Skip to main content
FieldValue
CategoryCICD-SEC-1
PlatformGitLab CI
SeverityMEDIUM
Auto-fix

What the check does

Flags a project where only_allow_merge_if_pipeline_succeeds is off.

Why it matters

When merges don’t require a green pipeline, a merge request can land even though CI — including security scans and tests — failed, letting known-broken or vulnerable code reach the default branch. Enable Settings → Merge requests → ‘Pipelines must succeed’. Pipefort can fix this for you with --fix-settings-gl. This is a GitLab project-settings check: it reads the project configuration over the GitLab API (CLI: --git at a GitLab host with --gitlab-token; the web app uses its connected GitLab token) and reports under the Repository configuration group. See the rules overview.