Gitlab Compliance Center

Prev Next

GitLab is a comprehensive DevSecOps platform that manages the entire software development lifecycle (SDLC). It provides Git repository management, continuous integration/continuous deployment (CI/CD), code review, issue tracking, within a single platform.  

More information can be found Gitlab's Website.

Integration Method: API

Tables: Detection Finding (2004)

This integration supports the following events.

Event

Description

Compliance Violations

Detect compliance violations in merge requests.

This integration supports the following versions.

Gitlab Version

18.0

Note:

Gitlab’s Graphql is versionless. More information can be found here.

Prerequisites

  • The user should have access to GitLab with an account that has the Administrator privileges. 

  • The user should have access to the DataBee console.

Configuration Overview

  1. Generate an API token with the required scopes.

  2. Add the Gitlab Compliance Center in the DataBee console with the below parameters.

    DataBee Parameter

    Gitlab Parameter

    Token

    Personal Access Token

Gitlab Compliance Center Configuration

  1. Login to the Gitlab portal and on the left sidebar, select your avatar.
     

  2. Select Edit Profile.
     

  3. On the left sidebar, select Access tokens.
     A screenshot of a computer  AI-generated content may be incorrect.

  4. Under Personal access tokens, click on Add new token.
     A screenshot of a computer  AI-generated content may be incorrect.

  5. Enter a ‘Token name’, select the token ‘Expiration date’ and check the read_api scope.
     A screenshot of a computer  AI-generated content may be incorrect.

  6. Scroll down and click on Create personal access token.
     

  7. Copy the token and save it somewhere safely.
     A screenshot of a computer  AI-generated content may be incorrect.

    Note:

    After you leave the page, you no longer have access to the token.

DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
     

  2. Search for the Gitlab Compliance Center and click it as shown below.
     

  3. Click on the API Ingest option for collection method.
     

  4. Enter feed contact information and click Next.
     

  5. In the configuration page, confirm the following:

    • API Base URL: this is the base URL that DataBee will interact with.

    • Authorization Method: Bearer Token

    • Token: paste the Personal Access Token generated earlier in the GitLab console.

    • Event Types: preselected for all the event types that integration pulls.
       

  6. Click Submit.

Troubleshooting Tips

  • Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

  • Ensure the Gitlab Compliance Center scopes/permissions are correct.