replace twistlock scanning with trivy

[ap00rv]

Background

This PR is being created to enable trivy scanning for this repository by replacing the existing cve_scan and run_maven_cve_scan semaphore configurations with trivy_scan. This is part of a larger effort to improve Third party vulnerability (CVE) detection workflow for connectors by:

• letting developers verify the fixes for third party vulnerabilities at PR stage
• failing the pipeline if CRITICAL third-party vulnerabilities are found
• letting developers get a self-service exception for CRITICAL vulnerabilities using .trivyignore file

🚨## Action needed🚨 Please approve and merge this change. Once you merge it, you will get another PR from service-bot to add trivy scanning to the pipeline. Please approve and merge both PRs before November 11, 2024. If status checks are failing, please debug as necessary. Contact #appsec slack channel for help.

[confluent-cla-assistant[bot]]

:tada: All Contributor License Agreements have been signed. Ready to merge.
_{Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.}

[sonarqube-confluent[bot]]

Analysis Details

0 Issues

• 0 Bugs
• 0 Vulnerabilities
• 0 Code Smells

Coverage and Duplications

• No coverage information (72.70% Estimated after merge)
• No duplication information (0.70% Estimated after merge)

Project ID: kafka-connect-hdfs

View in SonarQube