Qualys WAS Integration with GitLab
Release 1.0.0
May 04, 2026
Qualys Web Application Scanning (WAS) is a cloud-based security solution that monitors, detects, and reports vulnerabilities, misconfigurations, and web malware in web applications and APIs. The Qualys WAS integration with GitLab enables automated web application security scans directly within CI/CD pipelines using a dedicated script. This integration helps development teams identify application vulnerabilities early and maintain continuous visibility into application security risks, enabling faster remediation and more secure application releases.
Qualys WAS for GitLab provides you with the following features:
-
Launch Scan Capability: Enables initiating a scan for WebApp applications.
-
Flexible Execution Options: Choose to wait for the scan result or proceed with execution immediately after launching the scan.
-
JSON Output Storage: Scan results are automatically stored in JSON format for easy access and integration.
-
Scan ID Logging: When not waiting for results, the system logs the Scan ID for future reference and follow-up.
-
Vulnerability Exclusion Support: Allows users to specify and exclude certain vulnerabilities from being scanned.
-
OpenID Connect Authentication Support: Supports OIDC Authentication.
You need to create a user-level client; see Set up Token-based Authentication from UI.