diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 49c6ba7..a804762 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -19,8 +19,6 @@ permissions:
   pull-requests: write
   # used to publish the docker image
   packages: write
-  # used by trivy
-  security-events: write
 
 jobs:
   verify:
@@ -89,19 +87,3 @@ jobs:
             @semantic-release/exec
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Get Image Name
-        id: get-image-name
-        run: echo "image-name=$(mvn help:evaluate -Dexpression=image.name -q -DforceStdout)" >> $GITHUB_OUTPUT
-
-      - name: Scan Docker Image for Vulnerabilities
-        uses: aquasecurity/trivy-action@0.20.0
-        with:
-          image-ref: ${{ steps.get-image-name.outputs.image-name }}
-          format: sarif
-          output: trivy-results.sarif
-
-      - name: Upload Trivy Results to GitHub Security Tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: trivy-results.sarif