As a GitLab Ultimate subscriber you have access to the Security Dashboards and Security Center features. You can then employ Meterian as your main security scanner to view trends about vulnerabilities detected in your groups and projects.

To get started, set up Meterian in your GitLab CI/CD pipeline to perform scans and generate and upload results directly to GitLab

meterian-analysis:
  image:
    name: meterian/cli:latest
    entrypoint: [""]
 
  allow_failure: true 
 
  stage: test
  script:
    - curl -o /tmp/meterian-cli.jar -O -J -L -s https://www.meterian.com/downloads/meterian-cli.jar
    - java -jar /tmp/meterian-cli.jar --report-gitlab=gitlab_report.json || true
   
  artifacts:
    reports:
      dependency_scanning: gitlab_report.json

To ensure the results of the scan are uploaded the overall pipeline must succeed. This is why the scan job shown above has the attribute allow_failure set to true and has the exit code of the client invocation overridden with the expression || true. This will render it a non blocking job.

The client is instructed to generate GitLab-compatible results in the form of a JSON report (--report-gitlab=gitlab_report.json). The report is later uploaded to GitLab for browsing in the Security Dashboards