Secret Detection: Fail if found

Is there a way to fail the secret detection or SAST jobs if a vulnerability is found?

You can add an additional job, where you read the reports and use a conbination of jq and grep to fail the pipeline.

sast-job:
  ...
  artifacts:
    paths:
       - gl-sast-report.json
    reports:
      sast: gl-sast-report.json

fail-on-detection:
  needs: 
    - sast-job
  script:
    - jq '.vulnerabilities[] | .severity' gl-sast-report.json | grep 'Critical' && exit 1;