Self-Hosted GitLab Integration

GitLab is a popular and comprehensive DevOps platform that integrates with Git for version control, offering features such as collaboration tools, CI/CD pipelines, issue tracking, and more, facilitating efficient and collaborative software development.

How does this integration helps Sprinto

The integration primarily aids Sprinto in monitoring changes pushed to production-classified code repositories. This monitoring ensures peer review and successful status checks before merging into the main code repository branch. Additionally, Sprinto uses this integration to enforce user security configurations, such as Multi-factor Authentication (MFA) and branch protection rules. These conditions collectively ensure that organizations meet their compliance requirements for change management systems.

Sprinto checks for Gitlab integration

Following are the available Sprinto checks for GitLab integration:

Sprinto check

Description

Reference procedure

Gitlab group-level MFA should be enforced

Enable group-level MFA enforcement on your Gitlab account.

How to fix

Peer review should be enforced for code changes

Peer review should be configured on each GitLab repository classified as “Production” on Sprinto.

How to fix

Merging of code changes should require passing status-checks

All change merge request should pass the status check prior.

How to fix

Branch Protection rules should be enforced for admins

Configure branch protection rules for admins on your GitLab account.

How to fix

Code changes should be reviewed by peers before merging

Code changes must be reviewed by a peer reviewer before merging the changes to the main branch.

How to fix

GitLab access should be removed for offboarded user

GitLab access should be revoked for any off boarding staff member.

How to fix

Before you begin

Log in to the Sprinto’s admin portal.
You need to have a paid account on Gitlab to built this integration.
Ensure you have “Admin” access on the Gitlab account you want to integrate.

Integrate Sprinto with Gitlab

Follow the below steps to integrate Gitlab on Sprinto:

Create an application on Gitlab for integration.
- Log in on your Gitlab account using your credentials or available SSO options.
- Click on Menu from the top bar, then click Admin.
- On Admin Area page, click Applications, then click New application.
- On Add new application page, enter the following details and permissions:
  - Name - Sprinto Audit
  - Redirect URL - Note: Use the Redirect URL as per your applicable region. Enter one URL per line. Refer to the image below.
    Region
    Redirect URL
    Europe
    https://eu.sprinto.com/oauth2/authorizationHandler
    India
    https://in.sprinto.com/oauth2/authorizationHandler
    Others
    https://app.sprinto.com/oauth2/authorizationHandler
  - Select the checkboxes next to the following options:
    Trusted
    Confidential
    Expire access tokens
  - Select the scopes for application to provide permissions:
    read_user
    read_api
    read_repository
    profile
- Click Save to save the application.
- Copy the Application ID and Secret and save them securely. You’ll need these details to build integration on Sprinto.
Integrate Gitlab on Sprinto.
- On Sprinto app, go to Security Hub > Settings > Integrations > Available, then click Connect next to Gitlab.
- Click Next.
- Select the checkbox for Are you using hosted Gitlab Service.
- Enter the following details for your hosted Gitlab account.

URL: Enter your hosted service URL without HTTP or HTTPS. For example, if your hosted URL is “http://gitlab.sprinto.com”, then enter URL “gitlab.sprinto.com”. You need to whitelist the below IP address based on your geographical presence, if your hosted GitLab URL is restricted for public access.

Domain

Region

IP Address

app.sprinto.com

USA

54.193.221.51

in.sprinto.com

Asia Pacific

3.108.123.60

eu.sprinto.com

Europe

18.184.125.204

Application ID: Enter your Application ID that you copied from Step 1.
Secret: Enter the application secret that you copied from Step 1.
Review your entered details, and click Connect. Note: This completes your Gitlab account integration on Sprinto. Follow Step 3 to configure your account.

Configure Gitlab account on Sprinto.
- On the Sprinto app, go to Security Hub > Change Mgmt, then click Add system.
- On Add a change management system page, click Add next to Gitlab.
- Select the repositories you want to monitor for change management and save the changes.

Final step

After completing Step 3, wait 15 to 20 minutes for Sprinto to finish the data syncing process. Sprinto takes up to 24 hours to evaluate the synced data and activate the relevant Sprinto checks.

If required, go to Security hub > Change Mgmt > Gitlab, then click the sync button for refreshing data from your Gitllab account.

Contact Sprinto support if you have queries related to the integration or need any assistance.

PreviousSAP SuccessFactors Integration NextSemgrep Integration

Last updated 7 days ago