Trivy Approval steps

sim55649 · May 3, 2021, 3:28pm

Trivy usage in approval steps

Hello everybody.

I intend to integrate the container scanning functionality offered by Trivy into my CI \ CD development pipeline. In the release process that I plan to implement, after scanning with Trivy, I would need to:

block the pipeline in case of critical / high vulnerabilities (can be done through the exit code other than 0)
If the pipeline is blocked, the ability to bypass the blocking action would be needed if the security team gives its approval based on the artifact generated by the scan.

How can this workflow be integrated into gitlab?

Thanks in advance.

balonik · May 5, 2021, 2:55pm

Hi @sim55649
If you can I would do it outside of pipelines.

in Merge Request
if security team approves Merge the MR

thiagocsf · January 12, 2022, 9:42pm

@sim55649, I hope my late reply is still useful to you or someone else reading this topic.

What you’re asking for can be done using a Vulnerability-Check rule.

And we’re also about to Introduce Scan Result Security Policies (&6237) · Epics · GitLab.org · GitLab, which will eventually supersede the Vulnerability-Check functionality because it’s a lot more flexible and powerful.

Topic		Replies	Views
Gitlab and Trivy Self-managed	6	966	June 13, 2024
Help with container scanning throwing an error DevSecOps	0	797	April 10, 2024
Container Scanning questions DevSecOps	4	1405	July 22, 2019
Gitlab docker image scanning: very poor options and workflow DevSecOps ci , docker , registry , pipelines	0	520	October 17, 2023
Container scanning of arm64 images DevSecOps ci , pipelines	1	281	October 26, 2024

Trivy Approval steps

Trivy usage in approval steps

Related topics