Skip to main content
FieldValue
CategoryCICD-SEC-4
PlatformGitLab CI
SeverityMEDIUM
Auto-fix

What the check does

Flags a project with public pipelines (public_builds) enabled.

Why it matters

Public pipelines let non-members view CI job logs and download build artifacts. Secrets accidentally echoed into logs, or credentials baked into artifacts, then leak to anyone. Turn off Settings → CI/CD → General pipelines → ‘Public pipelines’. Pipefort can fix this with --fix-settings-gl. This is a GitLab project-settings check: it reads the project configuration over the GitLab API (CLI: --git at a GitLab host with --gitlab-token; the web app uses its connected GitLab token) and reports under the Repository configuration group. See the rules overview.