GitLab CI
Coming Soon
GitLab CI integration is not yet implemented. We're tracking it as a future enhancement.
Planned support
shadowaudit will provide a GitLab CI template that:
- Runs on merge requests
- Posts findings as merge request comments
- Outputs SARIF for GitLab's security dashboard
- Fails the pipeline on CRITICAL findings
Track progress
- ⭐ Star the repo to get notified
- 🛠️ See CONTRIBUTING.md if you'd like to contribute the GitLab CI template
Workaround: manual script
Until the official template ships, you can run shadowaudit directly in your .gitlab-ci.yml:
shadowaudit:
image: node:20
script:
- npm install -g shadowaudit
- shadowaudit --dir ./src --spec openapi.json --fail-on critical --format json > shadowaudit-report.json
artifacts:
reports:
dotenv: shadowaudit-report.json
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
This runs the scan and saves the JSON report as an artifact. The pipeline will fail on CRITICAL findings.