Skip to content
Latchkey

How to Run SAST Scanning in GitLab CI

GitLab ships a SAST template that auto-detects your languages and runs the right analyzers.

Include Security/SAST.gitlab-ci.yml and GitLab adds a sast job that scans your source. Findings surface in the merge request security widget and the vulnerability report.

Include the SAST template

A single include pulls in the managed SAST job; tune analyzers with SAST_* variables.

.gitlab-ci.yml
include:
  - template: Security/SAST.gitlab-ci.yml

variables:
  SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"

stages:
  - test
  - build

Notes

  • The template adds the sast job into the test stage automatically; define that stage so the job has a place to run.
  • SAST results appear in merge request widgets only when the pipeline runs on a merge request or the default branch.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →