glsec CI/CD Catalog

Project information

This component runs GLSec if Gitlab CICD Templates are found. glsec is a security linter that detects misconfigurations that can lead to supply-chain attacks, secret leakage, and token exfiltration — the same class of issues that zizmor and actionlint catch in GitHub Actions, but for GitLab CI.

Depending on the component selected it can generate a Code Climate report, which is used by Gitlab as part of its code quality feature or a SARIF Report which integrates with the Gitlab Security Dashboard

If supplied an Access Token and triggered by a Merge Request event, a second job is run which will leave Notes in the Merge Request for warnings found on changed code.

glsec