GitLab Security
  • 24 Mar 2025
  • 1 Minute to read
  • Dark
    Light

GitLab Security

  • Dark
    Light

Article summary

GitLab integrates a wide array of security tools directly into the development workflow including SAST, DAST, container scanning, SCA, secret detection, and fuzz testing. This enables developers to identify and address security vulnerabilities.

More information can be found at GitLab's Website.

Integration Method: API

Tables: Vulnerability Findings (2002), Detection Findings (2004)

This integration supports the following events. 

Event

Description

Vulnerabilities

Get vulnerability information for the queried project folder.

This integration was tested against the following versions

GitLab Version Tested

GitLab Enterprise Edition 17.9.0-pre

GitLab API version

v4.0

Prerequisites

  • The user should have GitLab Administrator privileges to create API tokens.

  • The user should have DataBee console access.

Configuration Overview

  1. Generate an API token on the GitLab console with the required scopes.

  2. Add the GitLab data feed integration in the DataBee console with the required API token.

    DataBee Parameter

    GitLab Parameter

    Token

    Personal Access Token

GitLab Configuration

Start by creating an API Token for the integration.

  1. Login to your GitLab account which has Administrator privileges.

  2. In the upper-left corner, select the Avatar, then click Preferences.
     

  3. Select the Access tokens from the side bar.


  4. Click Add new token button under Personal access tokens.

  5. Fill in a ‘Token name’, ‘Token description’ and ‘Expiration date’. Choose a 12-month expiration. Longer expiration times can minimize disruption.

  6. Select the following scopes and click Create personal access token.

    1. read_api

    2. read_user

    3. read_repository

  7. Copy and save the generated Personal access token.


    Note:

    Copy and save the personal access token. The personal access token cannot be shown again. The credentials will expire in 12 months, you will have to generate them again and update them in DataBee as well.

DataBee Configuration

  1. Login to the DataBee console, navigate to Data > Data Feeds and click the Add New Data Feed button.
     

  2. Search for the GitLab Security option using the search bar in the Add New Data Feed page.

  3. Click on the API Ingest option for collection method.

  4. Enter feed contact information and click Next.

  5. In the configuration page, confirm the following:

    • Authorization Method: Bearer Token

    • API Base URL: this is the base URL that DataBee will interact with.

    • Token: paste the Personal Access Token generated earlier in the GitLab console.

    • Event types: Preselected for all the event types that integration pulls.

  6. Click Submit.

Troubleshooting Tips

  • Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

  • Ensure the GitLab scope/permissions is correct.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence