> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pipefort.com/llms.txt
> Use this file to discover all available pages before exploring further.

# CICD-SEC-1 (GitLab) — Merges allowed without a passing pipeline

> Flags a project where `only_allow_merge_if_pipeline_succeeds` is off.

| Field    | Value        |
| -------- | ------------ |
| Category | `CICD-SEC-1` |
| Platform | GitLab CI    |
| Severity | **MEDIUM**   |
| Auto-fix | ✓            |

## What the check does

Flags a project where `only_allow_merge_if_pipeline_succeeds` is off.

## Why it matters

When merges don't require a green pipeline, a merge request can land even though CI — including security scans and tests — failed, letting known-broken or vulnerable code reach the default branch. Enable Settings → Merge requests → 'Pipelines must succeed'. Pipefort can fix this for you with `--fix-settings-gl`.

This is a GitLab project-settings check: it reads the project configuration over
the GitLab API (CLI: `--git` at a GitLab host with `--gitlab-token`; the web
app uses its connected GitLab token) and reports under the **Repository
configuration** group. See the [rules overview](/rules/overview#gitlab-project-settings).
