Login
    Contents x
    GitLab Security
    • 24 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    Contents

    GitLab Security

    • Updated on 24 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    Article summary

    GitLab integrates a wide array of security tools directly into the development workflow including SAST, DAST, container scanning, SCA, secret detection, and fuzz testing. This enables developers to identify and address security vulnerabilities.

    More information can be found at GitLab's Website.

    Integration Method: API

    Tables: Vulnerability Findings (2002), Detection Findings (2004)

    This integration supports the following events. 

    Event

    Description

    Vulnerabilities

    Get vulnerability information for the queried project folder.

    This integration was tested against the following versions

    GitLab Version Tested

    GitLab Enterprise Edition 17.9.0-pre

    GitLab API version

    v4.0

    Prerequisites

    • The user should have GitLab Administrator privileges to create API tokens.

    • The user should have DataBee console access.

    Configuration Overview

    1. Generate an API token on the GitLab console with the required scopes.

    2. Add the GitLab data feed integration in the DataBee console with the required API token.

      DataBee Parameter

      GitLab Parameter

      Token

      Personal Access Token

    GitLab Configuration

    Start by creating an API Token for the integration.

    1. Login to your GitLab account which has Administrator privileges.

    2. In the upper-left corner, select the Avatar, then click Preferences.
       

    3. Select the Access tokens from the side bar.


    4. Click Add new token button under Personal access tokens.

    5. Fill in a ‘Token name’, ‘Token description’ and ‘Expiration date’. Choose a 12-month expiration. Longer expiration times can minimize disruption.

    6. Select the following scopes and click Create personal access token.

      1. read_api

      2. read_user

      3. read_repository

    7. Copy and save the generated Personal access token.


      Note:

      Copy and save the personal access token. The personal access token cannot be shown again. The credentials will expire in 12 months, you will have to generate them again and update them in DataBee as well.

    DataBee Configuration

    1. Login to the DataBee console, navigate to Data > Data Feeds and click the Add New Data Feed button.
       

    2. Search for the GitLab Security option using the search bar in the Add New Data Feed page.

    3. Click on the API Ingest option for collection method.

    4. Enter feed contact information and click Next.

    5. In the configuration page, confirm the following:

      • Authorization Method: Bearer Token

      • API Base URL: this is the base URL that DataBee will interact with.

      • Token: paste the Personal Access Token generated earlier in the GitLab console.

      • Event types: Preselected for all the event types that integration pulls.

    6. Click Submit.

    Troubleshooting Tips

    • Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

    • Ensure the GitLab scope/permissions is correct.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence