Fix Trivy Workflow

[ConnorJC3]

Issue #, if available: N/A

Description of changes:

Our Trivy workflow is failing on the hour for one of two reasons:

• Firstly, if often hits the unauthenticated ECR Public rate limit, because we basically share that with the entire world that is using GH Actions - we bypass that problem by logging in to get our own dedicated limit
• Secondly, when it doesn't hit that limit, it hits a poorly documented limitation in the SARIF upload action that GitHub added a few months ago: https://github.blog/changelog/2025-07-21-code-scanning-will-stop-combining-multiple-sarif-runs-uploaded-in-the-same-sarif-file/

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[github-actions]

Summary

Hello and thank you for your contribution to the CSI Components repository!

This PR was created from a fork of the upstream aws/csi-components repository - thus, the E2E tests CI job will not run. This is because the job requires significant dangerous AWS permissions to create Amazon EKS and kOps Kubernetes clusters.

Instructions for Third Party Contributors

Maintainers will review your PR as per normal GitHub procedure, and approve and/or suggest changes as necessary. After the changes are ready to merge, a maintainer will transfer the changes to a branch on the upstream repository and open a new PR using the new branch. This will allow the changes to run against the E2E changes before being merged.

You may find it useful to pre-emptively run the E2E tests yourself to avoid any issues in the merging process. Currently, the CI runs the following E2E tests:

• make e2e/test-e2e-external
• make e2e/test-e2e-external-arm64
• make e2e/test-e2e-external-eks-windows
• make e2e/test-e2e-external-eks-bottlerocket

Note: These tests require access to an AWS account, and will temporarily create testing resources in the account that cost money. If the tests crash or otherwise exit early, they may leave resources behind that require manual cleanup.

Instructions for Maintainers

If you are a maintainer and submitted this PR, close it and open the PR using a branch pushed to the upstream aws/csi-components repository.

If this is a third party contributor's PR, follow this procedure:

1. Review the PR's changes as normal
   If applicable, run associated E2E tests locally
2. When the PR is ready to merge, in a checked out version of the upstrem repository:

gh pr checkout 14
git switch -c pr-14
git push

3. Visit https://github.com/aws/csi-components/pull/new/pr-14 and create the PR
   Reuse the title and description of this PR if they are applicable
4. Do not close this PR - GitHub will automatically close it after that PR is merged

[github-actions]

Trivy Output

702945799511.dkr.ecr.us-west-2.amazonaws.com/csi-snapshotter:ded17bd4a87cc5b7051d1fcb01c9abddb5d52d86-v8.3.0-eksbuild.2

Report Summary

┌──────────────────────────────────────────────────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                                      Target                                      │   Type   │ Vulnerabilities │ Secrets │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ 702945799511.dkr.ecr.us-west-2.amazonaws.com/csi-snapshotter:ded17bd4a87cc5b705- │  amazon  │        0        │    -    │
│ 1d1fcb01c9abddb5d52d86-v8.3.0-eksbuild.2 (amazon 2023.7.20250623 (Amazon Linux)) │          │                 │         │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ csi-snapshotter                                                                  │ gobinary │        0        │    -    │
└──────────────────────────────────────────────────────────────────────────────────┴──────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

702945799511.dkr.ecr.us-west-2.amazonaws.com/csi-attacher:ded17bd4a87cc5b7051d1fcb01c9abddb5d52d86-v4.9.0-eksbuild.4

Report Summary

┌──────────────────────────────────────────────────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                                      Target                                      │   Type   │ Vulnerabilities │ Secrets │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ 702945799511.dkr.ecr.us-west-2.amazonaws.com/csi-attacher:ded17bd4a87cc5b7051d1- │  amazon  │        0        │    -    │
│ fcb01c9abddb5d52d86-v4.9.0-eksbuild.4 (amazon 2023.7.20250623 (Amazon Linux))    │          │                 │         │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ csi-attacher                                                                     │ gobinary │        0        │    -    │
└──────────────────────────────────────────────────────────────────────────────────┴──────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

702945799511.dkr.ecr.us-west-2.amazonaws.com/csi-provisioner:ded17bd4a87cc5b7051d1fcb01c9abddb5d52d86-v5.3.0-eksbuild.4

Report Summary

┌──────────────────────────────────────────────────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                                      Target                                      │   Type   │ Vulnerabilities │ Secrets │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ 702945799511.dkr.ecr.us-west-2.amazonaws.com/csi-provisioner:ded17bd4a87cc5b705- │  amazon  │        0        │    -    │
│ 1d1fcb01c9abddb5d52d86-v5.3.0-eksbuild.4 (amazon 2023.7.20250623 (Amazon Linux)) │          │                 │         │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ csi-provisioner                                                                  │ gobinary │        0        │    -    │
└──────────────────────────────────────────────────────────────────────────────────┴──────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

702945799511.dkr.ecr.us-west-2.amazonaws.com/csi-resizer:ded17bd4a87cc5b7051d1fcb01c9abddb5d52d86-v1.14.0-eksbuild.4

Report Summary

┌──────────────────────────────────────────────────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                                      Target                                      │   Type   │ Vulnerabilities │ Secrets │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ 702945799511.dkr.ecr.us-west-2.amazonaws.com/csi-resizer:ded17bd4a87cc5b7051d1f- │  amazon  │        0        │    -    │
│ cb01c9abddb5d52d86-v1.14.0-eksbuild.4 (amazon 2023.7.20250623 (Amazon Linux))    │          │                 │         │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ csi-resizer                                                                      │ gobinary │        0        │    -    │
└──────────────────────────────────────────────────────────────────────────────────┴──────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

702945799511.dkr.ecr.us-west-2.amazonaws.com/csi-node-driver-registrar:ded17bd4a87cc5b7051d1fcb01c9abddb5d52d86-v2.14.0-eksbuild.5

Report Summary

┌──────────────────────────────────────────────────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                                      Target                                      │   Type   │ Vulnerabilities │ Secrets │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ 702945799511.dkr.ecr.us-west-2.amazonaws.com/csi-node-driver-registrar:ded17bd4- │  amazon  │        0        │    -    │
│ a87cc5b7051d1fcb01c9abddb5d52d86-v2.14.0-eksbuild.5 (amazon 2023.7.20250623      │          │                 │         │
│ (Amazon Linux))                                                                  │          │                 │         │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ csi-node-driver-registrar                                                        │ gobinary │        0        │    -    │
└──────────────────────────────────────────────────────────────────────────────────┴──────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

702945799511.dkr.ecr.us-west-2.amazonaws.com/livenessprobe:ded17bd4a87cc5b7051d1fcb01c9abddb5d52d86-v2.16.0-eksbuild.5

Report Summary

┌──────────────────────────────────────────────────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                                      Target                                      │   Type   │ Vulnerabilities │ Secrets │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ 702945799511.dkr.ecr.us-west-2.amazonaws.com/livenessprobe:ded17bd4a87cc5b7051d- │  amazon  │        0        │    -    │
│ 1fcb01c9abddb5d52d86-v2.16.0-eksbuild.5 (amazon 2023.7.20250623 (Amazon Linux))  │          │                 │         │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ livenessprobe                                                                    │ gobinary │        0        │    -    │
└──────────────────────────────────────────────────────────────────────────────────┴──────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

702945799511.dkr.ecr.us-west-2.amazonaws.com/snapshot-controller:ded17bd4a87cc5b7051d1fcb01c9abddb5d52d86-v8.3.0-eksbuild.2

Report Summary

┌──────────────────────────────────────────────────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                                      Target                                      │   Type   │ Vulnerabilities │ Secrets │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ 702945799511.dkr.ecr.us-west-2.amazonaws.com/snapshot-controller:ded17bd4a87cc5- │  amazon  │        0        │    -    │
│ b7051d1fcb01c9abddb5d52d86-v8.3.0-eksbuild.2 (amazon 2023.7.20250623 (Amazon     │          │                 │         │
│ Linux))                                                                          │          │                 │         │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ snapshot-controller                                                              │ gobinary │        0        │    -    │
└──────────────────────────────────────────────────────────────────────────────────┴──────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)