Adding GitLab Projects

In order for our system to post feedback to your GitLab merge requests, a posting user must be added to your team.

PreviousAdding Bitbucket Repositories NextAdding Azure DevOps Repositories

Last updated 25 days ago

Adding GitLab Projects

In order for our system to post feedback to your GitLab merge requests, a posting user must be added to your team.

Step 1: Designating a Posting User

GitLab requires a user account to post inline feedback to merge requests. We have a global user () which can be used for this.

You can also create your own HackerOne Code service user for interacting with GitLab merge requests.

NOTE: If your organization uses SAML, you WILL NOT be able to use the global user. A new user in your GitLab Group will need to be created.

Create a Service User for HackerOne Code

First, create a new user that will have access to all Projects or Projects in scope of service.

HackerOne Code will use this user to post scan results and validated issues.

***We strongly recommend adding the following image as the posting user's avatar and Hackerone Code as part of the Username. This provides a much better end-user experience; it allows the service to be easily identified in the GitLab interface:

Log in to GitLab as a user with permission to invite members

NOTE: If your organization's GitLab instances contains Rpositories in Projects spanning multiple Groups, these steps will be required for each group.

Navigate to Group Information -> Members in the side bar.

Click Invite Members.

In the Username or email address field, search for the newly created user and select the Reporter role.

The service user requires Reporter access and will need to be added to all of the Projects in scope of service. We recommend inviting the user to the root-level Group so there's no disruption in service if you add or move repositories in the future.

Log into HackerOne Code with the new service user

Once the account is connected, please let your HackerOne team know and we can configure that account to be the one that your code review feedback is posted from.

Step 2: Authorize GitLab Group Integration

The following steps must be completed by a GitLab user with an Owner role for the Groups and Projects that need to be integrated. If you're still logged in as the new GitLab service user for HackerOne Code, be sure to log out and log back in to GitLab as your standard user for your organization.

After authenticating with GitLab, you'll be prompted to authorize and connect with a version control hosting provider. Click the GitLab option.

You'll then be asked to authorize your GitLab user account with HackerOne Code's GitLab application: PullRequest.

Step 3: Select GitLab Group

You'll be prompted with a list of GitLab Groups associated with your GitLab account.

Select the Group you'd like to connect with and click Next.

NOTE: Multiple GitLab Groups can be connected. You can add more later if necessary.

Don't see the Group you need?

GitLab account used to connect repositories with HackerOne Code must be an Owner.

Step 4: Select GitLab Projects (Repositories)

Next, you'll be prompted to select which GitLab Projects (repositories) you'd like to connect to PullRequest.

You can select multiple Projects within the Group, or All Projects (recommended).

NOTE: If practical, we recommend selecting All Projects as this will also automatically connect future repositories and include a more comprehensive overview of your development activity across all repositories in your GitLab Group in our metrics dashboards.

Connecting repositories to will not initiating HackerOne Code scans or incur any additional fees/overages. These will be configured later.

Step 5: View Repositories

NOTE: This guide contains screenshots from third-party partner interfaces that may be modified without notice. If you have any issues or questions about integration, please reach out to your HackerOne team.

PreviousAdding Bitbucket Repositories NextAdding Azure DevOps Repositories

Last updated 25 days ago