★Start Free★
Guides

Onboarding Step 3: Option 2 - GitLab Integration

GitLab Integration

Suggest Edits

In this step, you will install the Jit GitLab app and create a centralized repository for Jit.

Requirements

When installed, the Jit GitLab app requires the following permissions in GitLab:

PermissionDescription
Access the API on your behalfGrants complete read/write access to the API, including all groups and projects, the container registry, the dependency proxy, and the package registry.
Read ApiGrants read access to the API, including all groups and projects, the container registry, and the package registry.
Read your personal informationGrants read-only access to your profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users.
Allow read-only access to the repositoryGrants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API.
Allow read-write access to the repositoryGrants read-write access to repositories on private projects using Git-over-HTTP (not using the API).
Allow read-only access to the user's personal information using OpenID ConnectGrants read-only access to the user's profile data using OpenID Connect.
Allow read-only access to the user's primary email address using OpenID ConnectGrants read-only access to the user's primary email address using OpenID Connect.

Additionally, Jit requires the user onboarding to have 'Group Owner' permissions. We ask this for a few reasons:

  • Code Access and Security: Jit needs to create a Group access token to check out your projects’ code. This ensures that all scanning happens within your GitLab environment, using GitLab runners, and your code never leaves your infrastructure—not even to Jit’s cloud. This token, created with limited scopes, can only be generated with Group Owner permissions.
  • Automation and Coverage: Jit requires Group Owner permissions to register group-level webhooks. This allows Jit to automatically cover new projects as they are added without additional configuration on your end. These webhooks also enable Jit’s unique Merge Request experience.
  • Service Continuity: We also use Group Owner permissions to create a service account assigned to your Group automatically. This service account ensures that Jit continues to operate seamlessly, even if the user who initially installed it leaves your organization, providing continuity that many other solutions cannot offer.

Integration Steps

Open the GitLab Integration Wizard

  1. InSecurity Plans go to your plan and click View Plan.
  2. Select GitLab in the SCM banner.


Wizard Step 1: Install Jit GitHub app

  1. Click Integrate to navigate to the permissions dialog.
  2. In the next dialog, approve the permissions Jit requires for the integration.
  3. Click Next.


Wizard Step 2: Choose GitLab Group

  1. Select your dedicated group from the dropdown.
  2. Click Next.


Wizard Step 3: Choose projects to scan

    1. Recommended: Select All projects to automatically protect new repositories with Jit. When needed, repositories can later be excluded in Manage Resources.
    2. If you prefer, you can install Jit only on selected projects by choosing the second option.
  2. Click Complete.


Additional information and options

  1. If All projects were not selected, Jit does not have permission to all projects and does not receive notification about the new project. Click Edit access permission and allow the Jit app permission for the new project.
  2. In order to support MR experience, Jit edits (or creates if doesn’t exist) the gitlab-ci.yml file of the project. This means that after the onboarding process, a MR will be created for every project for the gitlab-ci.yml file
  3. Additionally, Jit creates a new project in the group that allows Jit to scan the code in the GitLab environment. This architecture enables security scanning within your GitHub organization and lets you modify your security configuration as code.

👍

Success!

You are good to go.

Start activating security controls in your plan.

If you have third-party products/services you would like to integrate with Jit (such as Slack or Jira) proceed to Integrating With Third-Party Products and Services.

For instructions on configuring dependency scanning within monorepos, see Monorepo Support.

Updated 28 days ago