Integrate GitLab with BoostSecurity¶
BoostSecurity allows you to connect your GitLab instance to scan repositories, merge requests, and code commits for security issues.
Prerequisites¶
To integrate GitLab to BoostSecurity, you will need the following:
- A Personal Access Token with API permissions created in GitLab.
- Account-level admin access and every child in the selected group will also be onboarded.
Permissions¶
The required permissions for GitLab integration to BoostSecurity includes:
-
Read access: Dependabot alerts, actions, administration, members, metadata, organization administration, organization hooks, organization secrets, secret scanning alerts, and security events.
-
Read & Write access - Access to the API, including all groups and projects, the container registry, and the package registry.
1. Connect GitLab to BoostSecurity¶
To install the BoostSecurity integration for GitLab:
- Navigate to the
Integrations page. -
Select the GitLab integration from the
Availablesection and select the Install button.
-
A window pops up directing to providing the Personal Access Token to GitLab. Provide the Personal Access Token and select Next.
-
Select the Group in GitLab: Once the Personal Access Token is provided, the GitLab Group, with which to enable the integration, needs to be selected from the menu.
-
Select Complete.
Once the installation is completed, the BoostSecurity GitLab card is added to the Settings > Integrations > Installed section. At this point, BoostSecurity integration is enabled for your GitLab group. Note that the steps can be repeated to enable the integration with additional GitLab groups.
2. CI/CD Pipeline Configuration¶
After a successful integration to your GitLab organization, it is recommended to enable the CI/CD scanner.
To do this,
-
Navigate to the Scanner Coverage page and select the Default Scanner Protection column for your GitLab integration.
-
Toggle to Enable the CI/CD scanner for new organizations and repositories.
