Remove tfsec workflow (#17354)

.github/workflows/tfsec.yml

@@ -1,48 +0,0 @@
-name: tfsec
-
-on:
-  push:
-    branches:
-      - main
-    paths:
-      - '**.tf'
-  pull_request:
-    paths:
-      - '**.tf'
-  workflow_dispatch: # Manual dispatch
-
-# This allows a subsequently queued workflow run to interrupt previous runs
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
-  cancel-in-progress: true
-
-defaults:
-  run:
-    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
-    shell: bash
-
-permissions:
-  contents: read
-
-jobs:
-  tfsec:
-    permissions:
-      contents: read  # for actions/checkout to fetch code
-      security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
-    name: tfsec sarif report
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Clone repo
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b 
-
-      - name: tfsec
-        uses: tfsec/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608 
-        with:
-          sarif_file: tfsec.sarif
-
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@f6e388ebf0efc915c6c5b165b019ee61a6746a38
-        with:
-          # Path to SARIF file relative to the root of the repository
-          sarif_file: tfsec.sarif  

.github/workflows/trivy-scan.yml

@@ -40,11 +40,9 @@ jobs:
       - name: Run Trivy vulnerability scanner in repo mode
         uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # 0.18.0
         with:
-          scan-type: "fs"
-          ignore-unfixed: true
           format: "sarif"
           output: "trivy-results.sarif"
-          severity: "CRITICAL,HIGH"
+          severity: "CRITICAL,HIGH,MEDIUM,LOW"
           trivyignores: ".trivyignore"
 
       - name: Upload Trivy scan results to GitHub Security tab