Steps on integrating GitLab with PingSafe account to continuously scan projects for hardcoded secrets and IaC issues.
Why integrate PingSafe with GitLab?
Integrating GitLab with PingSafe can help you identify security threats related to hardcoded secrets present in private repositories and scan your IaC project for possible cloud misconfiguration.
Steps to connect GitLab account with PingSafe.
- Login to PingSafe. Click on your user profile(marked within the circle). Click on Settings.
- In the settings tab under the VCS Integrations section, click on Gitlab.
- Click "Add to GitLab"
- Visit https://gitlab.com/-/profile/personal_access_tokens to create personal access token for GitLab Cloud. Otherwise visit <GitLab Server Host>: <GitLab Server Port>/-/profile/personal_access_tokens
- Generate a personal token with permissions shown in the screenshot below. Keep the expiry to a minimum of 2 years from the date of creation.
- Copy the generated access token.
- If your Gitlab instance is on gitlab.com : Paste the copied token under Personal Access Token. Click on Submit.
- If your Gitlab instance is either private or is accessible only on-premises : Then replace the Server Host and Server Port by your instance's address and port e.g. https://pingsafe.gitlab.com. Paste the copied token under Personal Access Token
then Click on the checkbox and press the Next button.
Follow the steps given on the next screen and then press the checkbox button to acknowledge that the broker setup was successful. Finally click on Submit to complete the onboarding process.
- In order to start secret detection on your repositories, go to the “Secret Detection” tab and turn on the scanning for your repositories.
- In order to start scanning your IaC repositories, go to the “IaC scanning” tab and turn on the scanning for your repositories.
Please feel free to reach out to support@pingsafe.com with any questions that you may have.
Thanks
PingSafe Support