GitLab - User Guide

In this article, you will understand step by step how to easily integrate with GitLab

The integration with GitLab will allow all repositories, pull requests and automated tests to be collected automatically for auditing purposes. Performing this task manually can be quite tedious. Henceforth the integration will streamline the testing related to source control and change management. For example, the code review control will now automatically be collected as evidence.

How to connect GitLab integration?

Step 1: Log in to the Scytale web app

  • Click on the "Integrations" menu screen to the left.
  • Click on the "Connect" button under the GitLab icon.
  • Connection Name - is used to differentiate between your connections.
    For instance, if you manage multiple accounts or would like to connect multiple times to the integration. It's automatically titled (Connection 1,2,3 etc), but you can change it to a custom name to make it easier to identify.
    For example: scytale-production-env.
  • Click on "Next".
  • In the next step, you will be directed to Github to approve the authorization with Scytale, by clicking on "Connect". 



Step 2: Authorize integration with GitLab

  • After you have clicked "Connect", you can read through the permissions and click "Next" once satisfied. This will take you to the GitLab page.

  • On the GitLab page, click on the "Authorize" button.

  • You will be redirected to the Scytale app and be connected to GitLab.

Step 3:
Group Selection

  • Select the GitLab groups that are relevant to the audit. The data will be collected automatically by Scytale.

Note: if you don't select groups, the connection will not be completed and we cannot collect evidence.


Permissions for the integration with GitLab:

Click on the link below for more information on the permissions required for the Scytale and GitLab integration:

After clicking on the link, please refer to the following permissions below which will be used in the integration:

  • read_api - Grants read access to the API, including all groups and projects, the container registry, and the package registry.