Other Integrations & Connections

Connecting Vanta & GitLab Self-Managed instance

  • Updated

The GitLab integration allows you to connect both Cloud & Self-Managed types of GitLab instances. 

For Gitlab Cloud, please see Connecting Vanta & GitLab Cloud

This article will detail how to connect the integration using GitLab's self-managed (on-prem) version.

 

Prerequisites

 

  • Verify that you are an owner of the GitLab group you wish for Vanta to scan.
  • GitLab versions 16.x, 15.x and 14.x series are eligible for API v4 support

 

Procedure

 

  • From the left-hand navigation panel, select Integrations
  • Select the Available tab, and search for GitLab 
  • Select Connect

Screenshot 2024-01-22 at 5.06.25 pm.png

  • On the next page, select Self-Managed then click next

Screenshot 2024-01-22 at 5.08.42 pm.png

  • If you have IP restrictions enforced, allow Vanta's IP to access your GitLab instance. Vanta will access your infrastructure at the following CIDR range: 34.227.127.165/32

  • Enter the HTTPS URL for your GitLab instance. Note: The Self-Managed GitLab integration is only supported at a subdomain.

  • Click Next

Screenshot 2024-01-22 at 5.09.49 pm.png

Creating Vanta application in your GitLab instance

  • Create an application for Vanta to authenticate with your GitLab instance. This requires you to be the owner of the GitLab group you wish for Vanta to scan

  • From your GitLab Group dashboard, Settings then select Applications

Screenshot 2024-01-22 at 5.46.30 pm.png

  • Select Add New Application

Screenshot 2024-01-22 at 5.48.03 pm.png

  • Enter the information below to create the new application:
    • Name: Vanta

    • Redirect URI: https://api.vanta.com/auth/o/callback/gitlab

    • Confidential: checked

    • Scopes: read_api

     

    Screenshot 2024-01-22 at 5.26.58 pm.png



  • Click Save Application to generate the OAuth credentials.
  • Copy the Application ID and Secret.
    Note: Ensure to copy both the Application ID and Secret and store it securely, as these details can not be reaccessed. Only select Continue once you are sure you have these copied and stored securely

    Screenshot 2024-01-22 at 5.38.58 pm.png

  • Navigate back to the Vanta integration connection page, and paste the Application ID & Secret copied in the previous step

Screenshot 2024-01-22 at 5.40.56 pm.png

 

  • Click Done
  • The page will redirect to GitLab to authorize the application. Click Authorize

Screenshot 2024-01-22 at 6.02.53 pm.png

  • When prompted select the Gitlab group you want Vanta to scan, then click Link GitLab account

    Note: Vanta is only able to connect and fetch one group and the subgroups beneath that for GitLab

Screenshot 2023-07-26 at 9.57.11 am.png

 

  • GitLab is now connected. 

 

Screenshot 2023-07-26 at 9.57.38 am.png