From a3b625fc184ae6528a7962cf4e8d9d58a682abbe Mon Sep 17 00:00:00 2001
From: shortstacked <declan@n8n.io>
Date: Fri, 8 Aug 2025 19:44:57 +0100
Subject: [PATCH] ci: Pass correct secrets to Trivy (#18139)

---
 .github/workflows/docker-build-push.yml            | 3 +--
 .github/workflows/security-trivy-scan-callable.yml | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml
index 5f1127e608..4463cf43b3 100644
--- a/.github/workflows/docker-build-push.yml
+++ b/.github/workflows/docker-build-push.yml
@@ -393,5 +393,4 @@ jobs:
     uses: ./.github/workflows/security-trivy-scan-callable.yml
     with:
       image_ref: ${{ needs.build-and-push-docker.outputs.image_ref }}
-    secrets:
-      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+    secrets: inherit
diff --git a/.github/workflows/security-trivy-scan-callable.yml b/.github/workflows/security-trivy-scan-callable.yml
index 9ecc3b0174..51b40718e5 100644
--- a/.github/workflows/security-trivy-scan-callable.yml
+++ b/.github/workflows/security-trivy-scan-callable.yml
@@ -21,7 +21,7 @@ permissions:
   contents: read
 
 env:
-  SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+  SLACK_BOT_TOKEN: ${{ secrets.QBOT_SLACK_TOKEN }}
   SLACK_CHANNEL_ID: C042WDXPTEZ #mission-security
 
 jobs:
@@ -36,7 +36,7 @@ jobs:
           image-ref: ${{ inputs.image_ref }}
           format: 'json'
           output: 'trivy-results.json'
-          severity: 'CRITICAL,HIGH'
+          severity: 'CRITICAL,HIGH,MEDIUM,LOW'
           ignore-unfixed: false
           exit-code: '0'