Remove that kaniko-trivy build strategy sample in favor of the first-…

…class image scanning support

.github/workflows/check-latest-images.yaml

@@ -13,12 +13,8 @@ jobs:
         include:
           - image: gcr.io/kaniko-project/executor
             latest-release-url: https://api.github.com/repos/GoogleContainerTools/kaniko/releases/latest
-          - image: docker.io/aquasec/trivy
-            latest-release-url: https://api.github.com/repos/aquasecurity/trivy/releases/latest
           - image: quay.io/containers/buildah
             latest-release-url: https://quay.io/api/v1/repository/containers/buildah/tag/
-          - image: gcr.io/go-containerregistry/crane
-            latest-release-url: https://api.github.com/repos/google/go-containerregistry/releases/latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4

docs/buildstrategies.md

@@ -15,7 +15,6 @@ SPDX-License-Identifier: Apache-2.0
   - [Installing Buildpacks v3 Strategy](#installing-buildpacks-v3-strategy)
 - [Kaniko](#kaniko)
   - [Installing Kaniko Strategy](#installing-kaniko-strategy)
-    - [Scanning with Trivy](#scanning-with-trivy)
 - [BuildKit](#buildkit)
   - [Cache Exporters](#cache-exporters)
   - [Build-args and secrets](#build-args-and-secrets)
@@ -129,7 +128,7 @@ kubectl apply -f samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_build
 
 ## Kaniko
 
-The `kaniko` ClusterBuildStrategy is composed by Kaniko's `executor` [kaniko], with the objective of building a container-image, out of a `Dockerfile` and context directory. The `kaniko-trivy` ClusterBuildStrategy adds [trivy](https://github.com/aquasecurity/trivy) scanning and refuses to push images with critical vulnerabilities.
+The `kaniko` ClusterBuildStrategy is composed by Kaniko's `executor` [kaniko], with the objective of building a container-image, out of a `Dockerfile` and context directory.
 
 ### Installing Kaniko Strategy
 
@@ -139,18 +138,6 @@ To install the cluster scope strategy, use:
 kubectl apply -f samples/v1beta1/buildstrategy/kaniko/buildstrategy_kaniko_cr.yaml
 ```
 
-#### Scanning with Trivy
-
-You can also incorporate scanning into the ClusterBuildStrategy. The `kaniko-trivy` ClusterBuildStrategy builds the image with `kaniko`, then scans with [trivy](https://github.com/aquasecurity/trivy). The BuildRun will then exit with an error if there is a critical vulnerability, instead of pushing the vulnerable image into the container registry.
-
-To install the cluster scope strategy, use:
-
-```sh
-kubectl apply -f samples/v1beta1/buildstrategy/kaniko/buildstrategy_kaniko-trivy_cr.yaml
-```
-
-*Note: doing image scanning is not a substitute for trusting the Dockerfile you are building. The build process itself is also susceptible if the Dockerfile has a vulnerability. Frameworks/strategies such as build-packs or source-to-image (which avoid directly building a Dockerfile) should be considered if you need guardrails around the code you want to build.*
-
 ---
 
 ## BuildKit

hack/check-latest-images.sh

@@ -50,11 +50,6 @@ function update() {
         fi
         LATEST_TAG="$(curl --silent --retry 3 "${LATEST_RELEASE_URL}" | jq --raw-output "${QUERY}")"
 
-        # Trivy image tag (0.31.3) is different from release tag name (v0.31.3)
-        if [[ ${IMAGE} == *trivy* ]]; then
-                LATEST_TAG="${LATEST_TAG:1}"
-        fi
-
         echo "[INFO] Determined latest tag ${LATEST_TAG}"
 
         # Search and modify the image tag with the latest