Skip to main content
Gitlab

Collect group member access lists from your Gitlab resources

Micah Spieler avatar
Written by Micah Spieler
Updated over 11 months ago

With our Gitlab integration, you can attach group member access lists as evidence directly from your Gitlab resources. Using the integration helps increase efficiency (one less step in collecting evidence), data security (no need to download sensitive files onto your desktop first), and reduce clutter (collect directly from the primary source of truth).

Types of evidence you might collect from Gitlab

Many organizations use Gitlab as their version control system and restrict access to their code base via member groups.

  • Access management lists

  • Group member lists

Follow the instructions on this page to get started collecting evidence from Gitlab.

Step 1: Configure the integration

This integration uses Access Tokens to pull access lists data connects directly from your Gitlab account, which may require Gitlab admin privileges to configure. Once set up, anyone with access to collect evidence will be able to use this integration.

  1. Go to the Integrations Manager and click on the Gitlab card to access the integration configurations. Note: If you do not see Integrations Manager in your main navigation, you may not have access to this feature. Please contact your customer success manager for more information.

  2. Click on the "Connect" button.

Create new Access Token in Gitlab

To proceed, you will need to create a read_api personal Access Token in Gitlab. Depending on your Gitlab configuration, this may require admin privileges. Refer to Gitlab's documentation for more information about provisioning Gitlab Access Tokens.

  1. In Gitlab, create either a Project, Group, or Personal Access Token with a recognizable name (so that your future self knows what it is for) and an expiration date if desired (when the token expires, you will need to reconfigure the integration so it is recommended to at least set the expiration date for a year or longer). We recommend using Personal Access Tokens, if possible.

  2. Give the token read_api scopes.

  3. Important: Copy the token immediately and paste into Integration Manager; you will not be able to access the token again.

Connect the Gitlab Access Token with Strike Graph

Back in Strike Graph:

  1. Enter a name for the token (for example "Group membership token" or for more clarity you can use whatever you named the token in Gitlab).

  2. Paste the Access Token generated in Gitlab.

  3. Click "Save"

Step 2: Using Gitlab to attach group member lists to evidence

Once you have activated a Gitlab integration, you can use it to attach group member lists directly to your evidence.

  1. Open the evidence where you want to attach a file

  2. Click on the "Add Attachment" button to open the attachment modal

  3. In the attachment modal, select the integrations tab and then select your Gitlab integration from the list

  4. Enter the Gitlab Group ID of the access group that you want collect a member list from; you can find your Group ID in the Gitlab console by selecting the desired group and copying the "Group ID" which is under the group's title

  5. Click Attach; Please note: evidence collection may take 15-30 seconds while the attachment is prepared.

Removing your Gitlab integration

You can remove the integration at any time. Please note that removing an integration does not delete any files that were attached used during that integration. Removing an integration may also disrupt automated collection.

To remove:

  1. Go to the Integrations Manager and click on the Gitlab card to access the integration configurations.

  2. Click the "Deactivate" button next to the bucket name that you would like to deactivate.

Note: You may have access to remove integrations for other users on your team.

Using Automated Collection with Gitlab

With Automated Collection, Strike Graph can recollect evidence attachments from Gitlab a few days before expiration so that your evidence remains in an effective 'audit ready' state. More information is available here about configuring Automated Collection for your evidence.

The Gitlab integration primarily collects 'access list' type evidence attachments and so to ensure that Automated Collection gets the most up-to-date and accurate information, continue to maintain the same project or group IDs in Gitlab.

Questions?

Reach out through our chat feature for real-time Customer Success support 8 am - 5 pm PT Monday through Friday.

Did this answer your question?