The CG DevX provides integration with Vulnerability and misconfiguration scaner as part of CI process. Aqua Security Trivy is sed as default scaner. Result of the scan are stored in SARIF format and uploaded to Argo Workflow build artifact storage and linked to Git.