fix: remove checkov from CI (runs in Atlantis instead), avoid pip dependency conflicts

2026-02-14 17:34:49 +01:00 · 2026-02-14 17:34:49 +01:00 · bc79f11276
commit bc79f11276
parent de3401645f
1 changed files with 2 additions and 15 deletions
--- a/.gitea/workflows/security-scan.yaml
+++ b/.gitea/workflows/security-scan.yaml
@ -45,18 +45,5 @@ jobs:
            --exit-code 0 \
            --format table 2>&1
          echo "Trivy IaC scan complete (advisory mode)"
-
-      - name: Install checkov
-        run: pip3 install --break-system-packages -q checkov 2>&1 | tail -3
-
-      - name: Checkov IaC Security Scan
-        run: |
-          echo "=== Checkov IaC Security Scan ==="
-          checkov -d environments/ \
-            --framework terraform \
-            --soft-fail \
-            --compact \
-            --skip-check CKV_TF_1,CKV_TF_2 \
-            --output cli 2>&1 || true
-          echo "Checkov scan complete (soft-fail mode)"
-
+          echo ""
+          echo "Note: Checkov IaC scanning runs during Atlantis plan (integrated in Atlantis Dockerfile)"