From 528521582ab1dd5d411d99c657b2fcb94aa0a9e9 Mon Sep 17 00:00:00 2001 From: Seongho Bae Date: Mon, 6 Jul 2026 09:18:10 +0900 Subject: [PATCH] chore(ci): skip security-process trivy-fs on PRs (central Security Scan covers it) The org-wide required Security Scan runs trivy-fs on every PR. Gate the local security-process.yml trivy-fs job to non-PR events so it only scans the default branch, removing the per-PR duplicate. appguardrail-scan still runs on PRs. Co-Authored-By: Claude Opus 4.8 (1M context) Claude-Session: https://claude.ai/code/session_01RTAMs4bpSZS77Xe3RQjv9P --- .github/workflows/security-process.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/security-process.yml b/.github/workflows/security-process.yml index bc38d48..24212d8 100644 --- a/.github/workflows/security-process.yml +++ b/.github/workflows/security-process.yml @@ -52,6 +52,8 @@ jobs: retention-days: 7 trivy-fs: + # Central Security Scan runs Trivy on PRs; only scan the default branch here. + if: github.event_name != 'pull_request' runs-on: ubuntu-latest env: FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true