If you are using GitLab CI/CD, you can analyze your source code for known vulnerabilities using Static Application Security Testing (SAST).
GitLab checks the SAST report, compares the found vulnerabilities between the source and target branches, and shows the information right on the merge request.
GitLab is also able to detect secrets and credentials that have been unintentionally pushed to the repository. For example, an API key that allows write access to third-party deployment environments.
This check is performed by a specific analyzer during the
sast job. It runs regardless of the programming language of your app, and you don’t need to change anything to your CI/CD configuration file to turn it on. Results are available in the SAST report.