Skip to main content

Overview

ZenVeil integrates with GitLab for CI/CD pipeline security gates and repository scanning.

GitLab CI pipeline

# .gitlab-ci.yml
stages:
  - test
  - security
  - deploy

security-scan:
  stage: security
  image: python:3.11-slim
  before_script:
    - pip install zenveil
  script:
    - zenveil scan repo . --json security-results.json
  artifacts:
    name: security-results
    when: always
    paths:
      - security-results.json
    reports:
      # GitLab security dashboard integration (future)
      # sast: security-results.json
    expire_in: 90 days
  variables:
    ZENVEIL_API_KEY: $ZENVEIL_API_KEY
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

Setting CI/CD variables

In your GitLab project, go to Settings → CI/CD → Variables and add:
VariableValueProtectedMasked
ZENVEIL_API_KEYYour ZenVeil API keyYesYes
ANTHROPIC_API_KEYYour Anthropic API keyYesYes

Merge request gate

Block merges if CRITICAL or HIGH findings are detected: 
security-gate:
  stage: security
  image: python:3.11-slim
  before_script:
    - pip install zenveil
  script:
    - zenveil scan repo . --json security-results.json
    - |
      CRITICAL=$(python3 -c "
        import json
        data = json.load(open('security-results.json'))
        print(sum(1 for f in data.get('findings', []) if f['severity'] in ['CRITICAL', 'HIGH']))
      ")
      if [ "$CRITICAL" -gt "0" ]; then
        echo "Security gate failed: $CRITICAL CRITICAL/HIGH findings"
        exit 1
      fi
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"

Scheduled weekly scan

weekly-security-scan:
  stage: security
  image: python:3.11-slim
  before_script:
    - pip install zenveil
  script:
    - zenveil scan repo . --check-cves --json weekly-security.json
  artifacts:
    paths:
      - weekly-security.json
    expire_in: 1 year
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule"
Configure the schedule in CI/CD → Schedules in your project.