search
Sprinto DashboardAPI Reference

Self-Hosted GitLab Integration

Integrate self-hosted GitLab with Sprinto to automate change management monitoring and validate repository security controls using secure OAuth credentials.

Self-hosted GitLab enables organisations to manage source code, CI/CD pipelines, and collaboration within privately hosted infrastructure.

The Sprinto self-hosted GitLab integration allows you to:

  • Monitor production-classified repositories

  • Enforce peer review before merges

  • Validate status checks before merging

  • Enforce branch protection rules

  • Verify group-level MFA

  • Detect and remove offboarded user access

Self-hosted GitLab supports Change Management only.

circle-info

Sprinto uses read-only access and does not read or store repository code.

hashtag
Sprinto checks for Gitlab integration

Following are the available Sprinto checks for GitLab integration:

Sprinto check
Description
Reference procedure

Gitlab group-level MFA should be enforced

Enable group-level MFA enforcement on your Gitlab account.

How to fix

Peer review should be enforced for code changes

Peer review should be configured on each GitLab repository classified as “Production” on Sprinto.

How to fix

Merging of code changes should require passing status-checks

All change merge request should pass the status check prior.

How to fix

Branch Protection rules should be enforced for admins

Configure branch protection rules for admins on your GitLab account.

How to fix

Code changes should be reviewed by peers before merging

Code changes must be reviewed by a peer reviewer before merging the changes to the main branch.

How to fix

GitLab access should be removed for offboarded user

GitLab access should be revoked for any off boarding staff member.

How to fix

hashtag
How It Works

The integration uses an OAuth application created in your self-hosted GitLab instance.

  1. You create a GitLab OAuth application.

  2. You configure redirect URLs and scopes.

  3. You provide Sprinto with:

    • Hosted service URL

    • Application ID

    • Client Secret

  4. Sprinto securely connects and begins monitoring repository configuration metadata.

Sprinto evaluates configuration settings only. It does not modify repositories.

hashtag
Before You Begin

Ensure that:

  • You have a paid self-hosted GitLab account.

  • You have Admin access to the GitLab instance.

  • Sprinto’s IP address is allowlisted if your instance is not publicly accessible.

  • You can create OAuth applications in GitLab.

hashtag
Permissions Required (OAuth Scopes)

When creating the OAuth application in GitLab, select:

  • read_api

  • read_repository

  • read_user

  • profile

These permissions allow Sprinto to:

  • Read groups and projects

  • Evaluate branch protection rules

  • Validate peer review enforcement

  • Retrieve user access metadata

Sprinto does not request write access.

hashtag
Dashboard Actions

hashtag
Step 1: Create an OAuth Application in Self-Hosted GitLab

  1. Log in to your self-hosted GitLab instance.

  2. Click Menu.

  3. Select Admin.

  4. Go to Applications.

  5. Click New application.

hashtag
Enter the following details:

Name Sprinto Audit

hashtag
Redirect URL (Based on Region)

Enter one URL per line.

Region
Redirect URL

Europe

https://eu.sprinto.com/oauth2/authorizationHandler

India

https://in.sprinto.com/oauth2/authorizationHandler

Others

https://app.sprinto.com/oauth2/authorizationHandler

Australia

https://au.sprinto.com/oauth2/authorizationHandler

hashtag
Select the following options:

  • Trusted

  • Confidential

  • Expire access tokens

hashtag
Select these scopes:

  • read_user

  • read_api

  • read_repository

  • profile

Click Save.

After saving:

  • Copy the Application ID.

  • Copy the Secret.

  • Store them securely.

hashtag
Step 2: Connect Self-Hosted GitLab in Sprinto

  1. Log in to Sprinto.

  2. Navigate to Settings > Integrations.

  3. In the All tab, search for GitLab.

  4. Click Connect next to GitLab (Version Control | Access Review).

hashtag
Review Permissions

In the connection drawer:

  • Review permissions required.

  • Review data used by Sprinto.

  • Click Next.

hashtag
Step 3: Select Self-Hosted GitLab

On the Setup GitLab Integration screen:

You will see:

  • Connection type: OAuth

  • Prerequisites

hashtag
Select:

Are you using self-hosted GitLab Service?

When selected, the following fields appear:

  • Hosted service URL

  • Application ID

  • Client Secret

If you deselect this checkbox, these fields disappear and the integration defaults to GitLab Cloud.

hashtag
Enter the following:

Hosted Service URL Enter your domain without http:// or https://.

Example: If your hosted URL is: https://gitlab.company.com

Enter: gitlab.company.com

Application ID Enter the ID copied from GitLab.

Client Secret Enter the secret copied from GitLab.

Review your details and click Connect.

You are now successfully integrated with self-hosted GitLab.

hashtag
IP Allowlist (If Required)

If your hosted GitLab instance is restricted, allowlist the appropriate Sprinto IP:

Domain
Region
IP Address

app.sprinto.com

USA

54.193.221.51

in.sprinto.com

Asia Pacific

3.108.123.60

eu.sprinto.com

Europe

18.184.125.204

au.sprinto.com

Australia

54.252.98.100

hashtag
Post-Connection Configuration

After connecting, configure GitLab as a Change Management system.

hashtag
Configure GitLab for Change Management

  1. Navigate to Data Library > Change Management.

  2. Click Add system.

  3. Click Add next to GitLab.

  4. Select repositories to monitor.

  5. Save your changes.

Sprinto will monitor:

  • Peer review enforcement

  • Merge request status checks

  • Branch protection rules

  • MFA enforcement

  • Offboarded user access removal

hashtag
Sync Timeline

After configuration:

  • Initial sync begins automatically.

  • Allow 15–20 minutes for initial data sync.

  • Full evaluation may take up to 24 hours.

To manually refresh:

  1. Navigate to Data Library > Change Management > GitLab.

  2. Click Sync.

hashtag
Sprinto Checks Supported

This integration validates:

  • GitLab group-level MFA enforcement

  • Peer review before merge

  • Mandatory passing status checks

  • Branch protection enforcement for admins

  • Offboarded user access removal

hashtag
Troubleshooting

hashtag
Hosted service URL not accepted

  • Remove http:// or https://.

  • Ensure the domain is reachable from Sprinto.

  • Verify firewall rules.

hashtag
Connection fails after clicking Connect

  • Confirm Application ID and Client Secret are correct.

  • Verify redirect URL exactly matches your Sprinto region.

  • Confirm scopes are correctly selected.

hashtag
No repositories appear

  • Ensure repositories belong to accessible groups.

  • Confirm the OAuth application has required scopes.

  • Trigger a manual sync.

hashtag
Integration connected but checks not running

  • Ensure GitLab is added under Change Management.

  • Allow up to 24 hours for evaluation.

  • Confirm repositories are properly classified in Sprinto.

Contact Sprinto supportenvelope if you have queries related to the integration or need any assistance.

PreviousSAP SuccessFactors IntegrationNextSemgrep Integration

Last updated