ci(trivy): disable vulnerability scan on PRs

There is a risk with this approach to miss a new vulnerability being introduced by a
PR. But in our case, it is much less likely than a random CVE popping up in existing
dependencies at the wrong time, blocking a totally unrelated PR merge. And with
our regular scheduled scan, we will catch all vulnerabilities spotted by Trivy soon
enough (certainly way before I include the PR in a release).

Author: thomasleplus

.github/workflows/super-linter.yml

@@ -70,6 +70,7 @@ jobs:
           DEFAULT_BRANCH: main
           FILTER_REGEX_EXCLUDE: "(gradlew|gradlew\\.bat|gradle/.*|mvnw|mvnw\\.cmd|\\.m2/.*|\\.mvn/.*)$"
           ENFORCE_COMMITLINT_CONFIGURATION_CHECK: true
+          TRIVY_SCANNERS: ${{ (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && 'vuln,misconfig,secret' || 'misconfig,secret'}}
           BIOME_CONFIG_PATH: .biome.json
           GITHUB_ACTIONS_ZIZMOR_CONFIG_FILE: .zizmor.yml
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}