GitLab
Visualize GitLab users, groups, code repositories, and merge requests, map GitLab users to employees and development/security trainings, and monitor changes through queries and alerts.
- Installation
- Data Model
- Types
Installation
To use this integration, JupiterOne requires a GitLab personal access token configured with read access (read_api scope) and
the API base URL, such as https://gitlab.com).
Configuration in JupiterOne
To install the GitLab integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select GitLab. Click New Instance to begin configuring your integration.
Creating a configuration requires the following:
Account Name by which you'd like to identify this GitLab account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen Tag with Account Name is selected.Description that will further assist your team when identifying the integration instance.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration.Personal Access Token configured for read access in GitLab.
noteOnce your token has expired, the integration will no longer run successfully, and the token will be revoked from your GitLab account. You will need to create another token to replace the expired one.
Your GitLab API Base URL (e.g.,
https://gitlab.com, or your self-managed instance URL).
Click Create after all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | gitlab_account | Account |
| Branch Rule | gitlab_branch_rule | Rule |
| Commit | gitlab_commit | CodeCommit |
| Finding | gitlab_finding | Finding |
| Group | gitlab_group | Group |
| Label | gitlab_label | Record |
| Merge Request | gitlab_merge_request | CodeReview, PR |
| Project | gitlab_project | CodeRepo, Project |
| User | gitlab_user | User |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
gitlab_account | HAS | gitlab_group |
gitlab_account | HAS | gitlab_project |
gitlab_group | HAS | gitlab_group |
gitlab_group | HAS | gitlab_project |
gitlab_group | HAS | gitlab_user |
gitlab_merge_request | HAS | gitlab_commit |
gitlab_project | HAS | gitlab_user |
gitlab_project | HAS | gitlab_finding |
gitlab_project | HAS | gitlab_merge_request |
gitlab_project | HAS | gitlab_label |
gitlab_project | HAS | gitlab_branch_rule |
gitlab_user | APPROVED | gitlab_merge_request |
gitlab_user | OPENED | gitlab_merge_request |
Gitlab Account
gitlab_account inherits from Account
| Property | Type | Description | Specifications |
|---|---|---|---|
enterprise * | boolean | ||
id * | string | ||
name * | string | ||
revision * | string | ||
vendor * | string | ||
version * | string |
Gitlab Branch Rule
gitlab_branch_rule inherits from Rule
| Property | Type | Description | Specifications |
|---|---|---|---|
allowForcePush | boolean | ||
codeOwnerApprovalRequired | boolean | ||
createdOn | number | ||
id * | string | ||
isDefault * | boolean | ||
isProtected * | boolean | ||
matchingBranchesCount * | number | ||
name * | string | ||
updatedOn | number |
Gitlab Commit
gitlab_commit inherits from CodeCommit
| Property | Type | Description | Specifications |
|---|---|---|---|
authoredOn | number | ||
authorEmail | string | ||
authorName | string | ||
branch * | string | ||
committedOn | number | ||
committerEmail | string | ||
committerName | string | ||
commitWebLink * | string | ||
createdOn | number | deprecated: true | |
id * | string | ||
merge * | boolean | ||
message * | string | ||
name * | string | ||
shortId * | string | ||
title | string | ||
versionBump * | boolean | ||
webLink * | string |
Gitlab Finding
gitlab_finding inherits from Finding
| Property | Type | Description | Specifications |
|---|---|---|---|
createVulnerabilityFeedbackDismissalPath * | string | deprecated: true | |
createVulnerabilityFeedbackIssuePath * | string | deprecated: true | |
createVulnerabilityFeedbackMergeRequestPath * | string | deprecated: true | |
description | string | ||
dismissalFeedback | string | deprecated: true | |
dismissalReason | string | ||
falsePositive | boolean | ||
identifiers | array of strings | ||
links | array of strings | ||
projectFingerprint | string | deprecated: true | |
reportType | string | ||
scanner.externalId | string | ||
scanner.name | string | ||
scanner.vendor | string | ||
solution | string | ||
state | string | ||
uuid | string | ||
vulnerabilityPath | string |
Gitlab Group
gitlab_group inherits from Group
| Property | Type | Description | Specifications |
|---|---|---|---|
autoDevopsEnabled | boolean | ||
createdOn | number | ||
description | string | ||
emailsDisabled | boolean | ||
fullName * | string | ||
fullPath * | string | ||
id * | string | ||
lfsEnabled | boolean | ||
mentionsDisabled | boolean | ||
name * | string | ||
parentGroupId | string | ||
path * | string | ||
projectCreationLevel | string | ||
requestAccessEnabled | boolean | ||
requireTwoFactorAuthentication | boolean | ||
shareWithGroupLock | boolean | ||
subgroupCreationLevel | string | ||
twoFactorGracePeriod | number | ||
visibility | string | ||
webUrl * | string |
Gitlab Label
gitlab_label inherits from Record
| Property | Type | Description | Specifications |
|---|---|---|---|
color * | string | ||
description | string | ||
id * | string | ||
lockOnMerge * | boolean | ||
name * | string | ||
textColor * | string |
Gitlab Merge Request
gitlab_merge_request inherits from CodeReview, PR
| Property | Type | Description | Specifications |
|---|---|---|---|
allowCollaboration | boolean | ||
approved * | boolean | ||
approverIds * | array of strings | ||
approverLogins * | array of strings | ||
approvers * | array of strings | ||
authorId | string | ||
authorLogin | string | ||
authorName | string | ||
closedOn | number | ||
commitWebLink | string | ||
createdOn | number | ||
forceRemoveSourceBranch | boolean | ||
id * | string | ||
iid * | string | ||
mergeCommitSha | string | ||
mergedOn | number | ||
mergeWhenPipelineSucceeds | boolean | ||
name * | string | ||
projectId * | number | ||
repository * | string | ||
sha | string | ||
shouldRemoveSourceBranch | boolean | ||
source * | string | ||
squash * | boolean | ||
state * | string | ||
target * | string | ||
title * | string | ||
updatedOn | number | ||
webLink | string |
Gitlab Project
gitlab_project inherits from CodeRepo, Project
| Property | Type | Description | Specifications |
|---|---|---|---|
allowMergeOnSkippedPipeline * | boolean | ||
archived | boolean | ||
autocloseReferencedIssues | boolean | ||
containerRegistryEnabled | boolean | ||
createdOn | number | ||
description | string | ||
fullName * | string | ||
id * | string | ||
issuesEnabled | boolean | ||
jobsEnabled | boolean | ||
mergeRequestsEnabled | boolean | ||
name * | string | ||
onlyAllowMergeIfAllDiscussionsAreResolved | boolean | ||
onlyAllowMergeIfPipelineSucceeds | boolean | ||
public * | boolean | ||
publicJobs | boolean | ||
removeSourceBranchAfterMerge | boolean | ||
requestAccessEnabled | boolean | ||
sharedRunnersEnabled | boolean | ||
snippetsEnabled | boolean | ||
topics * | array of strings | ||
visibility | string | ||
webLink | string | ||
wikiEnabled | boolean |
Gitlab User
gitlab_user inherits from User
| Property | Type | Description | Specifications |
|---|---|---|---|
canCreateGroup | boolean | ||
canCreateProject | boolean | ||
external | boolean | ||
privateProfile | boolean | ||
publicEmail | string | ||
state * | string | ||
trial | boolean | ||
twoFactorEnabled | boolean |