Adding GitLab Projects
In order for our system to post feedback to your GitLab merge requests, a posting user must be added to your team.
Last updated
In order for our system to post feedback to your GitLab merge requests, a posting user must be added to your team.
Last updated
GitLab requires a user account to post inline feedback to merge requests. We have a global user () which can be used for this.
You can also create your own HackerOne Code service user for interacting with GitLab merge requests.
First, create a new user that will have access to all Projects or Projects in scope of service.
HackerOne Code will use this user to post scan results and validated issues.
***We strongly recommend adding the following image as the posting user's avatar and Hackerone Code
as part of the Username. This provides a much better end-user experience; it allows the service to be easily identified in the GitLab interface:
Navigate to Group Information -> Members in the side bar.
Click Invite Members.
In the Username or email address field, search for the newly created user and select the Reporter role.
Once the account is connected, please let your HackerOne team know and we can configure that account to be the one that your code review feedback is posted from.
After authenticating with GitLab, you'll be prompted to authorize and connect with a version control hosting provider. Click the GitLab option.
You'll then be asked to authorize your GitLab user account with HackerOne Code's GitLab application: PullRequest.
You'll be prompted with a list of GitLab Groups associated with your GitLab account.
Select the Group you'd like to connect with and click Next.
Don't see the Group you need?
GitLab account used to connect repositories with HackerOne Code must be an Owner.
Next, you'll be prompted to select which GitLab Projects (repositories) you'd like to connect to PullRequest.
You can select multiple Projects within the Group, or All Projects (recommended).
The user taking this action will need to have at least the of a Group. If the "Invite members" option isn't visible, you may need to work with a team member with an Owner or Maintainer role within the Group to take this action
Connect the newly created GitLab user account to HackerOne Code via our OAuth sign-up flow by clicking on .
NOTE: The application and entity name 'PullRequest' is expected. This is separate from for disclosure and bounty programs.
Reach out to a team member with these credentials and ask them to sign up for PullRequest and . At that point, Project and Group details should be available to non-Owner members in the HackerOne Code dashboard.
Repositories should now appear on the PullRequest page when the GitLab Group is selected from the Organizations drop-down menu at the top-left portion of the screen.