Remove hard coded exitcode for Trivy or make it adjustable

Hello,

based on following Code:

trivy ${trivy_opts} --format table --exit-code 1 $DOCKER_SNAPSHOT_IMAGE

Check templates/gitlab-ci-docker.yml Line 978 (https://gitlab.com/to-be-continuous/docker/-/blob/master/templates/gitlab-ci-docker.yml?ref_type=heads#L978)

I would like to discuss a behavior of the Docker component, in my case the Trivy scan. I have noticed that the last trivy scan in line 978 is executed with the parameter ‘–exit-code 1’. This leads to the following behavior:

The job is by default terminated as faulty.
No CVEs are displayed in the pipeline overview under the ‘Security’ tab.

Are there any concerns about removing this parameter or perhaps making it controllable with a variable?

Best regards,

Marco

Edited Jul 12, 2024 by Marco Nacken