GitLab Reports

On this page

Gitlab Reports is a output connector. Enables seamless data synchronization from Monad to GitLab Vulnerabilities.

IP Allowlists

You might need to add the Monad IP range of 34.210.32.104/32 to your GitLab Reports allowlist, so Monad can connect to it.

Summary

With the Gitlab Reports connector, you can easily connect various input connectors that scan your GitLab repositories and transform their findings into GitLab Vulnerabilities.

Monad goes a step further by automating the resolution process for your GitLab vulnerabilities. When a finding is updated to a closed state, Monad automatically resolves the corresponding GitLab Vulnerability on your behalf.

The GitLab Reports output connector doesn’t report vulnerabilities from the GitLab Vulnerability input connector, so you can confidently use both the GitLab Vulnerability and GitLab Reports connectors simultaneously without any concerns.

It’s important to note that Monad will not create duplicate vulnerabilities for the same input source. However, if you have multiple SAST scanners scanning the same repository, you may encounter multiple findings about the same vulnerability originating from these scanners.

Prerequisites

To set up a GitLab Reports connector, you will need to provide a group and a personal access token.

  1. Find the GitLab group you want to sync
  2. For the GitLab group, click on Group information -> Members
  3. Make sure the Gitlab user/group has access to the projects you wish to report vulnerabilities on.
  4. Ensure that the GitLab user that you will use to generate the token for Monad is a member of that group with at least a Developer role
  5. Now, let’s generate the token - as the user, navigate to the personal access token creation page
  6. Generate a token with api permissions. By default, gitlab sets a token expiration date of 30 days. You can change this to a longer period, or set it to never expire.
  7. Copy this token to a safe place - we will use it when setting up the GitLab Reports connector below

Set up a GitLab Reports connector

  1. From your Monad account go to the Connector map, and click Add connector.

  2. Select the GitLab Reports connector.

  3. Optionally, change the default name for the connector. This name serves as a label for the connector in the Monad app, and you can change it later.

  4. Enter the “access token” generated in step 8 from the Prerequisites

  5. Click Connect.

Now that you’ve connected the Gitlab Reports connector, whenever you sync your input connectors that scan your GitLab repositories, GitLab tickets will be created to track them.

This page was last modified: 9 Oct 2023