> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pipefort.com/llms.txt
> Use this file to discover all available pages before exploring further.

# CICD-SEC-10 (GitLab) — allow_failure hides job failures

> Silently tolerated failures erode visibility: a security or test job that always 'passes' provides no signal. Remove `allow_failure` from jobs whose result should gate the pipeline.

| Field    | Value                                                                                                                 |
| -------- | --------------------------------------------------------------------------------------------------------------------- |
| Category | `CICD-SEC-10`                                                                                                         |
| Platform | GitLab CI                                                                                                             |
| Severity | **LOW**                                                                                                               |
| Auto-fix | Flags jobs set to `allow_failure: true`, which lets the pipeline pass even when the job (e.g. a security scan) fails. |

## What the check does

Silently tolerated failures erode visibility: a security or test job that always 'passes' provides no signal. Remove `allow_failure` from jobs whose result should gate the pipeline.

## Why it matters

Findings for this rule fire only on `.gitlab-ci.yml` and `.gitlab-ci/*.yml`.
It is the GitLab analog of the correspondingly-numbered GitHub Actions rule; see
the [rules overview](/rules/overview#gitlab-ci-workflow-checks) for the full
GitLab table.
