Skip to main content

Overview

GitLab is a platform for version control and collaborative DevOps. This integration connects Backline with GitLab to automatically create merge requests with secure fixes.

What You Can Do

With the GitLab integration, Backline can:
  • Access your GitLab projects and groups
  • Analyze dependencies and detect outdated packages
  • Create merge requests with security patches
  • Track remediation progress across your GitLab projects

Prerequisites

Before connecting GitLab, ensure you have:
  • A GitLab organization
  • A token with Developer role on the projects you want Backline to manage (Backline onboards every project the token is a member of)
  • Access to generate a personal access token with the required scopes

Connecting GitLab

1

Create Service Account

Log in to your GitLab organization and create a designated account for Backline. This account should have Developer role on the projects you want Backline to manage.
2

Configure Project Access

Grant the account Developer access to the projects you want Backline to remediate. Backline onboards every project the token is a member of.
3

Create Personal Access Token

In GitLab, create a unique personal access token with the following settings:
  • Token name: Give it a unique, identifiable name (e.g., “Backline Integration”)
  • Expiration date: Set an appropriate expiration date for your security policy
  • Scopes: Select the required scopes (detailed below)
4

Copy Token Value

Copy the generated token value. You won’t be able to see it again after leaving the page.
5

Go to Integration Hub

In Backline, navigate to Integrations from the main menu.
6

Select GitLab

Find and click on the GitLab integration card.
7

Enter Token

Provide your Personal Access Token in the form field.
8

Verify Connection

Click Connect to verify your credentials. Once verified, Backline will securely link to your GitLab projects and enable automated remediation.

Personal Access Token Configuration

Use a GitLab Personal Access Token (PAT) with a Developer role to allow cloning repositories, creating branches, committing changes, and managing merge requests. Backline onboards every project the token is a member of.
The token’s permissions in GitLab determine which repositories are included. Ensure it covers all projects you want to remediate.

Required Scopes

Configure your GitLab personal access token with the following scopes:
  • api - Full API access for managing projects, merge requests, and webhooks
  • read_repository - Clone and read repository content
  • write_repository - Create branches, commit changes, and push code
These scopes enable Backline to access your repositories, analyze code, and create merge requests with security fixes.

After Connection

Once GitLab is connected, Backline will:
  1. Discover and catalog your projects
  2. Generate remediation plans for vulnerabilities from those repositories
  3. Create merge requests for approved fixes

Managing the Integration

Updating Access

To modify project access:
  1. Visit your GitLab account settings
  2. Navigate to Applications
  3. Find Backline and adjust permissions