Vulnetix
Try Vulnetix Request Demo
CI/CD integration

GitLab CI/CD Integration Guide

Integrate security scanning into GitLab CI/CD pipelines

Get a Free API Key

Step-by-step guide to integrating Vulnetix CLI into GitLab CI/CD pipelines. Upload SARIF, CycloneDX, SPDX reports and run native SCA scans.

Add Vulnetix to GitLab CI/CD

Create .gitlab-ci.yml and run the Vulnetix CLI in your GitLab CI/CD pipeline. It collects SARIF, CycloneDX and SPDX artifacts automatically and uploads them for centralised vulnerability management:

stages:
  - security

vulnetix:
  stage: security
  image: golang:1.21
  before_script:
    - go install github.com/vulnetix/cli@latest
  script:
    - vulnetix scan
    - vulnetix upload --file reports/results.sarif
  variables:
    VULNETIX_ORG_ID: $VULNETIX_ORG_ID

Why run Vulnetix in GitLab CI/CD?

Every scan from every job lands in one queue, deduplicated and prioritised with EPSS, CISA KEV and Coalition ESS exploit intelligence — so your GitLab CI/CD pipeline gates merges on what is actually exploitable, not raw scanner noise.

All CI/CD integrations →  ·  All scanner integrations →