From 965ad43331507fd1fe784c9bffbbe0a02da130e4 Mon Sep 17 00:00:00 2001
From: Ryan Richard <richardry@vmware.com>
Date: Mon, 23 Mar 2026 10:47:46 -0700
Subject: [PATCH] task to run trivy does not need any GitHub personal access
 token

---
 pipelines/main/pipeline.yml                      | 1 -
 pipelines/pull-requests/pipeline.yml             | 1 -
 pipelines/security-scan/pipeline.yml             | 4 +---
 pipelines/shared-tasks/scan-image-trivy/task.yml | 1 -
 4 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/pipelines/main/pipeline.yml b/pipelines/main/pipeline.yml
index 29422e3a0..fee2b9c8a 100644
--- a/pipelines/main/pipeline.yml
+++ b/pipelines/main/pipeline.yml
@@ -999,7 +999,6 @@ jobs:
           image: ci-build-image
         file: pinniped-ci/pipelines/shared-tasks/scan-image-trivy/task.yml
         params:
-          GITHUB_TOKEN: ((ci-bot-access-token-with-read-user-permission))
           <<: *trivy_ignores
         <<: *notify_on_failure
 
diff --git a/pipelines/pull-requests/pipeline.yml b/pipelines/pull-requests/pipeline.yml
index b98fbf1d4..7d2a99642 100644
--- a/pipelines/pull-requests/pipeline.yml
+++ b/pipelines/pull-requests/pipeline.yml
@@ -987,7 +987,6 @@ jobs:
         input_mapping:
           image: ci-build-image
         params:
-          GITHUB_TOKEN: ((ci-bot-access-token-with-read-user-permission))
           <<: *trivy_ignores
 
   - name: integration-test-oldest
diff --git a/pipelines/security-scan/pipeline.yml b/pipelines/security-scan/pipeline.yml
index 6facb0201..57b4979f3 100644
--- a/pipelines/security-scan/pipeline.yml
+++ b/pipelines/security-scan/pipeline.yml
@@ -1,4 +1,4 @@
-# Copyright 2020-2025 the Pinniped contributors. All Rights Reserved.
+# Copyright 2020-2026 the Pinniped contributors. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 display:
@@ -217,7 +217,6 @@ jobs:
       - task: scan
         file: pinniped-ci/pipelines/shared-tasks/scan-image-trivy/task.yml
         params:
-          GITHUB_TOKEN: ((ci-bot-access-token-with-read-user-permission))
           <<: *trivy_ignores
         input_mapping:
           image: pinniped-latest-release-image
@@ -236,7 +235,6 @@ jobs:
       - task: scan
         file: pinniped-ci/pipelines/shared-tasks/scan-image-trivy/task.yml
         params:
-          GITHUB_TOKEN: ((ci-bot-access-token-with-read-user-permission))
           <<: *trivy_ignores
         input_mapping:
           image: pinniped-latest-main-image
diff --git a/pipelines/shared-tasks/scan-image-trivy/task.yml b/pipelines/shared-tasks/scan-image-trivy/task.yml
index 81ef85148..14d8a60f1 100644
--- a/pipelines/shared-tasks/scan-image-trivy/task.yml
+++ b/pipelines/shared-tasks/scan-image-trivy/task.yml
@@ -11,7 +11,6 @@ inputs:
   - name: image
 outputs:
 params:
-  GITHUB_TOKEN:
   # For format see https://trivy.dev/docs/latest/guide/configuration/filtering/#by-finding-ids
   IGNORE_VULNERABILITY_IDS: ""
 run: