Consider enabling application dependency scanning
In GitHub, a report would be issued if the Maven build script included libraries with security vulnerabilities. The equivalent in GitLab looks to be: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html