: Onboard a GitLab App to SSPM
Focus
Focus

Onboard a GitLab App to SSPM

Table of Contents

Onboard a GitLab App to SSPM

Connect a GitLab App instance to SSPM to detect posture risks.
For SSPM to detect posture risks in your self-managed GitLab instance, you must onboard your GitLab instance to SSPM. Through the onboarding process, SSPM connects to a GitLab API and, through the API, scans your GitLab instance for misconfigured settings. If there are misconfigured settings, SSPM suggests a remediation action based on best practices.
SSPM gets access to your GitLab instance through an administrator access token. During the onboarding process, SSPM prompts you for the access token and related information about your GitLab instance.
To onboard your GitLab instance, you complete the following actions:

Collect Information for Connecting to Your GitLab Instance

To access your GitLab instance, SSPM requires the following information, which you will specify during the onboarding process.
ItemDescription
Organization domain URLA URL that uniquely identifies your organization's self-managed GitLab instance.
Admin access tokenA generated character string that identifies a GitLab administrator to the GitLab API. SSPM requires this access token to authenticate to the API.
(Required Permissions) The administrator must configure the token to have read access to the API.
As you complete the following steps, make note of the values of the items described in the preceding table. You will need to enter these values during onboarding to access your GitLab instance from SSPM.
  1. Create an administrator access token.
    1. Log in to your organization's self-managed GitLab instance as an administrator.
    2. Locate your profile icon and select <profile-icon> Edit profile.
      GitLab displays the User Settings page for the administrator account.
    3. In the left navigation pane of the User Settings page, select Access Tokens.
    4. Configure your access token by specifying a name and expiration date, and by selecting the permission scopes.
      (Required Permissions) You must configure the token to have read access to the API. To do this, select the read_api scope.
    5. Create personal access token.
      GitLab displays your new personal access token.
    6. Copy the access token and paste it into a text file.
      Do not continue to the next step unless you have copied the administrator access token. You must provide this token to SSPM during the onboarding process.
  2. Identify your organization domain URL.
    To identify your organization domain URL, navigate to the login page for your organization's self-managed GitLab instance. Your organization domain URL appears after the "https://" scheme and before any backslash character. For example, https://<organization-name-URL>/users/sign_in.
    Make note of your organization domain URL. You will provide this information to SSPM during the onboarding process.

Connect SSPM to Your GitLab Instance

By adding a GitLab app in SSPM, you enable SSPM to connect to your self-managed GitLab instance.
  1. From the Add Application page (Posture SecurityApplicationsAdd Application ), click the GitLab tile.
  2. Under posture security instances, Add Instance or, if there is already an instance configured, Add New instance.
  3. Choose the option to Log in with Credentials.
  4. Enter the administrator access token and the organization domain URL.
  5. Connect.