GitLab Setup
Connect your GitLab repositories to Cloudgeni to enable automated security scanning, merge request reviews, and compliance monitoring for your Infrastructure as Code.What You'll Get
- Automatic repository discovery from your GitLab groups - Merge request security reviews with inline comments - Webhook integration for real-time scanning - Support for GitLab.com and self-hosted instances
Prerequisites
Before You Start
Before You Start
- GitLab account with Owner or Maintainer access to repositories - Repositories containing IaC files (Terraform, Bicep, etc.) - For self-hosted: GitLab version 13.0 or later
Quick Start
Step 1: Navigate to Integrations
- Log in to your Cloudgeni dashboard
- Go to Settings → IaC Repositories
- Click Connect Git Provider
- Select GitLab
Step 2: Authorize Cloudgeni
- Click Connect with GitLab
- You’ll be redirected to GitLab’s authorization page
- Review the requested permissions
- Click Authorize to grant access
Cloudgeni requests read access to your repositories and the ability to post merge request
comments.
Step 3: Select Repositories
- After authorization, you’ll see your GitLab groups
- Expand groups to see available repositories
- Toggle repositories you want to monitor
- Click Save Selection
Self-Hosted GitLab
Configure Custom Instance
For self-hosted GitLab (GitLab CE/EE):- In Cloudgeni, go to Settings → IaC Repositories
- Click Connect Git Provider → GitLab
- Click Use Self-Hosted GitLab
- Enter your GitLab instance URL (e.g.,
https://gitlab.yourcompany.com) - Continue with OAuth authorization
Network Requirements
Ensure your GitLab instance can communicate with Cloudgeni:| Direction | Endpoint | Purpose |
|---|---|---|
| Outbound | api.cloudgeni.ai | API communication |
| Inbound | Your GitLab URL | Webhook callbacks |
SSL/TLS Requirements
- Self-signed certificates require additional configuration
- Contact support for private CA setup
Permissions
Required Scopes
Cloudgeni requests these GitLab OAuth scopes:| Scope | Purpose |
|---|---|
read_api | Access repository metadata |
read_repository | Clone and scan repository content |
write_repository | Post merge request comments (optional) |
Access Levels
| GitLab Role | Can Connect | Can Scan | MR Comments |
|---|---|---|---|
| Owner | Yes | Yes | Yes |
| Maintainer | Yes | Yes | Yes |
| Developer | Limited | Yes | Yes |
| Reporter | No | No | No |
Webhook Configuration
Automatic Setup
Cloudgeni automatically configures webhooks when you connect a repository. Webhooks trigger on:- Push events to monitored branches
- Merge request creation and updates
- Tag push events
Manual Configuration
If automatic setup fails, configure webhooks manually:- Go to your GitLab project → Settings → Webhooks
- Add webhook URL:
https://api.cloudgeni.ai/webhooks/gitlab - Select triggers:
- Push events
- Merge request events
- Add secret token (provided in Cloudgeni dashboard)
- Click Add webhook
Webhook Events
| Event | Trigger |
|---|---|
| Push | Code pushed to repository |
| Merge Request | MR opened, updated, or merged |
| Tag Push | New tag created |
Repository Management
Adding Repositories
- Go to Settings → IaC Repositories
- Find your GitLab integration
- Click Manage Repositories
- Toggle additional repositories on
- Click Save
Removing Repositories
- Go to Settings → IaC Repositories
- Find the repository to remove
- Click the … menu → Remove
- Confirm removal
Repository Settings
Configure per-repository settings:| Setting | Description |
|---|---|
| Default Branch | Branch to scan on push events |
| Scan Triggers | Which events trigger scans |
| MR Comments | Enable/disable merge request comments |
| Auto-remediation | Enable AI-powered fix suggestions |
Merge Request Integration
How It Works
When a merge request is opened or updated:- Cloudgeni receives webhook notification
- Changed IaC files are analyzed
- Security findings are posted as MR comments
- Overall status is updated
Comment Format
MR comments include:- Summary of findings by severity
- Inline comments on specific lines
- Remediation suggestions
- Links to detailed findings
Configuring MR Reviews
- Go to repository settings in Cloudgeni
- Enable Merge Request Reviews
- Configure severity thresholds
- Save settings
GitLab CI Integration
Combine repository connection with CI/CD scanning:Troubleshooting
Connection Issues
Connection Issues
OAuth Failed:
- Clear browser cookies and retry
- Verify you have Owner/Maintainer access
- Check GitLab account isn’t blocked
- Ensure you have access to the group/project
- Check repository visibility settings
- Try refreshing the repository list
- Verify GitLab URL is accessible
- Check SSL certificate validity
- Ensure outbound network access to Cloudgeni
Webhook Issues
Webhook Issues
Webhooks Not Triggering:
- Verify webhook is configured in GitLab
- Check webhook URL is correct
- Review webhook delivery history in GitLab
- Verify write permissions are granted
- Check MR reviews are enabled
- Review scan logs for errors
Scanning Issues
Scanning Issues
Scans Not Running:
- Verify repository contains IaC files
- Check default branch is correct
- Review scan trigger settings
- Some files may be excluded by .gitignore
- Check for unsupported file formats
- Review scan logs for skipped files
Security Considerations
Token Storage
- OAuth tokens are encrypted at rest
- Tokens are never logged or exposed
- Access can be revoked from GitLab at any time
Data Access
Cloudgeni accesses:- Repository file contents (for scanning)
- Merge request metadata (for comments)
- Branch and commit information
- GitLab user credentials
- CI/CD variables or secrets
- Issue or wiki content
Revoking Access
To disconnect GitLab:- In Cloudgeni: Settings → IaC Repositories → Disconnect
- In GitLab: User Settings → Applications → Revoke Cloudgeni