GitLab

Prerequisites

Before integrating GitLab, it is recommended to create an Invicti ASPM service account as a preparation step and ensure that this user has access to the projects to be scanned. Creating the user and adding it to the required organizations is sufficient.

Integration Steps:

To generate a Personal Access Token in GitLab, the following steps should be followed:

Sign in to the GitLab account.
In the upper-right corner, click the avatar and select Preferences.

From the User Settings menu, navigate to Access Tokens.

Provide a name for the token and, if required, define an expiration date.
Select the required scopes:
- api
- read_repository

Click the Create personal access token button.

📘
Once generated, the Personal Access Token must be stored securely. For security reasons, the token will not be displayed again after leaving or refreshing the page. If the token is not saved at this stage, a new token must be created.

After this step, the process can be continued from the Invicti ASPM UI using the generated token.

At this step, entering the token and clicking Test Connection is sufficient. If GitLab will also be used as an Issue Manager, the checkbox at the top of the list must be selected as well. When GitLab is used as an Issue Manager, an additional Label field becomes available. This setting applies only to issues that are created on GitLab through the Issue Manager integration. All issues generated by the system will be created using the specified labels.

Onboarding Projects

Afterwards, projects can be synchronized from the Sync option located next to the Activate button, allowing projects to be onboarded quickly.

When the Daily Sync feature is enabled, the system synchronizes projects from GitLab on a daily basis and automatically onboards all projects that have not yet been onboarded. If the license project count is limited, enabling this feature is not recommended. The available project quota may be consumed rapidly, which can prevent new projects from being added to the system.