Of course, and that will work. However, what if the vulnerability artefacts need to be converted into issues in GitLab? That will require a much deeper integration then printing the details in the build log. Dropping a file will be easy. We can provide just a switch for that.