From 263fc872203614201afdf58c5f3d3e4c5ebc6692 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Mon, 22 Mar 2021 14:12:22 -0400
Subject: [PATCH] See how this more specific config fares

---
 .gitlab-ci.yml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a41c0314..e0f606d9 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,7 +10,19 @@ unit-tests:
 
 vulnerability-scan:
   stage: "test"
-  allow_failure: true
+  allow_failure:
+    # https://docs.gitlab.com/ee/ci/yaml/README.html#allow_failureexit_codes
+    exit_codes:
+      # Allow *some* exit codes through without treating them as
+      # pipeline-failing conditions.
+      # https://github.com/flyingcircusio/vulnix/blob/master/doc/vulnix.1.md
+
+      # All found errors are whitelisted
+      - 1
+      # Vulnerabilities found, but still, please don't halt the build.
+      - 2
+
+
   script:
     - "ci-tools/vulnerability-scan security-report.txt"
   artifacts:
-- 
GitLab