Skip to content

Integrate GitLab with BoostSecurity

BoostSecurity lets you connect your GitLab instance to scan repositories, provision security scanners onto the repositories, and merge commits for security issues.

Prerequisites

To integrate GitLab into BoostSecurity, you will need the following:

  • Create a GitLab access token with the api scope selected. This access token can be:

    In all cases, the token must have the api scope enabled.

    • It advised that a protected, non-human GitLab account (such as a service account or bot user) be used to generate the token. Using a token tied to an individual's personal account increases the risk of the integration breaking if that user is offboarded or removed due to internal changes.

  • The entity associated with the token (whether personal, group, or service account) must have Owner permissions for the repositories within the GitLab groups being ingested into Boost.

1. Connect GitLab to BoostSecurity

To install the BoostSecurity integration for GitLab:

  1. Navigate to the Integrations page.

  2. Select the GitLab integration from the Available section and select the Install button.

    Select GitLab

  3. A window directs to providing the Access Token to GitLab. Provide the Access Token with the api scope selected and select Next.

    Installation

  4. Select the Group in GitLab: Once the Access Token is provided, the GitLab Group, which enables the integration, needs to be selected from the menu.

    Group

  5. Select Complete.

Once the installation is completed, the BoostSecurity GitLab card is added to the Settings > Integrations > Installed section. At this point, BoostSecurity integration is enabled for your GitLab group. Note that the steps can be repeated to allow integration with additional GitLab groups.

2. Default Scanner Protection

After successfully integrating into your GitLab organization, enabling the BoostSecurity scanner is recommended.

To do this,

  1. Navigate to the Scanner Coverage page and select the Default Scanner Protection column for your GitLab integration.

  2. Toggle SBOM, SAST, SCA, or Secrets to enable the BoostSecurity Scanner default protection on your GitLab resource..

    Enable CI/CD Scanner