From 4d6b1fd4d345ad7c51e870698c5c30c989ebc8b5 Mon Sep 17 00:00:00 2001
From: "service-bot-app[bot]"
 <189278048+service-bot-app[bot]@users.noreply.github.com>
Date: Fri, 20 Dec 2024 00:18:21 +0000
Subject: [PATCH] chore: update repo semaphore config

---
 .semaphore/semaphore.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml
index f8b5fa5c3..16cd7b0ee 100644
--- a/.semaphore/semaphore.yml
+++ b/.semaphore/semaphore.yml
@@ -39,7 +39,13 @@ blocks:
           commands:
             - . sem-pint
             - mvn -Dcloud -Pjenkins -U -Dmaven.wagon.http.retryHandler.count=10 --batch-mode --no-transfer-progress clean verify install dependency:analyze validate
-            - cve-scan
+            - export TRIVY_DISABLE_VEX_NOTICE=true
+            - trivy version
+            - echo "Check go/connector-dev-vuln-remediation for fixing or suppressing vulnerabilities found by trivy"
+            - trivy --skip-files "*.zip" rootfs --scanners vuln --db-repository public.ecr.aws/aquasecurity/trivy-db --java-db-repository public.ecr.aws/aquasecurity/trivy-java-db --ignore-unfixed --ignorefile
+              .trivyignore --exit-code 1 --severity CRITICAL target/components/packages
+            - trivy --skip-files "*.zip" rootfs --scanners vuln --db-repository public.ecr.aws/aquasecurity/trivy-db --java-db-repository public.ecr.aws/aquasecurity/trivy-java-db --ignore-unfixed --ignorefile
+              .trivyignore --severity HIGH,LOW,MEDIUM target/components/packages
             - . cache-maven store
       epilogue:
         always: