diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 00000000..3ed11f45
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,26 @@
+build:
+  image: maven:3.6-jdk-8-slim
+  stage: build
+  script:
+    - mvn package -Dmaven.repo.local=./.m2/repository
+  artifacts:
+    paths:
+      - .m2/
+      - target/
+
+include:
+  - template: Auto-DevOps.gitlab-ci.yml
+
+dependency_scanning:
+  variables:
+    DS_JAVA_VERSION: 8
+
+spotbugs-sast:
+  dependencies:
+    - build
+  variables:
+    MAVEN_REPO_PATH: $CI_PROJECT_DIR/.m2/repository
+    COMPILE: "false"
+  artifacts:
+    reports:
+      sast: gl-sast-report.json
diff --git a/README.md b/README.md
index edfda09c..73a3eec9 100644
--- a/README.md
+++ b/README.md
@@ -195,6 +195,11 @@ joychou/joychou123
 
 Tomcat's default JSESSION session is valid for 30 minutes, so a 30-minute non-operational session will expire. In order to solve this problem, the rememberMe function is introduced, and the default expiration time is 2 weeks.
 
+## Vulnerability Scanning Tools
+
+1. JiHu GitLab Ultimate: [SaaS Demo](https://jihulab.com/ultimate-plan/demo/java-sec-code/-/merge_requests/1)
+
+![JiHu GitLab merge request security widget](https://user-images.githubusercontent.com/4971414/191453036-db0c8d29-1e8e-438a-8527-e70f259eb80d.png)
 
 ## Contributors
 
diff --git a/README_zh.md b/README_zh.md
index 111c8be3..91f87171 100644
--- a/README_zh.md
+++ b/README_zh.md
@@ -187,6 +187,11 @@ joychou/joychou123
 
 Tomcat默认JSESSION会话有效时间为30分钟，所以30分钟不操作会话将过期。为了解决这一问题，引入rememberMe功能，默认过期时间为2周。
 
+## 漏洞扫描工具
+
+1. 极狐 GitLab 旗舰版：[SaaS Demo](https://jihulab.com/ultimate-plan/demo/java-sec-code/-/merge_requests/1)
+
+![极狐 GitLab 合并请求显示漏洞结果](https://user-images.githubusercontent.com/4971414/191448861-e3263b67-dc46-443b-8be2-ede41f7d8a0a.png)
 
 ## 贡献者