# Self-Hosted GitLab Integration Self-hosted GitLab enables organisations to manage source code, CI/CD pipelines, and collaboration within privately hosted infrastructure. The Sprinto self-hosted GitLab integration allows you to: * Monitor production-classified repositories * Enforce peer review before merges * Validate status checks before merging * Enforce branch protection rules * Verify group-level MFA * Detect and remove offboarded user access Self-hosted GitLab supports **Change Management only**. {% hint style="info" %} Sprinto uses **read-only access** and does not read or store repository code. {% endhint %} #### Sprinto checks for Gitlab integration Following are the available Sprinto checks for GitLab integration:

Sprinto check	Description	Reference procedure
Gitlab group-level MFA should be enforced	Enable group-level MFA enforcement on your Gitlab account.	How to fix
Peer review should be enforced for code changes	Peer review should be configured on each GitLab repository classified as “Production” on Sprinto.	How to fix
Merging of code changes should require passing status-checks	All change merge request should pass the status check prior.	How to fix
Branch Protection rules should be enforced for admins	Configure branch protection rules for admins on your GitLab account.	How to fix
Code changes should be reviewed by peers before merging	Code changes must be reviewed by a peer reviewer before merging the changes to the main branch.	How to fix
GitLab access should be removed for offboarded user	GitLab access should be revoked for any off boarding staff member.	How to fix

## How It Works The integration uses an OAuth application created in your self-hosted GitLab instance. 1. You create a GitLab OAuth application. 2. You configure redirect URLs and scopes. 3. You provide Sprinto with: * Hosted service URL * Application ID * Client Secret 4. Sprinto securely connects and begins monitoring repository configuration metadata. Sprinto evaluates configuration settings only. It does not modify repositories. *** ## Before You Begin Ensure that: * You have a **paid self-hosted GitLab account**. * You have **Admin access** to the GitLab instance. * Sprinto’s IP address is allowlisted if your instance is not publicly accessible. * You can create OAuth applications in GitLab. *** ## Permissions Required (OAuth Scopes) When creating the OAuth application in GitLab, select: * `read_api` * `read_repository` * `read_user` * `profile` These permissions allow Sprinto to: * Read groups and projects * Evaluate branch protection rules * Validate peer review enforcement * Retrieve user access metadata Sprinto does not request write access. *** ## Dashboard Actions ### Step 1: Create an OAuth Application in Self-Hosted GitLab 1. Log in to your self-hosted GitLab instance. 2. Click **Menu**. 3. Select **Admin**. 4. Go to **Applications**. 5. Click **New application**.

#### Enter the following details: **Name**\ Sprinto Audit #### Redirect URL (Based on Region) Enter one URL per line.

Region	Redirect URL
Europe	https://eu.sprinto.com/oauth2/authorizationHandler
India	https://in.sprinto.com/oauth2/authorizationHandler
Others	https://app.sprinto.com/oauth2/authorizationHandler
Australia	https://au.sprinto.com/oauth2/authorizationHandler

#### Select the following options: * Trusted * Confidential * Expire access tokens

#### Select these scopes: * `read_user` * `read_api` * `read_repository` * `profile` Click **Save**.

After saving: * Copy the **Application ID.** * Copy the **Secret.** * Store them securely.

*** ### Step 2: Connect Self-Hosted GitLab in Sprinto 1. Log in to Sprinto. 2. Navigate to **Settings > Integrations**. 3. In the **All** tab, search for **GitLab**. 4. Click **Connect** next to GitLab (Version Control | Access Review).

#### Review Permissions In the connection drawer: * Review permissions required. * Review data used by Sprinto. * Click **Next**.

*** ### Step 3: Select Self-Hosted GitLab On the Setup GitLab Integration screen: You will see: * Connection type: OAuth * Prerequisites #### Select: **Are you using self-hosted GitLab Service?** When selected, the following fields appear: * **Hosted service URL** * **Application ID** * **Client Secret** If you deselect this checkbox, these fields disappear and the integration defaults to GitLab Cloud.

*** #### Enter the following: **Hosted Service URL**\ Enter your domain without `http://` or `https://`. Example:\ If your hosted URL is:\ `https://gitlab.company.com` Enter:\ `gitlab.company.com` **Application ID**\ Enter the ID copied from GitLab. **Client Secret**\ Enter the secret copied from GitLab. Review your details and click **Connect**. You are now successfully integrated with self-hosted GitLab. *** ## IP Allowlist (If Required) If your hosted GitLab instance is restricted, allowlist the appropriate Sprinto IP: | Domain | Region | IP Address | | --------------- | ------------ | -------------- | | app.sprinto.com | USA | 54.193.221.51 | | in.sprinto.com | Asia Pacific | 3.108.123.60 | | eu.sprinto.com | Europe | 18.184.125.204 | | au.sprinto.com | Australia | 54.252.98.100 | *** ## Post-Connection Configuration After connecting, configure GitLab as a Change Management system. ### Configure GitLab for Change Management 1. Navigate to **Data Library > Change Management**. 2. Click **Add system**. 3. Click **Add** next to GitLab. 4. Select repositories to monitor. 5. Save your changes. Sprinto will monitor: * Peer review enforcement * Merge request status checks * Branch protection rules * MFA enforcement * Offboarded user access removal *** ## Sync Timeline After configuration: * Initial sync begins automatically. * Allow **15–20 minutes** for initial data sync. * Full evaluation may take up to **24 hours**. To manually refresh: 1. Navigate to **Data Library > Change Management > GitLab**. 2. Click **Sync**. *** ## Sprinto Checks Supported This integration validates: * GitLab group-level MFA enforcement * Peer review before merge * Mandatory passing status checks * Branch protection enforcement for admins * Offboarded user access removal *** ## Troubleshooting #### Hosted service URL not accepted * Remove `http://` or `https://`. * Ensure the domain is reachable from Sprinto. * Verify firewall rules. #### Connection fails after clicking Connect * Confirm Application ID and Client Secret are correct. * Verify redirect URL exactly matches your Sprinto region. * Confirm scopes are correctly selected. #### No repositories appear * Ensure repositories belong to accessible groups. * Confirm the OAuth application has required scopes. * Trigger a manual sync. #### Integration connected but checks not running * Ensure GitLab is added under Change Management. * Allow up to 24 hours for evaluation. * Confirm repositories are properly classified in Sprinto. Contact [Sprinto support](mailto:www.support@sprinto.com) if you have queries related to the integration or need any assistance.