Supported Data models

  • Vulnerability Findings

    • type: dependency
    • type: code
    • type: secret
    • type: container
  • Resources

    • type: branch
    • type: image

Onboarding Gitlab

Leen’s recommendation for minimal access to the customer’s environment and their projects:

1. Preferred Method: Dedicated User with Scoped Project Access

  • Create a dedicated GitLab user specifically for Leen’s integration.
  • Grant this user GitLab access permissions only to the projects Leen should scan.
  • A Personal Access Token for this dedicated user will then inherently be limited to these selected projects.

2. Using Tokens with Broader Inherent Access (e.g., an existing user’s personal access token, a Group Token):

  • Be aware that Personal Access Tokens from existing users or Group Access Tokens authorize API access based on the user’s total project memberships or all projects within the group, respectively. They do not filter to a sub-list by themselves.
  • If using such a token, you should use the allowed_project_ids field in Leen’s integration settings to define the specific projects Leen should process. Provide a comma-separated list of Project IDs (e.g., 67411111,67422222,67433333).

3. For Scanning a Single GitLab Project:

  • Creating a Project Access Token within that specific project is recommended. Its access is confined to that single project.

Follow the steps below to onboard your environment to our Gitlab integration.

1

Create a Project, Group, or Personal Access Token

Create a project, group, or personal access token to authenticate with Gitlab.

If you create a project access token, only that project will be accessible to Leen via API.

For more information on how to create a project access token, please refer to the Gitlab documentation.

If you create a group access token, all projects within that group that the associated bot user has access to will be accessible to Leen via API.

For more information on how to create a group access token, please refer to the Gitlab documentation.

If you create a personal access token, all projects that the user has a member access to will be accessible to Leen via API. Check this dashboard link to see all the projects that you have access to.

  • For more information on how to create a personal access token, please refer to the Gitlab documentation.

Required scopes:

  • read_api
  • read_repository
  • read_registry

Set the expiration date to the maximum possible date.

Record your access token somewhere safe. After the credential window is closed, the token is no longer visible.

2

Find Project IDs (Optional)

If you plan to use the allowed_project_ids parameter (mentioned in the next step) to restrict the integration to specific projects, you’ll need their Project IDs. You can typically find a Project ID in GitLab by:

  1. Navigating to the project’s main page.
  2. On the project overview page, in the upper-right corner, select Actions (ellipsis icon).
  3. Select Copy project ID.

The Project ID is also be visible in project’s Settings > General.

Collect the IDs for all projects you wish to include. And form a comma-separated list of Project IDs for allowed_project_ids’s value (e.g., 67411111,67422222,67433333).

3

Enter credentials

Enter the access token in the Gitlab integration in its respective field: private_access_token and optionally allowed_project_ids.