diff --git a/README.md b/README.md
index fc1f5a52c5219d2d99cc0a0f7c87e32e70d48fc2..f2a9458f8e91e6dcf3052fb53c9f253832916683 100644
--- a/README.md
+++ b/README.md
@@ -470,10 +470,11 @@ It's possible to ignore some CVE by adding a `.trivyignore` file at the root of
In addition to a textual report in the console, this job produces the following reports, kept for one day and only available for download by users with the Developer role or higher:
-| Report | Format | Usage |
-| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `reports/docker-trivy-*.native.json` | native Trivy report format (json) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/trivy/)
_This report is generated only if DefectDojo template is detected_ |
-| `reports/docker-trivy-*.gitlab.json` | [Trivy report format for GitLab](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format | [GitLab integration](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscontainer_scanning) |
+| Report | Format | Usage |
+| ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `reports/docker-trivy-*.native.json` | Native Trivy report format (json) | [DefectDojo integration](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/trivy/)
_This report is generated only if DefectDojo template is detected_ |
+| `reports/docker-trivy-*.gitlab.json` | [Trivy report format for GitLab Container Security](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format | [GitLab Container Security](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscontainer_scanning) |
+| `reports/docker-trivy-*.gitlab-codequality.json` | [Trivy report format for GitLab Code Quality](https://aquasecurity.github.io/trivy/latest/tutorials/integrations/gitlab-ci/) format | [GitLab Code Quality](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportscodequality) |
### `docker-sbom` job
diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index 4f88a9618bfad4a1615d17c06f32226b62409d65..60f414ba003283187031e4994d42d19fb9904292 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -1267,6 +1267,8 @@ docker-trivy:
# Generate a report in the GitLab format
trivy convert --format template --template "@/contrib/gitlab.tpl" --output reports/docker-trivy-${basename}.gitlab.json reports/docker-trivy-${basename}.native.json
+ # Generate a report in the Code Quality format
+ trivy convert --format template --template "@/contrib/gitlab-codequality.tpl" --output reports/docker-trivy-${basename}.gitlab-codequality.json reports/docker-trivy-${basename}.native.json
# console output
trivy convert --format table reports/docker-trivy-${basename}.native.json
@@ -1281,6 +1283,7 @@ docker-trivy:
- "reports/docker-trivy-*"
reports:
container_scanning: "reports/docker-trivy-*.gitlab.json"
+ codequality: "reports/docker-trivy-*.gitlab-codequality.json"
cache:
- key: "$CI_COMMIT_REF_SLUG-trivy"
paths: