Skip to main content

GitLab CI

Coming Soon

GitLab CI integration is not yet implemented. We're tracking it as a future enhancement.

Planned support

shadowaudit will provide a GitLab CI template that:

  • Runs on merge requests
  • Posts findings as merge request comments
  • Outputs SARIF for GitLab's security dashboard
  • Fails the pipeline on CRITICAL findings

Track progress

  • ⭐ Star the repo to get notified
  • 🛠️ See CONTRIBUTING.md if you'd like to contribute the GitLab CI template

Workaround: manual script

Until the official template ships, you can run shadowaudit directly in your .gitlab-ci.yml:

shadowaudit:
image: node:20
script:
- npm install -g shadowaudit
- shadowaudit --dir ./src --spec openapi.json --fail-on critical --format json > shadowaudit-report.json
artifacts:
reports:
dotenv: shadowaudit-report.json
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"

This runs the scan and saves the JSON report as an artifact. The pipeline will fail on CRITICAL findings.