GitLab CI
Safeguard articles tagged "GitLab CI" — guides, analysis, and best practices for software supply chain and application security.
4 articles
How to Add Security Scanning to Your CI/CD Pipeline
Wire dependency, container, and secret scanning into GitHub Actions or GitLab CI as a required check that blocks risky merges — with working workflow files and sensible thresholds.
GitLab CI Security Best Practices for 2026
GitLab CI hands every job a CI_JOB_TOKEN, a runner, and your variables. This guide covers the real attack surface — remote includes, token scope, privileged runners — with hardened .gitlab-ci.yml examples, OIDC, and scanning.
How to Generate an SBOM in a GitLab CI Pipeline
A working .gitlab-ci.yml for SBOM generation with Syft: CycloneDX report artifacts, a Grype scan stage, and Cosign attestations pushed next to the image.
GitLab CI Security Scanning Setup
Step-by-step guide to enabling SAST, DAST, dependency scanning, and container scanning in GitLab CI pipelines.