From 2208f17e8eb38473d96a9dd4908b48d8c52b7360 Mon Sep 17 00:00:00 2001
From: Joe Chen <jc@unknwon.io>
Date: Tue, 4 Mar 2025 23:07:09 -0500
Subject: [PATCH] chore: update Trivy scan config (#7934)

---
 .github/workflows/docker.yml | 1 +
 trivy.yaml                   | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 2a61779dd..cc4cebc18 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -5,6 +5,7 @@ on:
       - main
   pull_request:
     paths:
+      - '.trivy.yaml'
       - 'Dockerfile'
       - 'docker/**'
       - '.github/workflows/docker.yml'
diff --git a/trivy.yaml b/trivy.yaml
index c4ed20ff0..273ff104f 100644
--- a/trivy.yaml
+++ b/trivy.yaml
@@ -1,7 +1,7 @@
 scan:
   skip-files:
-    # CVE patching of the following things is far behind and out of our control.
-    - "usr/sbin/gosu"
+    - "usr/sbin/gosu" # CVE patching is far behind and out of our control.
+    - "app/gogs/gogs" # False positives on main builds
 
 severity:
   - CRITICAL