The GitLab integration allows you to connect both Cloud & Self-Managed types of GitLab instances.
For Gitlab Cloud, please see Connecting Vanta & GitLab Cloud
Prerequisites
Verify that you are an owner of the GitLab group you wish for Vanta to scan.
GitLab versions
16.x,15.xand14.xseries are eligible for API v4 support
Procedure
From the left-hand navigation panel, select Integrations
Select the Available tab, and search for GitLab
Select Connect
On the next page, select Self-Managed, then click next.
If you have IP restrictions enforced, allow Vanta's IP to access your GitLab instance. Vanta will access your infrastructure at the following CIDR range: 34.227.127.165/32
Enter the HTTPS URL for your GitLab instance. Note: The Self-Managed GitLab integration is only supported at a subdomain.
Click Next
Creating Vanta application in your GitLab instance
Create an application for Vanta to authenticate with your GitLab instance. This requires you to be the owner of the GitLab group you wish for Vanta to scan
From your GitLab Group dashboard, Settings, then select Applications.
Select Add New Application
Enter the information below to create the new application:
Name: Vanta
Redirect URI: https://api.vanta.com/auth/o/callback/gitlab
Confidential: checked
Scopes: read_api
Click Save Application to generate the OAuth credentials.
Copy the Application ID and Secret.
Note: Be sure to copy the Application ID and Secret and store them securely, as these details can not be reaccessed. Only select Continue once you have these copied and stored securely.
Navigate back to the Vanta integration connection page, and paste the Application ID & Secret copied in the previous step.
Click Done
The page will redirect to GitLab to authorize the application. Click Authorize
When prompted select the Gitlab group you want Vanta to scan, then click Link GitLab account
Please note: Vanta is only able to connect and fetch one group and the subgroups beneath that for GitLab
GitLab is now connected.