Onboarding GitLab with a maintainer role

Integration Steps

Login to Jit

As a first step, you will need to log in to Jit at platform.jit.io to create a tenant (This is important as a first step, as we will need to use the created tenant ID in later steps)

Create Webhooks

Jit uses webhooks to trigger scans when different events occur, such as a new MR or merge.

Users who prefer not to provide Jit with group owner permissions will need to register Webhooks manually. This can be done by following these steps:

  1. Navigate to Group Settings > Webhooks
  2. Click add a new webhook
  3. Fill out the form using the following data:
FieldValue
URLhttps://api.jit.io/gitlab/webhook
Header NameTenant-Id
Header Valuewill be provided by Jit
Header NameInstallation-Id
Header Valuethe group ID you plan to integrate with
Secret Tokenchoose a password
TriggerChoose:

- Push events (Wildcard pattern)
- Comments
- Subgroup events
- Merge request events
- Deployment events
  1. Press 'add webhook'
  2. Navigate to the Jit Platform, and go to Settings->Secrets. Add a new secret with the name 'webhook_secret_token' and the same password you used in the creation of the webhook.

Create CI token

Jit Needs the CI token so we can check out the Git repositories of the scanned projects and retrieve the relevant code.

Users who prefer not to provide Jit with a group owner permission token will need to create a CI token. This can be done by following these steps:

  1. Navigate to 'group → Settings → Access tokens.'
  2. click 'add new token'
  3. Fill out the form using the following data:
FieldValue
Token nameAny name of your choice
Expiration date1 year
RoleMaintainer
Scope- api - write_repository
  1. Click on “Create group access token”

  2. Copy token.

  3. Navigate to CI/CD-> Variables

  4. Click 'add variable'

  5. Fill out the form using the following data:

    FieldValue
    VisibilityMasked and hidden
    KeyJIT_CHECKOUT_TOKEN
    Valuepaste the token you've created
  1. Click 'add variable'

Open the GitLab Integration Wizard

  1. Select the GitLab Logo.

Wizard Step 1: Approve Permissions

  1. Login to Gitlab using the user with Maintainer role.
  2. Approve the permissions Jit requires for the integration.
  3. Click Next

Wizard Step 2: Choose GitLab Group

  1. Select your dedicated group from the dropdown.
  2. Click Next.

Wizard Step 3: Choose projects to scan

    1. Recommended: Select All projects to automatically protect new repositories with Jit. When needed, repositories can later be excluded in Manage Resources.
    2. If you prefer, you can install Jit only on selected projects by choosing the second option.
  1. Click Complete.

Additional information and options

  1. If All projects were not selected, Jit does not have permission to all projects and does not receive notification about the new project. Click Edit access permission and allow the Jit app permission for the new project.
  2. Jit creates a new project in the group that allows Jit to scan the code in the GitLab environment. This architecture enables security scanning within your GitLab organization and lets you modify your security configuration as code.

👍

Success!

You are good to go.

Start activating security controls in your plan.

If you have third-party products/services you would like to integrate with Jit (such as Slack or Jira) proceed to Integrating With Third-Party Products and Services.

For instructions on configuring dependency scanning within monorepos, see Monorepo Support.