GitLab supports static security testing using Flawfinder. We should set this up to detect security issues.
See also: Static Application Security Testing (SAST)