Trivy Approval steps

Trivy usage in approval steps

Hello everybody.

I intend to integrate the container scanning functionality offered by Trivy into my CI \ CD development pipeline. In the release process that I plan to implement, after scanning with Trivy, I would need to:

  1. block the pipeline in case of critical / high vulnerabilities (can be done through the exit code other than 0)
  2. If the pipeline is blocked, the ability to bypass the blocking action would be needed if the security team gives its approval based on the artifact generated by the scan.

How can this workflow be integrated into gitlab?

Thanks in advance.

Hi @sim55649
If you can I would do it outside of pipelines.

  1. in Merge Request
  2. if security team approves Merge the MR

@sim55649, I hope my late reply is still useful to you or someone else reading this topic.

What you’re asking for can be done using a Vulnerability-Check rule.

And we’re also about to Introduce Scan Result Security Policies (&6237) · Epics · GitLab.org · GitLab, which will eventually supersede the Vulnerability-Check functionality because it’s a lot more flexible and powerful.

1 Like