 deletions(-)
 delete mode 100644 .github/workflows/research-vuln-scan.yml

diff --git a/.github/workflows/research-vuln-scan.yml b/.github/workflows/research-vuln-scan.yml
deleted file mode 100644
index 1c9ad67..0000000
--- a/.github/workflows/research-vuln-scan.yml
+++ /dev/null
@@ -1,114 +0,0 @@
-name: trivy & grype & sarif & docker scout vulnerability scan
-
-on:
-  push:
-    branches: [ "main" ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "main" ]
-
-permissions:
-  contents: read
-
-jobs:
-  trivy:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
-    name: Trivy
-    runs-on: self-hosted-generic
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v4.2.2
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
-        with:
-          image-ref: '${{ vars.GREENBONE_REGISTRY }}/opensight/opensight-postgres:16'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results.sarif'
-          severity: 'MEDIUM,HIGH,CRITICAL'
-          github-pat: ${{ secrets.GITHUB_TOKEN }} # or ${{ secrets.github_pat_name }} if you're using a PAT
-        env:
-          TRIVY_USERNAME: ${{ secrets.GREENBONE_REGISTRY_READ_USER }}
-          TRIVY_PASSWORD: ${{ secrets.GREENBONE_REGISTRY_READ_TOKEN }}
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v3.29.5
-        with:
-          sarif_file: 'trivy-results.sarif'
-          category: ${{ github.jobs[github.job].name }}
-
-  grype:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
-    name: Grype
-    runs-on: self-hosted-generic
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v4.2.2
-
-      - name: Login to Greenbone Product container registry
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 #v4.0.0
-        with:
-          registry: ${{ vars.GREENBONE_REGISTRY }}
-          username: ${{ secrets.GREENBONE_REGISTRY_READ_USER }}
-          password: ${{ secrets.GREENBONE_REGISTRY_READ_TOKEN }}
-
-      - name: Run the Anchore Grype scan action
-        uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c
-        id: grype
-        with:
-          image: '${{ vars.GREENBONE_REGISTRY }}/opensight/opensight-postgres:16'
-          fail-build: false
-          severity-cutoff: medium
-
-      - name: Upload grype vulnerability report
-        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v3.29.5
-        with:
-          sarif_file: ${{ steps.grype.outputs.sarif }}
-          category: ${{ github.jobs[github.job].name }}
-
-  docker-scout:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
-      pull-requests: write
-    name: "Docker Scout"
-    runs-on: self-hosted-generic
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v4.2.2
-
-      - name: Login to Greenbone Product container registry
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 #v4.0.0
-        with:
-          registry: ${{ vars.GREENBONE_REGISTRY }}
-          username: ${{ secrets.GREENBONE_REGISTRY_READ_USER }}
-          password: ${{ secrets.GREENBONE_REGISTRY_READ_TOKEN }}
-
-      - name: Analyze for critical and high CVEs
-        id: docker-scout-cves
-        if: ${{ github.event_name != 'pull_request_target' }}
-        uses: docker/scout-action@v1
-        with:
-          command: cves
-          image: '${{ vars.GREENBONE_REGISTRY }}/opensight/opensight-postgres:16'
-          sarif-file: sarif.output.json
-          summary: true
-          dockerhub-user: ${{ secrets.DOCKERHUB_USERNAME }}
-          dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}
-          only-severities: critical, high, medium
-
-      - name: Upload docker scout SARIF result
-        id: upload-sarif
-        if: ${{ github.event_name != 'pull_request_target' }}
-        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v3.29.5
-        with:
-          sarif_file: sarif.output.json
-          category: ${{ github.jobs[github.job].name }}