From 0020d4dc79ee81337082569f55142d4ab778ff34 Mon Sep 17 00:00:00 2001 From: "service-bot-app[bot]" <189278048+service-bot-app[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 02:09:39 +0000 Subject: [PATCH] chore: update repo semaphore config --- .semaphore/semaphore.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index f8b5fa5c3..16cd7b0ee 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -39,7 +39,13 @@ blocks: commands: - . sem-pint - mvn -Dcloud -Pjenkins -U -Dmaven.wagon.http.retryHandler.count=10 --batch-mode --no-transfer-progress clean verify install dependency:analyze validate - - cve-scan + - export TRIVY_DISABLE_VEX_NOTICE=true + - trivy version + - echo "Check go/connector-dev-vuln-remediation for fixing or suppressing vulnerabilities found by trivy" + - trivy --skip-files "*.zip" rootfs --scanners vuln --db-repository public.ecr.aws/aquasecurity/trivy-db --java-db-repository public.ecr.aws/aquasecurity/trivy-java-db --ignore-unfixed --ignorefile + .trivyignore --exit-code 1 --severity CRITICAL target/components/packages + - trivy --skip-files "*.zip" rootfs --scanners vuln --db-repository public.ecr.aws/aquasecurity/trivy-db --java-db-repository public.ecr.aws/aquasecurity/trivy-java-db --ignore-unfixed --ignorefile + .trivyignore --severity HIGH,LOW,MEDIUM target/components/packages - . cache-maven store epilogue: always: