Introduction
Software delivery speed and security are no longer separate concerns – they must coexist. In this project, we designed and implemented a complete CI/CD/CS pipeline using GitLab self-hosted and Nessus Pro, delivering automated code deployment and continuous security auditing.
This hybrid approach helped development, operations, and security teams collaborate more efficiently – all under one unified platform.
The Challenge
- The organization required a fully on-premises solution (data sovereignty/compliance)
- No existing CI/CD pipelines or deployment automation
- Security scanning was performed manually and post-deployment
- No version control integration with vulnerability management tools
- Needed isolation between environments (dev, test, staging, prod)
The Solution
1. GitLab On-Prem CI/CD Architecture
- Deployed GitLab CE/EE on private infrastructure (with runners in Docker+VM environments)
- GitLab was integrated with:
- Docker Registry (private)
- Vault for secrets management
- GitLab Pages for internal documentation hosting
CI/CD Pipeline Stages:
- Linting & Static Code Analysis
- Unit & Integration Testing
- Build & Artifact Creation
- Staging Environment Deployments
- Production Deployments (manual or timed triggers)
2. Continuous Security (CS) with Nessus Pro
- Integrated Nessus Pro scanners into GitLab pipelines:
- Custom jobs ran targeted vulnerability scans against staging/prod environments
- Generated automated reports in HTML and JSON
- Used scan exit codes to block deployments if critical issues were found
- Vulnerability trends tracked per release and per environment
- Scheduled scans for persistent security baselines
3. Infrastructure-as-Code
- Used Ansible + Terraform to:
- Provision environments across bare metal, VMs, and cloud
- Automate GitLab runner creation and rotation
- Version control for pipeline templates and IaC modules
4. Monitoring & Audit
- Dashboards built using:
- Grafana + Prometheus for CI runner performance and job stats
- Centralized Nessus scan logs into Elasticsearch
- Internal audit logs stored for compliance & traceability
Results
| Capability | Before | After |
|---|---|---|
| Code delivery | Manual | Fully automated CI/CD |
| Security audits | Periodic, manual | Continuous via Nessus Pro |
| Deployment frequency | Monthly | Multiple times per day (staging) |
| Rollbacks | Manual + undocumented | Versioned, automated rollback options |
| Compliance reporting | Not centralized | Automated HTML/PDF security reports |
Conclusion
By unifying GitLab and Nessus Pro in a structured CI/CD/CS pipeline, we created a modern DevSecOps-ready infrastructure that:
- Enables faster, safer software releases
- Blocks vulnerable code from reaching production
- Provides traceability, observability, and compliance reporting
This architecture empowers developers, secops, and infrastructure teams to move faster — without sacrificing control or security.
