Problem to solve
I’m trying to add container scanning based on trivy, it works, it generates and uploads the gl-container-scanning-report.json, and the vulnerabilities are listed in the ‘Security’ tab of the Pipeline.
I modified the CI script to break the pipeline in case of any critical vulnerability, it works, it also generates and uploads the gl-container-scanning-report.json, but the Gitlab shows 0 vulnerability on the ‘Security’ tab of the Pipeline.
I can download the “Container Scanning” results from both pipeline, and I get the same gl-container-scanning-report.json.
Is it the right behavior? What am I miss? I expected to see the same list of vulnerabilities on that tab in case of failed pipeline too.
Versions
It’s a self-managed and self-hosted GitLab Enterprise Edition [v17.8.1-ee] with Ultimate subscription.