GitLab Integration
GitLab is a popular web-based DevOps platform that provides a comprehensive solution for managing the entire software development lifecycle. It combines Git repository management, continuous integration/continuous deployment (CI/CD) pipelines, issue tracking, code review, and project management capabilities into a single application.
If you are running an on-premise GitLab, refer to our detailed integration guide for self-hosted GitLab.
How does this integration help Sprinto
The Sprinto and GitLab integration allows Sprinto to retrieve the configuration of your GitLab code repositories, ensuring compliance with change management requirements like enforcing multi-factor authentication, peer reviews before code merges, branch protection rules, access control, and audit logging. This integration empowers organizations to maintain code integrity, enhance security posture, and streamline compliance efforts within their software development lifecycle.
Sprinto checks for GitLab
Below are the available Sprinto checks for GitLab:
Gitlab group level MFA should be enforced
Peer review should be enforced for code changes
Merging of code changes should require passing status-checks
Branch Protection rules should be enforced for admins
Code changes should be reviewed by peers before merging
Code repo should be classified
Critical system access should be removed for offboarded users
GitLab access should be removed for offboarded user
Permissions Sprinto needs:
Note: Sprinto only takes “Read-only” access through the integration and does not actually read the stored code. The permissions help Sprinto to compute the configuration and map the required checks.
read_api
read_repository
read_user
profile
Before you begin
Log in to Sprinto’s admin portal.
Ensure you have “Admin” access on the GitLab account you wish to integrate.
How to integrate Sprinto with GitLab
Follow the below steps to integrate Sprinto with GitLab:
Integrating GitLab on Sprinto.
Go to Security Hub > Settings > Available integrations, and click Connect next to the GitLab.
Read the on-screen instructions, and click Next.
Click Connect on the setup integration page. Note: Ensure the pop-up window is enabled on your browser.
Log in to your GitLab account with your credentials or use the available Single Sign-On (SSO) options.
Click Authorize to grant necessary access to Sprinto.
Configure GitLab as a change management source.
Go to Security Hub > Change mgmt, and click Add system from the Change Management Systems tab.
Click Add next to GitLab. You’ll find “Connected” highlighted if the integration was successful from Step 1.
On the Configuration page, review the added groups to be monitored for change management. If necessary, click on Add another group to add additional groups.
Finally, click on Add as a change management system.
Configure GitLab as a critical access system.
Go to Security Hub > Access > Overview and click Add Critical System.
Select GitLab on the Add a Critical Access System page, and click Add System.
Now, select GitLab from the critical systems list.
Click Configure for access validity under the Summary tab.
Click Configure next to Access validity, and select one of the available options to define valid users’ access.
Final step
Once the GitLab configuration is completed from the above procedure, wait for 15-20 minutes to let Sprinto sync data from the integration. Sprinto may take upto 24 hours to compute the configuration and activate the relevant checks. The Waiting time is completely depending on the syncing data size.
Contact Sprinto support if you have any queries related to the integration or need any assistance.
Last updated