Skip to content

Examples

Sample policies for common GitLab CI/CD compliance checks. Full files are in the repository under examples/example-policies/security/.

Quick start

Compliance

cp -r examples/example-policies/security/ policies/
gitlab-compliance check -f policies/ -p .gitlab-ci.yml

Documentation

gitlab-compliance generate -i .gitlab-ci.yml --format swagger-markdown -o pipeline-reference.md

See GitLab Docs output example for sample generate output.

Policy index

Consumption patterns

Shared job templates:

  • .compliance:offline: YAML-only policies (image pinning, execution policy, extends)
  • .compliance:api: API hardening, strict mode
  • .compliance:codequality: GitLab Code Quality MR report
  • .compliance:oci: Policies from OCI registry

Rollout strategy

  1. Warn-only — run in CI with allow_failure: true
  2. Block — remove allow_failure once baselines are fixed
  3. Central policies — version policies in a security repo or OCI registry
  4. Org-wide — inject compliance via Pipeline Execution Policy

See Using in CI/CD for pipeline integration.