Integrate GitLab with BoostSecurity¶
BoostSecurity lets you connect your GitLab instance to scan repositories, provision security scanners onto the repositories, and merge commits for security issues.
Prerequisites¶
To integrate GitLab into BoostSecurity, you will need the following:
- Create a GitLab Personal Access Token with the
api
scope selected.- It is advised that a protected, non-human GitLab account entity is assigned to this Personal Access Token. Otherwise, the connection between Boost and GitLab can be severed if the associated entity's account is removed during standard offboarding or change management procedures.
- The current version of Boost does not support Group Access Tokens or a Service Account.
- It is advised that a protected, non-human GitLab account entity is assigned to this Personal Access Token. Otherwise, the connection between Boost and GitLab can be severed if the associated entity's account is removed during standard offboarding or change management procedures.
- The entity that the Personal Access Token is assigned to will need to have
Owner
permissions for the repositories that are associated with the GitLab groups that are being ingested into Boost.
1. Connect GitLab to BoostSecurity¶
To install the BoostSecurity integration for GitLab:
- Navigate to the
Integrations page
. -
Select the GitLab integration from the
Available
section and select the Install button. -
A window directs to providing the Personal Access Token to GitLab. Provide the Personal Access Token and select Next.
-
Select the Group in GitLab: Once the Personal Access Token is provided, the GitLab Group, which enables the integration, needs to be selected from the menu.
-
Select Complete.
Once the installation is completed, the BoostSecurity GitLab card is added to the Settings > Integrations > Installed
section. At this point, BoostSecurity integration is enabled for your GitLab group. Note that the steps can be repeated to allow integration with additional GitLab groups.
2. Default Scanner Protection¶
After successfully integrating into your GitLab organization, enabling the BoostSecurity scanner is recommended.
To do this,
-
Navigate to the Scanner Coverage page and select the Default Scanner Protection column for your GitLab integration.
-
Toggle SBOM, SCA, or Secrets to enable the BoostSecurity Scanner default protection on your GitLab resource..