Skip to main content
On this page
ISSUE-403 Low Quick Pipeline Composition

Outdated template

Control: Pipeline must use only up-to-date includes · Config key: includesMustBeUpToDate

📋 What is this?

An outdated template is used in the project CI/CD pipeline configuration.

⚠️ Impact

Outdated templates may have known vulnerabilities or lack compliance with current standards. For example, if your security scan template is outdated, it might miss detecting recent threats.

🔧 How to fix

Update the template in your project CI/CD configuration file to the latest version to ensure security and compliance.

✗ Before Components are several versions behind the latest release.
# .gitlab-ci.yml — ❌ Uses outdated version
include:
  - component: gitlab.com/components/sast/sast@1.0.0
    # Latest available: 1.5.2


  - component: gitlab.com/components/secret-detection/secret-detection@2.1.0
    # Latest available: 2.4.1
✓ After Components are up to date with the latest releases.
# .gitlab-ci.yml — ✅ Uses latest versions
include:
  - component: gitlab.com/components/sast/sast@1.5.2


  - component: gitlab.com/components/secret-detection/secret-detection@2.4.1

💡 Tips

  • Use Plumber regularly to detect outdated includes before they become a security risk.
  • Consider using Renovate or Dependabot to automate version updates in your CI configuration.
  • Check the CI Catalog changelog for breaking changes before updating major versions.

⚙️ Configuration

This control is configured in .plumber.yaml under the key:

controls:
  includesMustBeUpToDate:
    enabled: true

See the CLI documentation for the full configuration reference.

🔗 Related issues

ISSUE-401 Hardcoded job
Medium Medium
ISSUE-404 Forbidden include version
Medium Quick