DAT-21381: Update build_logic_ref to 'main' in Trivy scan

[sayaliM0412]

This pull request makes a minor update to the workflow configuration by changing the build_logic_ref from a specific branch to main in the .github/workflows/trivy-scan-published-images.yml file.

[coderabbitai]

📝 Walkthrough

Walkthrough

The change updates the GitHub Actions workflow configuration to reference the main branch instead of a feature branch for build logic. The build_logic_ref input parameter in the trivy-scan-published-images workflow is modified from a DAT-21381 branch reference to main, changing the source of reusable vulnerability scanning logic.

Changes

Cohort / File(s)	Summary
Workflow configuration .github/workflows/trivy-scan-published-images.yml	Updated build_logic_ref input parameter from branch reference DAT-21381 to main

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• fix: remove SARIF uploads from published images workflow #471: Modifies the same workflow file (.github/workflows/trivy-scan-published-images.yml) to alter workflow steps, making it closely related to this configuration update.

Suggested reviewers

• jandroav

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Linked Issues check	⚠️ Warning	The PR only updates a workflow configuration to reference 'main' branch, but the linked issue DAT-21381 requires moving and unifying scanning scripts into build-logic with multiple acceptance criteria not met by this change.	This PR appears to be a partial implementation. Complete the unified script creation in build-logic, move analysis scripts, update .trivyignore, and ensure both repos' pipelines pass with the unified scripts as required by DAT-21381.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: updating build_logic_ref to 'main' in the Trivy scan workflow, which matches the actual changeset.
Description check	✅ Passed	The description is directly related to the changeset, explaining that build_logic_ref was changed from a specific branch to 'main' in the workflow file.
Out of Scope Changes check	✅ Passed	The PR contains only the intended workflow configuration update with no extraneous changes outside the scope of the immediate changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/DAT-21381

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e9e7ec6 and dfbb9eb.

📒 Files selected for processing (1)

• .github/workflows/trivy-scan-published-images.yml (1 hunks)

🔇 Additional comments (2)

.github/workflows/trivy-scan-published-images.yml (2)

49-58: Verify reusable workflow accepts the build_logic_ref parameter on main.

The change references the main branch for unified scanning logic. Confirm that:

1. The reusable workflow reusable-vulnerability-scan.yml exists on the main branch in build-logic
2. The workflow accepts and uses the build_logic_ref parameter to fetch scripts, .trivyignore, and other resources from the specified ref
3. All required scanning scripts and configurations are available on main in build-logic

---

49-58: Verify scripts are merged to main before transition.

Before transitioning from the DAT-21381 feature branch to main, confirm that:

• The scanning scripts (analyze-scan-results.sh, convert-scan-results.sh, create-enhanced-report.sh, append-github-summary.sh, lib/vuln-filters.sh) have been merged to main in build-logic
• The reusable-vulnerability-scan.yml workflow on main is production-ready and tested
• The .trivyignore configuration is available on main
• Any other repos currently using DAT-21381 branch references have been or will be updated

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}