Trivy Approval steps

Trivy usage in approval steps

Hello everybody.

I intend to integrate the container scanning functionality offered by Trivy into my CI \ CD development pipeline. In the release process that I plan to implement, after scanning with Trivy, I would need to:

  1. block the pipeline in case of critical / high vulnerabilities (can be done through the exit code other than 0)
  2. If the pipeline is blocked, the ability to bypass the blocking action would be needed if the security team gives its approval based on the artifact generated by the scan.

How can this workflow be integrated into gitlab?

Thanks in advance.

Hi @sim55649
If you can I would do it outside of pipelines.

  1. in Merge Request
  2. if security team approves Merge the MR