Skip to main content
FieldValue
CategoryCICD-SEC-10
PlatformGitLab CI
SeverityLOW
Auto-fixFlags jobs set to allow_failure: true, which lets the pipeline pass even when the job (e.g. a security scan) fails.

What the check does

Silently tolerated failures erode visibility: a security or test job that always ‘passes’ provides no signal. Remove allow_failure from jobs whose result should gate the pipeline.

Why it matters

Findings for this rule fire only on .gitlab-ci.yml and .gitlab-ci/*.yml. It is the GitLab analog of the correspondingly-numbered GitHub Actions rule; see the rules overview for the full GitLab table.