> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/integrations/overview/self-hosted-gitlab-integration.md).

# Self-Hosted GitLab Integration

Self-hosted GitLab enables organisations to manage source code, CI/CD pipelines, and collaboration within privately hosted infrastructure.

The Sprinto self-hosted GitLab integration allows you to:

* Monitor production-classified repositories
* Enforce peer review before merges
* Validate status checks before merging
* Enforce branch protection rules
* Verify group-level MFA
* Detect and remove offboarded user access

Self-hosted GitLab supports **Change Management only**.

{% hint style="info" %}
Sprinto uses **read-only access** and does not read or store repository code.
{% endhint %}

#### Sprinto checks for Gitlab integration <a href="#sprinto-checks-for-gitlab-integration" id="sprinto-checks-for-gitlab-integration"></a>

Following are the available Sprinto checks for GitLab integration:

<table><thead><tr><th>Sprinto check</th><th width="379.6171875">Description</th><th>Reference procedure</th></tr></thead><tbody><tr><td>Gitlab group-level MFA should be enforced</td><td>Enable group-level MFA enforcement on your Gitlab account.</td><td><a href="/pages/V6CSOeRjYEr1akHM89r2">How to fix</a></td></tr><tr><td>Peer review should be enforced for code changes</td><td>Peer review should be configured on each GitLab repository classified as “Production” on Sprinto.</td><td><a href="/pages/hz9ESjYCmbIrMmYeOrIR">How to fix</a></td></tr><tr><td>Merging of code changes should require passing status-checks</td><td>All change merge request should pass the status check prior.</td><td><a href="/pages/CcRMVSwKqIvZyAS8kZy0">How to fix</a></td></tr><tr><td>Branch Protection rules should be enforced for admins</td><td>Configure branch protection rules for admins on your GitLab account.</td><td><a href="/pages/CcRMVSwKqIvZyAS8kZy0">How to fix</a></td></tr><tr><td>Code changes should be reviewed by peers before merging</td><td>Code changes must be reviewed by a peer reviewer before merging the changes to the main branch.</td><td><a href="/pages/CcRMVSwKqIvZyAS8kZy0">How to fix</a></td></tr><tr><td>GitLab access should be removed for offboarded user</td><td>GitLab access should be revoked for any off boarding staff member.</td><td><a href="/pages/82H3Gt6HK0c6vjdDWYl3">How to fix</a></td></tr></tbody></table>

## How It Works

The integration uses an OAuth application created in your self-hosted GitLab instance.

1. You create a GitLab OAuth application.
2. You configure redirect URLs and scopes.
3. You provide Sprinto with:
   * Hosted service URL
   * Application ID
   * Client Secret
4. Sprinto securely connects and begins monitoring repository configuration metadata.

Sprinto evaluates configuration settings only. It does not modify repositories.

***

## Before You Begin

Ensure that:

* You have a **paid self-hosted GitLab account**.
* You have **Admin access** to the GitLab instance.
* Sprinto’s IP address is allowlisted if your instance is not publicly accessible.
* You can create OAuth applications in GitLab.

***

## Permissions Required (OAuth Scopes)

When creating the OAuth application in GitLab, select:

* `read_api`
* `read_repository`
* `read_user`
* `profile`

These permissions allow Sprinto to:

* Read groups and projects
* Evaluate branch protection rules
* Validate peer review enforcement
* Retrieve user access metadata

Sprinto does not request write access.

***

## Dashboard Actions

### Step 1: Create an OAuth Application in Self-Hosted GitLab

1. Log in to your self-hosted GitLab instance.
2. Click **Menu**.
3. Select **Admin**.
4. Go to **Applications**.
5. Click **New application**.

<figure><img src="/files/xcO3GkpDPKYrMWgDZGvO" alt="" width="563"><figcaption></figcaption></figure>

#### Enter the following details:

**Name**\
Sprinto Audit

#### Redirect URL (Based on Region)

Enter one URL per line.

<table><thead><tr><th width="99.71484375">Region</th><th width="459.76953125">Redirect URL</th></tr></thead><tbody><tr><td>Europe</td><td>https://eu.sprinto.com/oauth2/authorizationHandler</td></tr><tr><td>India</td><td>https://in.sprinto.com/oauth2/authorizationHandler</td></tr><tr><td>Others</td><td>https://app.sprinto.com/oauth2/authorizationHandler</td></tr><tr><td>Australia</td><td>https://au.sprinto.com/oauth2/authorizationHandler</td></tr></tbody></table>

#### Select the following options:

* Trusted
* Confidential
* Expire access tokens

<figure><img src="/files/QieXKDqWkMDUzgulkk2h" alt="" width="563"><figcaption></figcaption></figure>

#### Select these scopes:

* `read_user`
* `read_api`
* `read_repository`
* `profile`

Click **Save**.

<figure><img src="/files/1rR7col0wC52253AQa7v" alt="" width="563"><figcaption></figcaption></figure>

After saving:

* Copy the **Application ID.**
* Copy the **Secret.**
* Store them securely.

<figure><img src="/files/IjW3cF2vcEcWZ3690v3K" alt="" width="563"><figcaption></figcaption></figure>

***

### Step 2: Connect Self-Hosted GitLab in Sprinto

1. Log in to Sprinto.
2. Navigate to **Settings > Integrations**.
3. In the **All** tab, search for **GitLab**.
4. Click **Connect** next to GitLab (Version Control | Access Review).

<figure><img src="/files/LKMwA3NvlAnFcWDsHOE8" alt="" width="563"><figcaption></figcaption></figure>

#### Review Permissions

In the connection drawer:

* Review permissions required.
* Review data used by Sprinto.
* Click **Next**.

<figure><img src="/files/56dQSiZxQIJFE9pmABmW" alt="" width="375"><figcaption></figcaption></figure>

***

### Step 3: Select Self-Hosted GitLab

On the Setup GitLab Integration screen:

You will see:

* Connection type: OAuth
* Prerequisites

#### Select:

**Are you using self-hosted GitLab Service?**

When selected, the following fields appear:

* **Hosted service URL**
* **Application ID**
* **Client Secret**

If you deselect this checkbox, these fields disappear and the integration defaults to GitLab Cloud.

<figure><img src="/files/by88tdKRUq1RlaTKLHwq" alt="" width="375"><figcaption></figcaption></figure>

***

#### Enter the following:

**Hosted Service URL**\
Enter your domain without `http://` or `https://`.

Example:\
If your hosted URL is:\
`https://gitlab.company.com`

Enter:\
`gitlab.company.com`

**Application ID**\
Enter the ID copied from GitLab.

**Client Secret**\
Enter the secret copied from GitLab.

Review your details and click **Connect**.

You are now successfully integrated with self-hosted GitLab.

***

## IP Allowlist (If Required)

If your hosted GitLab instance is restricted, allowlist the appropriate Sprinto IP:

| Domain          | Region       | IP Address     |
| --------------- | ------------ | -------------- |
| app.sprinto.com | USA          | 54.193.221.51  |
| in.sprinto.com  | Asia Pacific | 3.108.123.60   |
| eu.sprinto.com  | Europe       | 18.184.125.204 |
| au.sprinto.com  | Australia    | 54.252.98.100  |

***

## Post-Connection Configuration

After connecting, configure GitLab as a Change Management system.

### Configure GitLab for Change Management

1. Navigate to **Data Library > Change Management**.
2. Click **Add system**.
3. Click **Add** next to GitLab.
4. Select repositories to monitor.
5. Save your changes.

Sprinto will monitor:

* Peer review enforcement
* Merge request status checks
* Branch protection rules
* MFA enforcement
* Offboarded user access removal

***

## Sync Timeline

After configuration:

* Initial sync begins automatically.
* Allow **15–20 minutes** for initial data sync.
* Full evaluation may take up to **24 hours**.

To manually refresh:

1. Navigate to **Data Library > Change Management > GitLab**.
2. Click **Sync**.

***

## Sprinto Checks Supported

This integration validates:

* GitLab group-level MFA enforcement
* Peer review before merge
* Mandatory passing status checks
* Branch protection enforcement for admins
* Offboarded user access removal

***

## Troubleshooting

#### Hosted service URL not accepted

* Remove `http://` or `https://`.
* Ensure the domain is reachable from Sprinto.
* Verify firewall rules.

#### Connection fails after clicking Connect

* Confirm Application ID and Client Secret are correct.
* Verify redirect URL exactly matches your Sprinto region.
* Confirm scopes are correctly selected.

#### No repositories appear

* Ensure repositories belong to accessible groups.
* Confirm the OAuth application has required scopes.
* Trigger a manual sync.

#### Integration connected but checks not running

* Ensure GitLab is added under Change Management.
* Allow up to 24 hours for evaluation.
* Confirm repositories are properly classified in Sprinto.

Contact [Sprinto support](mailto:www.support@sprinto.com) if you have queries related to the integration or need any assistance.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/integrations/overview/self-hosted-gitlab-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.