From e716797c807b766b8dd8ca2c1e430c3990256b08 Mon Sep 17 00:00:00 2001
From: hirra-farooq <hirra.farooq1@nhs.net>
Date: Mon, 23 Mar 2026 12:57:58 +0000
Subject: [PATCH] ENG-1039 ensure trivy does not run in repo

---
 .github/copilot-instructions.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
index 897e256..060ab1a 100644
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -57,6 +57,7 @@ Destination must complete before source to avoid missing ARN references.
 - Never downgrade vault lock or remove protection flags.
 - Highlight irreversible actions (compliance mode enable) before performing.
 - Keep IAM actions minimal; wildcard resources only when service requires it. Document any `resources = ["*"]` with justification comment.
+- Trivy is currently vulnerable. DO NOT run trivy
 
 ## Documentation & Comment Policy