Skip to main content

Overview

GitLab is a platform for version control and collaborative DevOps. This integration connects Backline with GitLab to automatically create merge requests with secure fixes.

What You Can Do

With the GitLab integration, Backline can:
  • Access your GitLab projects and groups
  • Analyze dependencies and detect outdated packages
  • Create merge requests with security patches
  • Track remediation progress across your GitLab projects

Prerequisites

Before connecting GitLab, ensure you have:
  • A GitLab organization
  • Ability to create a service account with Admin role
  • Access to generate personal access tokens for the service account

Connecting GitLab

1

Create Service Account

Log in to your GitLab organization and create a designated account for Backline. This service account should have Admin role scoped to a single group.
2

Configure Project Access

Configure the service account’s access for the Projects you want Backline to remediate.
3

Create Personal Access Token

In GitLab, create a unique personal access token with the following settings:
  • Token name: Give it a unique, identifiable name (e.g., “Backline Integration”)
  • Expiration date: Set an appropriate expiration date for your security policy
  • Scopes: Select the required scopes (detailed below)
4

Copy Token Value

Copy the generated token value. You won’t be able to see it again after leaving the page.
5

Go to Integration Hub

In Backline, navigate to Integrations from the main menu.
6

Select GitLab

Find and click on the GitLab integration card.
7

Enter Token

Provide your Personal Access Token in the form field.
8

Verify Connection

Click Connect to verify your credentials. Once verified, Backline will securely link to your GitLab group and enable automated remediation.

Personal Access Token Configuration

Use a GitLab Personal Access Token (PAT) with an Admin role to allow cloning repositories, creating branches, committing changes, and managing merge requests.
The token’s permissions in GitLab determine which repositories are included. Ensure it covers all projects you want to remediate.

Required Scopes

Configure your GitLab personal access token with the following scopes:
  • api - Full API access for managing projects, merge requests, and webhooks
  • read_repository - Clone and read repository content
  • write_repository - Create branches, commit changes, and push code
These scopes enable Backline to access your repositories, analyze code, and create merge requests with security fixes.

After Connection

Once GitLab is connected, Backline will:
  1. Discover and catalog your projects
  2. Generate remediation plans for vulnerabilities from those repositories
  3. Create merge requests for approved fixes

Managing the Integration

Updating Access

To modify project access:
  1. Visit your GitLab account settings
  2. Navigate to Applications
  3. Find Backline and adjust permissions