ci: delete .github/workflows/trivy.yaml

[mathetake]

Description

I believe we are not affected but it's too dangerous to rely on it anymroe aquasecurity/trivy#10425

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.33%. Comparing base (98200a4) to head (a588fe4).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1983   +/-   ##
=======================================
  Coverage   84.33%   84.33%           
=======================================
  Files         130      130           
  Lines       17987    17987           
=======================================
  Hits        15170    15170           
  Misses       1873     1873           
  Partials      944      944           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[mathetake]

/retest

[johnugeorge]

@mathetake Do we have any credentials/ev that need to be rotated? I see that we are using a pinned trivy image. Is it better to take actions from our side(if any) than to remove it ? What do you think?

[mathetake]

Do we have any credentials/ev that need to be rotated

Yes

[mathetake]

And no I have no alternative and I don't have a confidence that the pinned action is safe either at this point