curl --request POST --form "token=$CI_JOB_TOKEN" --form "ref=main" "https://gitlab.com/api/v4/projects/123/trigger/pipeline" This allows external systems (monitoring, chatops) to start pipelines. DevOps automation must include security. GitLab provides native security scanning. SAST (Static Application Security Testing) Add to your pipeline:
variables: DOCKER_REGISTRY: registry.gitlab.com APP_NAME: myapp job: script: - docker build -t $DOCKER_REGISTRY/$APP_NAME . automating devops with gitlab ci/cd pipelines read online
build: stage: build-image image: docker:20.10.16 services: - docker:20.10.16-dind script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - docker build -t $IMAGE_TAG . - docker push $IMAGE_TAG only: - main SAST (Static Application Security Testing) Add to your
workflow: rules: - if: $CI_PIPELINE_SOURCE == "merge_request_event" - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS when: never - if: $CI_COMMIT_BRANCH Now each merge request runs a full pipeline, and GitLab blocks merging if tests fail. Modern applications often consist of multiple microservices. GitLab supports cross-project automation. Triggering a downstream pipeline In project A (frontend): Modern applications often consist of multiple microservices
include: - template: Security/SAST.gitlab-ci.yml GitLab automatically runs SAST scanners for your language (Python, Java, Go, etc.) and shows vulnerabilities in merge requests. include: - template: Security/Dependency-Scanning.gitlab-ci.yml Secret Detection Prevents accidental commits of passwords/keys:
GitLab then shows a dashboard of deployments, and you can roll back from the UI. For secure cluster access, use the GitLab Agent instead of storing kubeconfig .