SonarSource
diff --git a/‎.cirrus/tasks.yml‎
Lines changed: 0 additions & 212 deletions b/‎.cirrus/tasks.yml‎
Lines changed: 0 additions & 212 deletions
diff --git a/‎.github/github_env.yaml‎
Lines changed: 0 additions & 3 deletions b/‎.github/github_env.yaml‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎.github/trivy.yaml‎
Lines changed: 36 additions & 0 deletions b/‎.github/trivy.yaml‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎.github/workflows/PullRequestClosed.yml‎
Lines changed: 5 additions & 5 deletions b/‎.github/workflows/PullRequestClosed.yml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎.github/workflows/PullRequestCreated.yml‎
Lines changed: 0 additions & 30 deletions b/‎.github/workflows/PullRequestCreated.yml‎
Lines changed: 0 additions & 30 deletions
diff --git a/‎.github/workflows/RequestReview.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/RequestReview.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/SubmitReview.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/SubmitReview.yml‎
Lines changed: 3 additions & 3 deletions
@@ -3,8 +3,6 @@
 
 versions:
   current: "2025.4.4"
-  previous_lta: "9.9.9"
-  community_build: "25.9.0.112764"
 
 images:
   staging: "sonarsource/sonarqube"
@@ -17,4 +15,3 @@ registries:
 products:
   gcp_public_name: "official-sonarqube-data-center-edition"
   gcp_staging_name: "sonarqube-dce-staging"
-
@@ -0,0 +1,36 @@
+# Trivy Configuration File
+# Reference: https://aquasecurity.github.io/trivy/latest/docs/references/configuration/config-file/
+
+# Scan settings
+scan:
+  # Skip scanning of specific directories
+  skip-dirs:
+    - "node_modules"
+    - "vendor"
+    - ".git"
+
+# Vulnerability settings
+vulnerability:
+  # Types of vulnerabilities to detect
+  type:
+    - os  # Only scan OS packages (excludes application libraries like JAR, npm, etc.)
+
+# Report settings
+report:
+  # Format of the output
+  format: table
+
+# Severity levels to report
+severity:
+  - CRITICAL
+  - HIGH
+  - MEDIUM
+  - LOW
+
+# Database settings
+db:
+  # Skip database update (useful for offline environments)
+  skip-update: false
+
+# Timeout settings
+timeout: 10m
@@ -5,9 +5,9 @@ on:
     types: [closed]
 
 jobs:
-  PullRequestMerged_job:
-    name: Pull Request Merged
-    runs-on: ubuntu-latest-large
+  PullRequestClosed_job:
+    name: Pull Request Closed
+    runs-on: github-ubuntu-latest-s
     permissions:
       id-token: write
       pull-requests: read
@@ -16,12 +16,12 @@ jobs:
         github.event.pull_request.head.repo.full_name == github.repository
     steps:
       - id: secrets
-        uses: SonarSource/vault-action-wrapper@v3
+        uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # v3.2.0
         with:
           secrets: |
             development/kv/data/jira user | JIRA_USER;
             development/kv/data/jira token | JIRA_TOKEN;
-      - uses: sonarsource/gh-action-lt-backlog/PullRequestClosed@v2
+      - uses: sonarsource/gh-action-lt-backlog/PullRequestClosed@02f0a8d3280a05b9d2c5ee3b8407cec1b0158ce6 # v2
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           jira-user:  ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
 
@@ -7,21 +7,21 @@ on:
 jobs:
   RequestReview_job:
     name: Request review
-    runs-on: ubuntu-latest-large
+    runs-on: github-ubuntu-latest-s
     permissions:
       id-token: write
     # For external PR, ticket should be moved manually
     if: |
         github.event.pull_request.head.repo.full_name == github.repository
     steps:
       - id: secrets
-        uses: SonarSource/vault-action-wrapper@v3
+        uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # v3.2.0
         with:
           secrets: |
             development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN;
             development/kv/data/jira user | JIRA_USER;
             development/kv/data/jira token | JIRA_TOKEN;
-      - uses: sonarsource/gh-action-lt-backlog/RequestReview@v2
+      - uses: sonarsource/gh-action-lt-backlog/RequestReview@02f0a8d3280a05b9d2c5ee3b8407cec1b0158ce6 # v2
         with:
           github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
           jira-user:    ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
 
@@ -7,7 +7,7 @@ on:
 jobs:
   SubmitReview_job:
     name: Submit Review
-    runs-on: ubuntu-latest-large
+    runs-on: github-ubuntu-latest-s
     permissions:
       id-token: write
       pull-requests: read
@@ -18,12 +18,12 @@ jobs:
             || github.event.review.state == 'approved')
     steps:
       - id: secrets
-        uses: SonarSource/vault-action-wrapper@v3
+        uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # v3.2.0
         with:
           secrets: |
             development/kv/data/jira user | JIRA_USER;
             development/kv/data/jira token | JIRA_TOKEN;
-      - uses: sonarsource/gh-action-lt-backlog/SubmitReview@v2
+      - uses: sonarsource/gh-action-lt-backlog/SubmitReview@02f0a8d3280a05b9d2c5ee3b8407cec1b0158ce6 # v2
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}