Re: Public?
A great place to store secrets is Hashicorp Vault which is integrated into GitLab: https://docs.gitlab.com/ee/ci/examples/authenticating-with-hashicorp-vault/
There are other good places too of course.
4 publicly visible posts • joined 7 Oct 2020
Security scans in GitLab are configured by the project maintainers on a per-project basis. https://docs.gitlab.com/ee/user/application_security/
The security scanning features are (for the most part) free for use by open-source projects (and a paid feature for private and customer self-hosted projects).
"Data sources
The trends report's underlying data is sourced from projects hosted on GitLab.com and does not include data from our self-managed customers. It is comprised of medium or higher severity vulnerabilities appearing in five or more projects that occurred between September 2019 and October 2020. All project-specific data was anonymized."