- 24 Mar 2025
- 1 Minute to read
- Print
- DarkLight
GitLab Security
- Updated on 24 Mar 2025
- 1 Minute to read
- Print
- DarkLight
GitLab integrates a wide array of security tools directly into the development workflow including SAST, DAST, container scanning, SCA, secret detection, and fuzz testing. This enables developers to identify and address security vulnerabilities.
More information can be found at GitLab's Website.
Integration Method: API
Tables: Vulnerability Findings (2002), Detection Findings (2004)
This integration supports the following events.
Event | Description |
---|---|
Vulnerabilities | Get vulnerability information for the queried project folder. |
This integration was tested against the following versions
GitLab Version Tested | GitLab Enterprise Edition 17.9.0-pre |
GitLab API version | v4.0 |
Prerequisites
The user should have GitLab Administrator privileges to create API tokens.
The user should have DataBee console access.
Configuration Overview
Generate an API token on the GitLab console with the required scopes.
Add the GitLab data feed integration in the DataBee console with the required API token.
DataBee Parameter
GitLab Parameter
Token
GitLab Configuration
Start by creating an API Token for the integration.
Login to your GitLab account which has Administrator privileges.
In the upper-left corner, select the Avatar, then click Preferences.
Select the Access tokens from the side bar.
Click Add new token button under Personal access tokens.
Fill in a ‘Token name’, ‘Token description’ and ‘Expiration date’. Choose a 12-month expiration. Longer expiration times can minimize disruption.
Select the following scopes and click Create personal access token.
read_api
read_user
read_repository
Copy and save the generated Personal access token.
Note:
Copy and save the personal access token. The personal access token cannot be shown again. The credentials will expire in 12 months, you will have to generate them again and update them in DataBee as well.
DataBee Configuration
Login to the DataBee console, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the GitLab Security option using the search bar in the Add New Data Feed page.
Click on the API Ingest option for collection method.
Enter feed contact information and click Next.
In the configuration page, confirm the following:
Authorization Method: Bearer Token
API Base URL: this is the base URL that DataBee will interact with.
Token: paste the Personal Access Token generated earlier in the GitLab console.
Event types: Preselected for all the event types that integration pulls.
Click Submit.
Troubleshooting Tips
Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.
Ensure the GitLab scope/permissions is correct.