All project code hosted on SHIP-HATS 2.0 GitLab are transparently onboarded to XCA.
XCA runs when new code is committed directly to the default branch, or when a Merge Request is completed: Scan changed files in the default branch.
To access XCA findings:
When new code is committed to the default branch: Following the scan’s completion, any identified findings will be accessible on the project’s Security & Compliance > Vulnerability Report page. XCA findings are marked as “XCA” under the Identifier and Tool columns.
Last updated 07 Mar 2025
Thanks for letting us know that this page is useful for you!
If you've got a moment, please tell us what we did right so that we can do more of it.
Did this page help you? - No
Thanks for letting us know that this page still needs work to be done.
If you've got a moment, please tell us how we can make this page better.
XCA
A Set of Custom Rules That Detect Repeated Vulnerabilities in Code