New: [AEA-0000] - add zizmor and remove all trace of trivy

.devcontainer/Dockerfile.bootstrap

@@ -1,16 +1,3 @@
-# This can be used to bootstrap devcontainer when no images have been pushed
-FROM alpine:3.23.3 AS build
-ARG TARGETARCH
-RUN apk add --no-cache cosign bash curl jq
-COPY src/base/.devcontainer/scripts/install_trivy.sh /tmp/install_trivy.sh
-RUN case "${TARGETARCH}" in \
-        x86_64|amd64) TRIVY_ARCH=64bit ;; \
-        aarch64|arm64) TRIVY_ARCH=ARM64 ;; \
-        *) echo "Unsupported TARGETARCH: ${TARGETARCH}" && exit 1 ;; \
-    esac \
-    && INSTALL_DIR=/tmp/trivy/ ARCH="${TRIVY_ARCH}" /tmp/install_trivy.sh
-
-
 FROM mcr.microsoft.com/devcontainers/base:ubuntu-22.04
 ARG TARGETARCH
 ENV TARGETARCH=${TARGETARCH}
@@ -75,8 +62,6 @@ RUN git clone https://github.com/awslabs/git-secrets.git /tmp/git-secrets && \
     chmod 755 /usr/share/secrets-scanner && \
     curl -L https://raw.githubusercontent.com/NHSDigital/software-engineering-quality-framework/main/tools/nhsd-git-secrets/nhsd-rules-deny.txt -o /usr/share/secrets-scanner/nhsd-rules-deny.txt
 
-COPY --from=build /tmp/trivy/trivy /usr/local/bin/trivy
-
 USER vscode
 
 ENV PATH="/home/vscode/.asdf/shims:/home/vscode/.local/bin:$PATH:/workspaces/eps-devcontainers/node_modules/.bin"

.github/workflows/build_multi_arch_image.yml

@@ -63,13 +63,6 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           fetch-depth: 0
-      # - name: setup trivy
-      #   run: |
-      #     mkdir -p "$RUNNER_TEMP/bin"
-      #     docker build  --output="$RUNNER_TEMP/bin" -f "src/base/.devcontainer/Dockerfile.trivy.${ARCH}" .
-      #     echo "$RUNNER_TEMP/bin" >> "$GITHUB_PATH"
-      #  env:
-      #    ARCH: '${{ matrix.arch }}'
       - name: setup node
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
         with:

.gitignore

@@ -4,4 +4,4 @@ src/base/.devcontainer/language_versions/
 .trivyignore_combined.yaml
 .out/
 .envrc
-.trivy_out/
+.grype_out/