Integrate GitLab with BoostSecurity¶

BoostSecurity lets you connect your GitLab instance to scan repositories, merge requests, and code commits for security issues.

Prerequisites¶

To integrate GitLab into BoostSecurity, you will need the following:

A Personal Access Token with API permissions created in GitLab.
Account-level admin access and every child in the selected group will also be onboarded.

Permissions¶

The required permissions for GitLab integration to BoostSecurity include the following:

Read access: Dependabot alerts, actions, administration, members, metadata, organization administration, hooks, organization secrets, secret scanning alerts, and security events.
Read & Write access - Access to the API, including all groups and projects and the container and package registries.

1. Connect GitLab to BoostSecurity¶

To install the BoostSecurity integration for GitLab:

Navigate to the Integrations page.
Select the GitLab integration from the Available section and select the Install button.
A window directs to providing the Personal Access Token to GitLab. Provide the Personal Access Token and select Next.
Select the Group in GitLab: Once the Personal Access Token is provided, the GitLab Group, which enables the integration, needs to be selected from the menu.
Select Complete.

Once the installation is completed, the BoostSecurity GitLab card is added to the Settings > Integrations > Installed section. At this point, BoostSecurity integration is enabled for your GitLab group. Note that the steps can be repeated to allow integration with additional GitLab groups.

2. CI/CD Pipeline Configuration¶

After successfully integrating into your GitLab organization, enabling the CI/CD scanner is recommended.

To do this,

Navigate to the Scanner Coverage page and select the Default Scanner Protection column for your GitLab integration.
Toggle to Enable the CI/CD scanner for new organizations and repositories.