After the Orca scan completes and the SARIF report is generated, the vulnerability handling should work as follows:

In the current BAU flow, the publish report step is configured with fail_on_severity: high and a failure strategy of Ignore for All Errors.

In the new implementation, we need to enhance this behavior so that:

If the report contains a Critical vulnerability, the pipeline must fail.

If the report contains a High vulnerability, the publish report step should be shown as Success (Failure Ignored), and the pipeline should continue.