Verify Trivy Scans Run During CI/CD Pipeline Build

Verify Trivy Scans Run During CI/CD Pipeline Build

• Test case designer: name
• Date of creation : 07.07.2025

Test case description

Ensure Trivy automatically scans container images during CI/CD pipeline build and shows scan results.

Pre-state:

• GitLab CI/CD pipeline is configured with Trivy.

Test Steps

1. Push code or Docker image changes to a GitLab branch triggering the pipeline.
2. Verify pipeline stages:

• Build stage completes and builds the container
• Run Trivy scan

3. Review the pipeline logs for the scan step.

Expected result

• Trivy scan runs automatically in the pipeline.
• Detected vulnerabilities are listed in the pipeline logs with severity details. (Security > Vulnerability Report)
• Pipeline status reflects passed/failed depending on vulnerability threshold.