From 5b41ad14bc35fdfd57f7408a651325a5c378422d Mon Sep 17 00:00:00 2001
From: Corneil du Plessis <corneil.du-plessis@broadcom.com>
Date: Thu, 14 Nov 2024 16:23:27 +0200
Subject: [PATCH] Disable Trivy by default

Adds an input flag `enableSecurityScan` that is false by default and will only include the scan job if set to true.
---
 .github/workflows/ci.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e4664ea476..0e2a0c20b0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,6 +2,11 @@ name: CI
 
 on:
   workflow_dispatch:
+    inputs:
+      enableSecurityScan:
+        type: boolean
+        default: false
+        description: 'Enable security scan with Trivy'
   push:
     branches:
       - 'main'
@@ -172,6 +177,7 @@ jobs:
     secrets: inherit
   scan:
     runs-on: ubuntu-latest
+    if: ${{ inputs.enableSecurityScan != null && inputs.enableSecurityScan }}
     steps:
       - uses: actions/checkout@v4
       - name: Run Trivy vulnerability scanner in repo mode