CI IntegrationIntermediate3 min read

CI Integration: GitLab CI

Set up Vibgrate in GitLab CI/CD for continuous drift detection, SAST report integration, and drift budget enforcement.

Vibgrate Docs

Vibgrate Help

Overview

Vibgrate integrates with GitLab CI using standard SARIF output, which GitLab can ingest as a SAST report.

Basic Pipeline

vibgrate:
  image: node:22
  script:
    - npx @vibgrate/cli scan . --fail-on error

SAST Report Integration

vibgrate:
  image: node:22
  script:
    - npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
  artifacts:
    reports:
      sast: vibgrate.sarif

Findings appear in the Security Dashboard and on merge requests.

Drift Budget Enforcement

vibgrate:
  image: node:22
  script:
    - |
      npx @vibgrate/cli scan . \
        --baseline .vibgrate/baseline.json \
        --drift-budget 40 \
        --drift-worsening 5 \
        --fail-on error

Dashboard Push

vibgrate:
  image: node:22
  variables:
    VIBGRATE_DSN: $VIBGRATE_DSN
  script:
    - npx @vibgrate/cli scan . --push --strict --fail-on error

Store your DSN in Settings → CI/CD → Variables.

Merge Request Pipeline

vibgrate:
  image: node:22
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  script:
    - npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
  artifacts:
    reports:
      sast: vibgrate.sarif

Related Commands

vibgrate scanvibgrate push

Topics

#cli#ci#gitlab-ci#sast#sarif#merge-requests

Next Steps

CI Integration5 min

CI Integration: GitHub Actions

CI Integration4 min

CI Integration: Azure DevOps

CI Integration4 min

CI Integration: Generic Pipelines

Getting Started5 min

Getting Started: CI/CD Quickstart

Back to Help Center