SaaS Security
Onboard a GitLab App to SSPM
Table of Contents
Onboard a GitLab App to SSPM
Connect a GitLab App instance to SSPM to detect posture risks.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Data Security license:
|
For SSPM to detect posture risks in your self-managed GitLab instance, you must
onboard your GitLab instance to SSPM. Through the onboarding process, SSPM connects
to a GitLab API and, through the API, scans your GitLab instance for misconfigured
settings. If there are misconfigured settings, SSPM suggests a remediation action
based on best practices.
SSPM gets access to your GitLab instance through an administrator access token.
During the onboarding process, SSPM prompts you for the access token and related
information about your GitLab instance.
To onboard your GitLab instance, you complete the following actions:
- Collect Information for Connecting to Your GitLab Instance
- Connect SSPM to Your GitLab Instance
Collect Information for Connecting to Your GitLab Instance
To access your GitLab instance, SSPM requires the following information, which
you will specify during the onboarding process.
| Item | Description |
|---|---|
| Organization domain URL | A URL that uniquely identifies your organization's self-managed GitLab instance. |
| Admin access token | A generated character string that identifies a GitLab
administrator to the GitLab API. SSPM requires this access token
to authenticate to the API. (Required Permissions)
The administrator must configure the token to have read
access to the API. |
As you complete the following steps, make note of the values of the items
described in the preceding table. You will need to enter these values during
onboarding to access your GitLab instance from SSPM.
- Create an administrator access token.
- Log in to your organization's self-managed GitLab instance as an administrator.
- Locate your profile icon and select .GitLab displays the User Settings page for the administrator account.
- In the left navigation pane of the User Settings page, select Access Tokens.
- Configure your access token by specifying a name and expiration
date, and by selecting the permission scopes.(Required Permissions) You must configure the token to have read access to the API and the authenticated user's profile. To do this, select the read_api and read_user scopes.
- Create personal access token.GitLab displays your new personal access token.
- Copy the access token and paste it into a text file.Do not continue to the next step unless you have copied the administrator access token. You must provide this token to SSPM during the onboarding process.
- Identify your organization domain URL.To identify your organization domain URL, navigate to the login page for your organization's self-managed GitLab instance. Your organization domain URL appears after the "https://" scheme and before any backslash character. For example, https://<organization-name-URL>/users/sign_in.Make note of your organization domain URL. You will provide this information to SSPM during the onboarding process.
Connect SSPM to Your GitLab Instance
By adding a GitLab app in SSPM, you enable SSPM to connect to your self-managed
GitLab instance.
- From the Add Application page ( ), click the GitLab tile.
- Under posture security instances, Add Instance or, if there is already an instance configured, Add New instance.
- Choose the option to Log in with Credentials.
- Enter the administrator access token and the organization domain URL.
- Connect.