[gravis]

GitLab offers free security checks for opensource projects (https://about.gitlab.com/blog/2018/06/05/gitlab-ultimate-and...). Enabling these checks is as simple as this one-liner (https://docs.gitlab.com/ee/user/application_security/sast/in...):

include: template: SAST.gitlab-ci.yml

Now do the same with Dependency Scanning, Container Scanning, DAST and License Compliance if needed.

Note that Auto-DevOps enables this automatically.

On a general note, I agree with you, Security should be available out of the box for everyone. I created last month this issue for this purpose, feel free to comment or watch it.