GitLab CI/CD

Overview

QCecuring integrates with GitLab CI/CD to provide secure code signing and certificate lifecycle operations within pipeline jobs. Teams sign artifacts and manage certificates as part of their DevSecOps workflows without exposing cryptographic keys to CI runners.

Key capabilities

• Pipeline components for code signing operations during build and release stages.
• Certificate provisioning jobs that deploy TLS certificates alongside application deployments.
• Secure key access through QCecuring’s API without storing private keys in GitLab variables.
• Support for GitLab’s CI/CD variables and protected environments for access control.
• Comprehensive audit logging linking signing events to pipelines, commits, and merge requests.

Typical use cases

• Teams using GitLab as their primary DevOps platform needing integrated code signing.
• Organizations deploying to Kubernetes from GitLab and requiring automated certificate provisioning.
• Security teams enforcing signing policies across all GitLab projects and groups.

High-level integration flow

1. Configure QCecuring API credentials as protected CI/CD variables in GitLab project or group settings.
2. Add signing and certificate stages to .gitlab-ci.yml pipeline definitions.
3. Pipeline jobs call QCecuring’s API to sign artifacts or request certificates during execution.
4. QCecuring enforces signing policies and returns signed artifacts or provisioned certificates.
5. All operations are recorded with full traceability to GitLab pipeline metadata and merge request context.

CBOM Discovery

QCecuring scans GitLab CI/CD pipelines for signing operations, certificate references, and crypto configurations, feeding them into your organization’s CBOM.