The GitLab Integration in Chariot provides continuous monitoring of your organization's GitLab repositories to detect potential security risks and vulnerabilities. The integration scans both public and private projects within specified GitLab groups, helping secure your source code and development assets.
Chariot connects to GitLab using a Personal Access Token (PAT). This allows Chariot to securely access and scan repositories within your GitLab groups. The integration automatically discovers all projects within connected groups and monitors them for security issues.
To set up the GitLab integration, you'll need to complete two main steps: creating a Personal Access Token in GitLab and configuring the integration in Chariot.

Creating a Personal Access Token in GitLab

First, access the Personal Access Tokens page in GitLab. You can do this by signing into GitLab and either going directly to the Personal Access Tokens page or navigating there through your profile settings (Profile icon → Edit profile → Access Tokens). On the Personal Access Tokens page, click "Add new token".

When creating the token, provide a descriptive name and set an appropriate expiration date. Under "Select scopes," enable both read_api and read_repository permissions. 

After clicking "Create personal access token", GitLab will display your token - copy it immediately as it won't be shown again.

Finding Your GitLab Group URL

To locate your group URL, visit your Group page in GitLab and navigate to "Group settings". Under the Advanced section in Group General settings, you'll find your group's base URL.

Under the Advanced section in Group General settings, you'll find your group's base URL.

Configuring the Integration in Chariot

In Chariot's interface, go to the Integrations page and click "Add Integration". You can find GitLab listed under the Source Code Managers section, or use the search bar to locate it directly.

In the integration configuration window, provide two pieces of information:

  • Your GitLab group URL
  • The Personal Access Token you created

Click "Connect" to complete the setup. Once configured, Chariot will begin regularly scanning all accessible projects in your group for security concerns, including hard-coded secrets.

This integration leverages Chariot's scanning capabilities to continuously monitor your GitLab assets, helping maintain the security of your source code and development environment.

If you run into any issues during the integration process or have questions about maximizing the value of this integration, our support team is ready to help. You can reach us at support@praetorian.com, and we'll be happy to guide you through any challenges you encounter.