ci: Remove Slack notification from Trivy container scan (no-changelog) (#32474)

Co-authored-by: n8n-cat-bot[bot] <n8n-cat-bot[bot]@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-19 07:36:52 +00:00 · 2026-06-17 18:19:29 +01:00
parent 7a3a190d37
commit 3d47c91e5c
2 changed files with 1 additions and 21 deletions
@@ -577,7 +577,7 @@ Supply chain security ensures artifacts haven't been tampered with. We provide t

 - **Runs on:** stable/nightly/rc Docker builds
 - **Scans:** n8n image, runners image
- **Output:** Slack `#updates-security` when vulnerabilities are detected
+- **Output:** GitHub Actions step summary (`$GITHUB_STEP_SUMMARY`) and run logs

 ### SBOM

@@ -13,16 +13,10 @@ on:
        type: string
        description: 'Full image reference to scan e.g. ghcr.io/n8n-io/n8n:latest'
        required: true
-    secrets:
-      QBOT_SLACK_TOKEN:
-        required: true

 permissions:
  contents: read

-env:
-  SLACK_CHANNEL_ID: C0AHNJU9XFA #updates-security
-
 jobs:
  security_scan:
    name: Security - Scan Docker Image With Trivy
@@ -36,7 +30,6 @@ jobs:
            security/trivy.yaml
            security/trivy-ignore-policy.rego
            .github/scripts/retry.mjs
-            .github/scripts/slack
          sparse-checkout-cone-mode: false

      - name: Pull Docker image with retry
@@ -165,16 +158,3 @@ jobs:
              echo "🔍 **View detailed logs above for full analysis**"
            } >> "$GITHUB_STEP_SUMMARY"
          fi
-
-      - name: Send Slack notification
-        if: steps.process_results.outputs.vulnerabilities_found == 'true'
-        env:
-          SLACK_TOKEN: ${{ secrets.QBOT_SLACK_TOKEN }}
-          IMAGE_REF: ${{ inputs.image_ref }}
-        run: |
-          node .github/scripts/slack/notify.mjs \
-            --channel "$SLACK_CHANNEL_ID" \
-            --text "🚨 Trivy Scan: ${{ steps.process_results.outputs.critical_count }} Critical, ${{ steps.process_results.outputs.high_count }} High, ${{ steps.process_results.outputs.medium_count }} Medium, ${{ steps.process_results.outputs.low_count }} Low vulnerabilities found in $IMAGE_REF" \
-            --blocks trivy \
-            --results trivy-results.json \
-            --image-ref "$IMAGE_REF"