Configure GitLab Posting User

Prerequisites

The GitLab posting user must be created by an individual on your team with the following administrative permissions:

• A HackerOne Code user account with an Owner role for the organization in question.

• An Owner role on your GitLab Self-Hosted Group.

Create Posting User

Log in to your GitHub instance as an administrator and create a new user with the username HackerOne or PullRequest. HackerOne Code will use this user to post scan results and validated issues.

***We strongly recommend adding the following image as the posting user's avatar. This provides a much better end-user experience; it allows the service to be easily identified in the GitHub interface:

Add Posting User to Projects

Add the user you just created to all of the projects/repositories you want code review on. Be sure to grant the user REPORTER access so it's able to post comments.

Create GitLab Access Token

Log into GitLab as the HackerOne Code user you just created.

Open User settings -> Access Tokens. This should be accessible from the following path:

https://our-gitlab.internal/-/profile/personal_access_tokens

Create a Personal Access Token with the following properties:

• Name: For your team's internal use. No functionality is associated with this property.

• Expiration: *** Leave blank.

• Scopes: The api, read_user, and read_repository scopes should all be checked.

Once generated, copy the personal access token to your clipboard so we can configure the connection to GitLab.

Connecting PullRequest Proxy to GitLab

Now, it's time to return to that text file we're editing on the proxy server. Go ahead and set the following keys based on what was configured above.

PROVIDER_TYPE=gitlab
PROVIDER_BASE_URL=https://our-gitlab.internal
PROVIDER_USERNAME=PullRequest
PROVIDER_ACCESS_TOKEN=<access_token>