Skip to main content

GitLab

GitLab is an open-source version control and collaboration platform. You can bring code projects, packages, repositories, user information, and other security data from GitLab into Brinqa to enhance your organization's security and risk management capabilities, thus strengthening your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with GitLab and how to obtain that information from GitLab. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select GitLab from the Connector drop-down. You must provide the following information to authenticate GitLab with Brinqa:

  • ARL: The GitLab API Server URL. The default URL is https://gitlab.com.

  • Access token: The access token associated with the GitLab project, which must have permissions to log in to the API server and return data.

Obtain a GitLab access token

For the GitLab connector to access the GitLab API, you must provide a project access token. To obtain an access token, follow these steps:

  1. Log in to your organization's GitLab portal as an administrator.

  2. Navigate to the GitLab project that you want to integrate into the Brinqa Platform.

  3. Navigate to Settings > Access Tokens.

  4. Click Add new token.

    Complete the following fields:

    • Token name: Provide a name for the token.

    • Token description: Provide a description for the token.

    • Expiration date: Set an expiry date for the token.

    • Select a role: Click the drop-down and select the Developer role, as this is the minimum level of access required to retrieve data from the GitLab API.

    • Select scopes: Select the following scopes, as these are the minimum scopes required to retrieve data from the GitLab API:

      • read_api
      • read_registry
      • read_repository

      GitLab PAT

  5. Click Create project access token.

    Your new access token displays. You can not view the token again. Copy and save it to a safe and secure location.

note

If you do not have permissions to create an access token, contact your GitLab administrator. For additional information, see GitLab documentation on Access Tokens, Projects, and Permissions and Roles.

Types of data to retrieve

The GitLab connector can retrieve the following types of data from the GitLab API:

Table 1: Data retrieved from GitLab

Connector ObjectRequiredMaps to Data Model
Code ProjectYesCode Project
Code RepositoryYesCode Repository
Open Source FindingYesOpen Source Finding
Open Source Finding DefinitionYesOpen Source Finding Definition
PackageYesPackage
PersonYesPerson
Static Code FindingYesStatic Code Finding
Static Code Finding DefinitionYesStatic Code Finding Definition
note

For detailed steps on how to view the data retrieved from GitLab in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes:

Code Project

Table 2: Code Project attribute mappings

Source Field NameMaps to Attribute
allow_merge_on_skipped_pipelineLocal variable
analytics_access_levelLocal variable
archivedLocal variable
auto_cancel_pending_pipelinesLocal variable
auto_devops_deploy_strategyLocal variable
auto_devops_enabledLocal variable
autoclose_referenced_issuesLocal variable
avatar_urlLocal variable
build_timeoutLocal variable
builds_access_levelLocal variable
can_create_merge_request_inLocal variable
ci_allow_fork_pipelines_to_run_in_parent_projectLocal variable
ci_config_pathLocal variable
ci_default_git_depthLocal variable
ci_forward_deployment_enabledLocal variable
ci_forward_deployment_rollback_allowedLocal variable
ci_job_token_scope_enabledLocal variable
ci_restrict_pipeline_cancellation_roleLocal variable
ci_separated_cachesLocal variable
container_registry_access_levelLocal variable
container_registry_enabledLocal variable
container_registry_image_prefixLocal variable
created_atsourceCreatedDate
creator_idLocal variable
default_branchLocal variable
descriptionLocal variable
empty_repoLocal variable
enforce_auth_checks_on_uploadsLocal variable
external_authorization_classification_labelLocal variable
forks_countLocal variable
forking_access_levelLocal variable
group_runners_enabledLocal variable
http_url_to_repoLocal variable
iduid
import_statusLocal variable
issues_access_levelLocal variable
issues_enabledLocal variable
job_enabledLocal variable
keep_latest_artifactLocal variable
last_activity_atLocal variable
links_cluster_agentsLocal variable
links_eventsLocal variable
links_issuesLocal variable
links_labelsLocal variable
links_membersLocal variable
links_merge_requestsLocal variable
links_repo_branchesLocal variable
links_selfLocal variable
lfs_enabledLocal variable
merge_commit_templateLocal variable
merge_methodLocal variable
merge_requests_access_levelLocal variable
merge_requests_enabledLocal variable
namename
name_with_namespaceLocal variable
namespace.full_PathLocal variable
namespace.kindLocal variable
namespace.nameLocal variable
namespace.parent_IdLocal variable
namespace.pathLocal variable
namespace.webUrlLocal variable
open_issues_countLocal variable
owner_idLocal variable
pages_access_levelLocal variable
packages_enabledLocal variable
pathLocal variable
path_with_namespaceLocal variable
permission.group_access_levelLocal variable
permission.group_notification_levelLocal variable
permissions.project_access_levelLocal variable
permissions.project_notification_levelLocal variable
printing_merge_request_link_enabledLocal variable
public_jobsLocal variable
readme_urlLocal variable
remove_source_branch_after_mergeLocal variable
repository_access_levelLocal variable
request_access_enabledLocal variable
resolve_outdated_diff_discussionsLocal variable
security_and_compliance_access_levelLocal variable
security_and_compliance_enabledLocal variable
shared_runners_enabledLocal variable
snippets_access_levelLocal variable
snippets_enabledLocal variable
squash_commit_templateLocal variable
squash_optionLocal variable
ssh_url_to_repoLocal variable
star_countLocal variable
suggestion_commit_messageLocal variable
topicsLocal variable
updated_atLocal variable
visibilityLocal variable
warn_about_potentially_unwanted_charactersLocal variable
web_urlLocal variable
wiki_access_levelLocal variable
wiki_enabledLocal variable
Code Repository

Table 3: Code Repository attribute mappings

Source Field NameMaps to Attribute
iduid
modeLocal variable
namename
pathLocal variable
typeLocal variable
Package

Table 4: Package attribute mappings

Source Field NameMaps to Attribute
_links.web_pathLocal variable
created_atsourceCreatedDate
iduid
last_downloaded_atLocal variable
namename
package_typecategories
pipeline.created_atLocal variable
pipeline.idLocal variable
pipeline.iidLocal variable
pipeline.project_idLocal variable
pipeline.refLocal variable
pipeline.shaLocal variable
pipeline.sourceLocal variable
pipeline.statusLocal variable
pipeline.updated_atLocal variable
pipeline.user.idLocal variable
pipeline.user.usernameLocal variable
pipeline.web_urlLocal variable
pipelinesLocal variable
statusLocal variable
tagsLocal variable
versionlatestVersion
Person

Table 5: Person attribute mappings

Source Field NameMaps to Attribute
access_levelLocal variable
avatar_urlLocal variable
created_atsourceCreatedDate
created_by.idLocal variable
created_by.usernameowner
expires_atLocal variable
iduid
lockedLocal variable
membership_stateLocal variable
namename
stateLocal variable
usernameusername
web_urlLocal variable
Open Source Finding

Table 6: Open Source Finding attribute mappings

Source Field NameMaps to Attribute
blob_pathLocal variable
confidenceLocal variable
create_jira_issue_urlLocal variable
create_vulnerability_feedback_dismissal_pathLocal variable
create_vulnerability_feedback_issue_pathLocal variable
create_vulnerability_feedback_merge_request_pathLocal variable
dismissal_feedbackLocal variable
evidenceLocal variable
evidence_sourceLocal variable
false_positiveLocal variable
iduid
identifiers.external_idLocal variable
identifiers.external_typeLocal variable
identifiers.nameLocal variable
identifiers.urlLocal variable
location.classLocal variable
location.filepath
location.methodLocal variable
location.start_lineLocal variable
nameuid
project_fingerprintLocal variable
project.idtargets
report_typecategories
scan.build_idLocal variable
scan.created_atLocal variable
scan.findings_partition_numberLocal variable
scan.idLocal variable
scan.pipeline_idLocal variable
scan.statuslastScanStatus
scan.typeLocal variable
scan.updated_atlastScanned
scanner.external_idLocal variable
scanner.nameLocal variable
scanner.vendorLocal variable
severityLocal variable
statestatus(normalize), statusCategory, sourceStatus
uuidLocal variable
vulnerable_package_nameLocal variable
vulnerable_package_valueLocal variable
Open Source Finding Definition

Table 7: Open Source Finding Definition attribute mappings

Source Field NameMaps to Attribute
confidenceLocal variable
descriptiondescription
dismissal_feedbackLocal variable
evidenceLocal variable
evidence_sourceLocal variable
false_positiveLocal variable
iduid
identifiers.external_idLocal variable
identifiers.external_typeLocal variable
identifiers.nameLocal variable
identifiers.urlLocal variable
linksreferences
namename,uid
report_typecategories
scanner.external_idLocal variable
scanner.nameLocal variable
scanner.vendorLocal variable
severityseverity(normalize), sourceSeverity, severityScore
solutionrecommendation
uuidLocal variable
vulnerable_package_nameLocal variable
vulnerable_package_valueLocal variable
Static Code Finding

Table 8: Static Code Finding attribute mappings

Source Field NameMaps to Attribute
blob_pathLocal variable
confidenceLocal variable
create_jira_issue_urlLocal variable
create_vulnerability_feedback_dismissal_pathLocal variable
create_vulnerability_feedback_issue_pathLocal variable
create_vulnerability_feedback_merge_request_pathLocal variable
dismissal_feedbackLocal variable
evidenceLocal variable
evidence_sourceLocal variable
false_positiveLocal variable
iduid
identifiers.external_idLocal variable
identifiers.external_typeLocal variable
identifiers.nameLocal variable
identifiers.urlLocal variable
location.classLocal variable
location.filepath
location.methodLocal variable
location.start_lineLocal variable
nameuid
project_fingerprintLocal variable
project.idtargets
report_typecategories
scan.build_idLocal variable
scan.created_atLocal variable
scan.findings_partition_numberLocal variable
scan.idLocal variable
scan.pipeline_idLocal variable
scan.statuslastScanStatus
scan.typeLocal variable
scan.updated_atlastScanned
scanner.external_idLocal variable
scanner.nameLocal variable
scanner.vendorLocal variable
severityLocal variable
statestatus(normalize), statusCategory, sourceStatus
uuidLocal variable
vulnerable_package_nameLocal variable
vulnerable_package_valueLocal variable
Static Code Finding Definition

Table 9: Static Code Finding Definition attribute mappings

Source Field NameMaps to Attribute
confidenceLocal variable
descriptiondescription
dismissal_feedbackLocal variable
evidenceLocal variable
evidence_sourceLocal variable
false_positiveLocal variable
iduid
identifiers.external_idLocal variable
identifiers.external_typeLocal variable
identifiers.nameLocal variable
identifiers.urlLocal variable
linksreferences
namename,uid
report_typecategories
scanner.external_idLocal variable
scanner.nameLocal variable
scanner.vendorLocal variable
severityseverity(normalize), sourceSeverity, severityScore
solutionrecommendation
uuidLocal variable
vulnerable_package_nameLocal variable
vulnerable_package_valueLocal variable
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Additional settings

The GitLab connector contains additional options for specific configuration:

  • Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.

  • Parallel requests: The maximum number of parallel API requests. The default setting is 4.

Operation options

The GitLab connector supports the following operation options. See connector operation options for information about how to apply them.

Table 10: GitLab connector operation options

Connector ObjectOptionAll Possible ValuesDescriptionExample
Code Projectarchivedtrue, falseLimit retrieved code projects by their archived status, as determined by GitLab.Key: archived Value: true This key and value combination retrieves archived code projects.
ownedtrue, falseLimit retrieved code projects by whether or not they have an owner, as determined by GitLab.Key: owned Value: true. This key and value combination only retrieves code projects that have an owner.
visibilityinternal, public, privateA comma-separated list of code project visibility statuses. Limit retrieved code projects by their visibility status, as determined by GitLab.Key: visibility Value: internal,private. This key and value combination only retrieves internal and private code projects.
Code RepositorypathAny code repository pathA comma-separated list of of code repository paths. Limit the retrieval of code repositories from the specified path(s).Key: path Value: src/main,files/images. This key and value combination only retrieves code repositories with the src/main or files/images paths.
recursivetrue, falseLimit retrieved repository content to either a flat or recursive directory tree. Default is false.Key: recursive Value: true. This key and value combination retrieves the content recursively within all subdirectories.
refAny code repository branch or tag nameA comma-separated list of code repository branch or tag names. Limit retrieval of code projects by the specified ref.Key: ref Value: main,new-pipeline,test-branch-1. This key and value combination only retrieves code repositories with the main, new-pipeline, or test-branch-1 branch or tag names.
Packagestatusdefault, error, hidden, pending_destruction, processingA comma separated list of package statuses, as determined by GitLab. Retrieve packages with the specified status(es).Key: status Value: default,processing. This key and value combination only retrieves default and processing packages.
Open Source Finding,
Open Source Finding Definition,
Static Code Finding,
Static Code Finding Definition
severityinfo, unknown, low, medium, high, criticalA comma-separated list of vulnerability severities, as determined by GitLab. Retrieve vulnerabilities with the specified severity level(s).Key: severity Value: high,critical. This key and value combination only retrieves high and critical vulnerabilities.
note

The option keys and values are case-sensitive as they are shown in this documentation.

APIs

The GitLab connector uses the GitLab REST API v4. Specifically, it uses the following endpoints:

Table 11: GitLab API Endpoints

Connector ObjectAPI Endpoint
Code ProjectGET /api/v4/projects?membership=true
Code RepositoryGET /api/v4/projects
GET /api/v4/projects/:id/repository/tree
PackageGET /api/v4/projects
GET /api/v4/projects/:id/packages
PersonGET /api/v4/projects
GET /api/v4/projects/:id/members/all
Open Source FindingGET /api/v4/projects
GET /api/v4/projects/:id/vulnerability_findings
Open Source Finding DefinitionGET /api/v4/projects
GET /api/v4/projects/:id/vulnerability_findings
Static Code FindingGET /api/v4/projects
GET /api/v4/projects/:id/vulnerability_findings
Static Code Finding DefinitionGET /api/v4/projects
GET /api/v4/projects/:id/vulnerability_findings

Changelog

The GitLab connector has undergone the following changes:

3.0.2

  • Added the LABELS attribute to the Code Project object.

3.0.1

  • Changed the CREATED_BY attribute type on the Person object from integer to string.

3.0.0