With the option "Fail build on policy check STOP result" (bailOnFail), you can fail a build when it contains a "STOP" result".

However right now, there is no way of marking a Jenkins build as "UNSTABLE", when there are warnings only in the docker image scan. For example I would like to give attention to the developers when there are medium leveled CVEs, but those should not fail the build.

Suggestion: Make the build status for "WARN" items configurable.