| Field | Value |
|---|---|
| Category | CICD-SEC-10 |
| Platform | GitLab CI |
| Severity | LOW |
| Auto-fix | Flags jobs set to allow_failure: true, which lets the pipeline pass even when the job (e.g. a security scan) fails. |
What the check does
Silently tolerated failures erode visibility: a security or test job that always ‘passes’ provides no signal. Removeallow_failure from jobs whose result should gate the pipeline.
Why it matters
Findings for this rule fire only on.gitlab-ci.yml and .gitlab-ci/*.yml.
It is the GitLab analog of the correspondingly-numbered GitHub Actions rule; see
the rules overview for the full
GitLab table.