StackShield

StackShield + GitLab CI/CD: Automated Laravel Security Scanning

Add StackShield security scans to your GitLab CI/CD pipelines. Automatically verify Laravel security posture on every merge request.

CI/CD Last updated: March 2026

Integrate StackShield into your GitLab CI/CD pipelines to run automated security scans as part of your development workflow. Add a scan stage to your .gitlab-ci.yml that triggers a StackShield scan after deploying to a review or staging environment. The pipeline can be configured to fail if critical security issues are detected, preventing insecure code from reaching production. This works seamlessly with GitLab review apps, merge request pipelines, and scheduled pipelines.

Features

  • Add a StackShield scan stage to any GitLab CI/CD pipeline with a simple cURL job
  • Block merge requests when security findings exceed your configured severity threshold
  • Scan GitLab review app environments automatically to catch issues in feature branches
  • Schedule nightly or weekly security scans using GitLab pipeline schedules

Setup Guide

  1. 1

    Generate a StackShield API Token

    In your StackShield dashboard, go to Settings, then API, and generate a new API token. Copy the token and the trigger URL for the site you want to scan.

  2. 2

    Add CI/CD Variables in GitLab

    In your GitLab project, go to Settings, then CI/CD, then Variables. Add STACKSHIELD_API_TOKEN with your API token (masked and protected). Add STACKSHIELD_TRIGGER_URL with your scan trigger endpoint.

  3. 3

    Add the Scan Job to .gitlab-ci.yml

    Create a new job in your .gitlab-ci.yml that runs after your deployment stage. Use a cURL command to call the StackShield trigger endpoint with your API token. Parse the JSON response to determine whether the pipeline should pass or fail.

  4. 4

    Configure Pipeline Behavior

    Set the job to allow_failure if you want security scans to be advisory, or leave it strict to block merges when critical issues are found. You can also add the job only to merge request pipelines or scheduled pipelines depending on your needs.

Ideal Use Case

GitLab CI/CD integration is perfect for teams that use GitLab as their end-to-end DevOps platform. By adding StackShield scans to your pipeline, you ensure every merge request is checked for security issues before it can be merged. This is especially useful for teams using GitLab review apps, where each feature branch gets a temporary deployment that StackShield can scan to verify security before the code reaches the main branch.

Frequently Asked Questions

Can I scan my GitLab review app URL dynamically?

Yes. GitLab exposes the review app URL as a CI/CD variable. You can pass this URL to the StackShield API so each merge request scans its own review environment rather than a fixed staging URL.

Does this work with GitLab self-managed instances?

Yes. The integration uses the StackShield API, which is cloud-based. As long as your GitLab runners can make outbound HTTPS requests and your application is reachable from the internet, it works with both GitLab.com and self-managed GitLab.

Can I run scans only on specific branches?

Yes. Use GitLab CI rules or only/except directives to control when the scan job runs. For example, you can run scans on merge requests to the main branch and on scheduled pipelines, but skip them on feature branch pushes.

Related Integrations

CI/CD

GitHub Actions

Run StackShield security scans as part of your GitHub Actions workflow. Catch misconfigurations before they reach production.
CI/CD

Bitbucket Pipelines

Integrate StackShield scans into Bitbucket Pipelines. Run automated security checks on your Laravel app with every deployment.
Alerting

Slack

Get instant Slack notifications when StackShield detects security issues in your Laravel app. Channel-based alerts keep your entire team informed.

Try StackShield Free for 14 Days

Start monitoring your Laravel application security in minutes. No installation required.

Start Free Trial