GitLab Integration
Learn how to integrate GitLab with Sprinto to automate access reviews, version control checks, and compliance evidence collection.
GitLab is a web-based DevOps platform that enables teams to manage source code, CI/CD pipelines, issue tracking, code reviews, and project management in a single application.
Integrating GitLab with Sprinto allows Sprinto to automatically retrieve and evaluate your repository configurations to validate change management and access controls. This helps ensure enforcement of security best practices such as:
Multi-factor authentication (MFA)
Peer reviews before merge
Branch protection rules
Access control reviews
Audit logging
If you are running an on-premise GitLab, refer to our detailed integration guide for self-hosted GitLab.
Note
Sprinto takes read-only access through this integration and does not read or store your source code. The permissions granted are used only to compute configuration states and map compliance checks.
Sprinto checks for GitLab
Below are the available Sprinto checks for GitLab:
Gitlab group level MFA should be enforced
Peer review should be enforced for code changes
Merging of code changes should require passing status-checks
Branch Protection rules should be enforced for admins
Code changes should be reviewed by peers before merging
Code repo should be classified
Critical system access should be removed for offboarded users
GitLab access should be removed for offboarded user
Supported Environments
GitLab Cloud (gitlab.com) – Fully supported
Self-hosted GitLab – Supported for Change Management only
Self-hosted GitLab is not supported for Vulnerability Scanning
Permissions Required
Sprinto requires the following OAuth scopes:
read_apiread_repositoryread_userprofile
These scopes allow Sprinto to:
Read groups and projects
Evaluate protected branches
Review project approval settings
Retrieve user and access information
Validate compliance configurations
Sprinto does not modify repositories or write data back to GitLab.
Before You Begin
Ensure that:
You have Admin access to the GitLab account you want to integrate.
Pop-ups are enabled in your browser (OAuth window opens in a new tab).
Understand the permissions required for Gitlab here.
How to Integrate GitLab with Sprinto
Step 1: Connect GitLab in Sprinto
Log in to the Sprinto dashboard.
Navigate to Settings.
Open the Integrations section.
Search for GitLab in the All tab.
Click Connect next to GitLab.
On the integration drawer:
Review the supported controls and automated checks.
Review the permissions required and data used by Sprinto.
Click Next.
On the setup screen:
Confirm the connection type (OAuth).
Review the prerequisites.
Click Connect.
Important
Do not select the Are you using self-hosted GitLab Service? check box. For self-hosted gitlab integration, check here.
Step 2: Authorize Sprinto in GitLab
You will be redirected to GitLab.
Log in using:
Username and password, or
SSO options (Google, GitHub, Bitbucket, Salesforce, and so on)
Review the authorization screen for Sprinto Audit Application.
Click Authorize to grant access.
Once authorized, you will be redirected back to Sprinto, and the integration will be marked as Connected.
Post-Connection Configuration
After connecting GitLab, configure it within Sprinto to activate monitoring and compliance checks.
Configure GitLab as a Change Management System
Navigate to Data Library > Change Management.
Click Add system under the Change Management Systems tab.
Click Add next to GitLab.
If integration was successful, GitLab will appear as Connected.
On the configuration page:
Review the groups selected for monitoring.
Click Add another group if needed.
Click Add as a change management system.
Sprinto will begin monitoring:
Code repositories used for product code
Branch protection rules
Peer review enforcement
Merge approval rules
Configure GitLab as a Critical Access System
To enable access reviews:
Navigate to Data Library > Access > Overview.
Click Add Critical System.
Select GitLab.
Click Add System.
After adding:
Select GitLab from the list of critical systems.
Under the Summary tab, click Configure for Access Validity.
Choose how access is managed:
All staff members are allowed access, or
Role-based access
This enables Sprinto to monitor:
Valid user access
Offboarded user removal
Periodic access reviews
Sprinto Checks for GitLab
The integration supports automated validation of:
Group-level MFA enforcement
Peer review requirements before merge
Passing status checks before merging
Branch protection rules enforcement (including for admins)
Code repository classification
Removal of access for offboarded users
Critical system access governance
Sync Timeline
After configuration:
Initial sync begins immediately.
Allow 15–20 minutes for the first data sync.
Full configuration computation may take up to 24 hours, depending on repository size and data volume.
Troubleshooting
1. GitLab is not redirecting after clicking Connect
Ensure pop-ups are enabled in your browser.
Try using an incognito window.
Clear browser cache and retry.
2. Authorization fails
Confirm you have Admin access in GitLab.
Verify that OAuth application permissions were granted.
Revoke and reconnect the integration from GitLab if needed.
3. GitLab shows Connected but checks are not running
Ensure GitLab has been added as:
A Change Management system, and/or
A Critical Access system
Wait up to 24 hours for full sync.
Verify selected groups are correct.
4. Self-hosted GitLab issues
Confirm your instance is supported for Change Management.
Vulnerability scanning is not supported for self-hosted GitLab.
Contact Sprinto support if you have any queries related to the integration or need any assistance.
Last updated