Skip to content

New: [AEA-0000] - add zizmor and remove all trace of trivy#68

Open
anthony-nhs wants to merge 9 commits intomainfrom
add_script_to_check_github_actions_use_sha
Open

New: [AEA-0000] - add zizmor and remove all trace of trivy#68
anthony-nhs wants to merge 9 commits intomainfrom
add_script_to_check_github_actions_use_sha

Conversation

@anthony-nhs
Copy link
Contributor

@anthony-nhs anthony-nhs commented Mar 26, 2026

Summary

  • Routine Change

Details

  • add zizmor
  • remove all trace of trivy

Copilot AI review requested due to automatic review settings March 26, 2026 10:05
@github-actions
Copy link
Contributor

github-actions bot commented Mar 26, 2026

This PR is linked to a ticket in an NHS Digital JIRA Project. Here's a handy link to the ticket:

AEA-0000

@anthony-nhs anthony-nhs changed the title Chore: [AEA-0000] - add zizmor and remove all trace of trivy New: [AEA-0000] - add zizmor and remove all trace of trivy Mar 26, 2026
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR removes Trivy-related configuration/assets from the devcontainer build system and introduces Zizmor into the base devcontainer tooling.

Changes:

  • Removed Trivy configs and .trivyignore*.yaml files across base/language/project images.
  • Removed Trivy install/build artifacts (installer script + Trivy Dockerfiles) and the Trivy ignore generation script/docs.
  • Added Rust tooling to the base devcontainer and installs Zizmor; added a make zizmor target.

Reviewed changes

Copilot reviewed 37 out of 37 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
trivy.yaml Removed Trivy config reference.
src/projects/regression_tests/trivy.yaml Removed project-level Trivy config reference.
src/projects/regression_tests/.trivyignore.yaml Removed project-level Trivy ignore list.
src/projects/node_24_python_3_14_java_24/trivy.yaml Removed project-level Trivy config reference.
src/projects/node_24_python_3_14_java_24/.trivyignore.yaml Removed project-level Trivy ignore list.
src/projects/node_24_python_3_14_golang_1_24/trivy.yaml Removed project-level Trivy config reference.
src/projects/node_24_python_3_14_golang_1_24/.trivyignore.yaml Removed project-level Trivy ignore list.
src/projects/fhir_facade_api/trivy.yaml Removed project-level Trivy config reference.
src/projects/fhir_facade_api/.trivyignore.yaml Removed project-level Trivy ignore list.
src/projects/eps-storage-terraform/trivy.yaml Removed project-level Trivy config reference.
src/projects/eps-storage-terraform/.trivyignore.yaml Removed project-level Trivy ignore list.
src/languages/node_24_python_3_14/trivy.yaml Removed language image Trivy config reference.
src/languages/node_24_python_3_14/.trivyignore.yaml Removed language image Trivy ignore list.
src/languages/node_24_python_3_13/trivy.yaml Removed language image Trivy config reference.
src/languages/node_24_python_3_13/.trivyignore.yaml Removed language image Trivy ignore list.
src/languages/node_24_python_3_12/trivy.yaml Removed language image Trivy config reference.
src/languages/node_24_python_3_12/.trivyignore.yaml Removed language image Trivy ignore list.
src/languages/node_24_python_3_10/trivy.yaml Removed language image Trivy config reference.
src/languages/node_24_python_3_10/.trivyignore.yaml Removed language image Trivy ignore list.
src/common/.trivyignore.yaml Removed shared/common Trivy ignore list.
src/base_node/node_24/trivy.yaml Removed base_node Trivy config reference.
src/base/trivy.yaml Removed base Trivy config reference.
src/base/.trivyignore.yaml Removed base Trivy ignore list.
src/base/.devcontainer/scripts/vscode_install.sh Added Rust plugin + installs Zizmor via Cargo; removed Trivy plugin usage.
src/base/.devcontainer/scripts/install_trivy.sh Removed Trivy installer script.
src/base/.devcontainer/Mk/trivy.mk Reduced Trivy make targets to placeholders (no-op).
src/base/.devcontainer/Mk/check.mk Added zizmor make target.
src/base/.devcontainer/Dockerfile.trivy.arm64 Removed Trivy builder Dockerfile (arm64).
src/base/.devcontainer/Dockerfile.trivy.amd64 Removed Trivy builder Dockerfile (amd64).
src/base/.devcontainer/Dockerfile Added Cargo bin to PATH; removed Trivy-related commented build stage remnants.
src/base/.devcontainer/.tool-versions Added Rust toolchain version pin.
scripts/trivy_to_trivyignore.py Removed Trivy JSON → ignore-file conversion script.
README.md Removed .trivyignore generation docs; added Zizmor mention; updated Trivy references.
Makefile Removed commented-out Trivy scan implementation details; kept scan targets as no-ops; removed combined-ignore cleanup.
.trivyignore.yaml Removed repository-level Trivy ignore list.
.github/workflows/build_multi_arch_image.yml Removed commented Trivy setup block.
.devcontainer/Dockerfile.bootstrap Removed Trivy bootstrap stage/copy steps.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@anthony-nhs anthony-nhs requested a review from Copilot March 26, 2026 11:37
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 45 out of 45 changed files in this pull request and generated 5 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anthony-nhs