Gitlab allows customers to connect Vanta using OAuth2. For Gitlab Cloud, we have a pre-configured set of OAuth credentials for our application. This is read-only integration using the read_api scope. We support any version Gitlab officially supports. Currently, that is 13.0 and higher. 

Procedure

Navigate to the integrations page, search "Gitlab", click "Connect"

Under "How would you like to connect Gitlab", choose "Self-Managed" and click "Next"

Our GitLab On-Prem requires our customer to provide an IP CIDR allowlist to Vanta's IP address. In prod, this is 34.227.127.165/32.

As part of the linking flow, we require you to give us the URL to your Gitlab instance. This URL is the root URL at which your instance is hosted.

Begin by entering your Base URL: 

Next, you must also create an OAuth application for Vanta within your Gitlab instance. To do so, you'll need to use the Redirect URL

Navigate to your Gitlab Applications tab, enter the Name of the new application and the Redirect URL, ensure you select "read_api", and then "Save Application"

Once created, select the new application from your application list

Copy the Application ID and paste it into the Application ID field

Copy the Secret, paste it into the Secret field, and select "Done" (lower right corner)

Authorize "Application Chosen" to use your account

Select the Gitlab group you want Vanta to scan, then Link the GitLab account

Note: Vanta is only able to connect and fetch one group and the subgroups beneath that for GitLab:

Congratulations! GitLab is now connected

Once completed, the integration will function identically to a Cloud instance, running the same fetches, tests, etc.