GitLab Integration

Integrate GovernanceAI with GitLab for automated repository scanning and compliance checking.

Setup

Step 1: Create API Token

• Go to Settings → Access Tokens
• Create token with scopes:
  • api - API access
  • read_api - Read repositories
  • read_repository - Read files
• Copy the token

Step 2: Connect in GovernanceAI

• Integrations → GitLab
• Enter GitLab URL (e.g., https://gitlab.com or your instance)
• Paste API token
• Click Connect
• Select projects to scan

Step 3: Configure Webhooks

GovernanceAI creates webhooks for:

• Push events - Scan on every push
• Merge request events - Check on MR
• Issues - Track compliance findings

Features

✅ Automated Scanning

• Scan on push
• Check on merge requests
• Scheduled scans

✅ Pipeline Integration

• Run in CI/CD pipeline
• Create pipeline artifacts
• Fail pipeline on violations

✅ Merge Request Checks

• Report findings as MR comments
• Block merge on critical issues
• Show diff-only findings

GitLab CI/CD Integration

1
# .gitlab-ci.yml
2
stages:
3
  - scan
4
5
governanceai_scan:
6
  stage: scan
7
  script:
8
    - |
9
      curl -X POST https://api.governanceai.com/v1/scans \
10
        -H "Authorization: Bearer $GOVERNANCEAI_API_KEY" \
11
        -d '{
12
          "repository": "'$CI_PROJECT_PATH'",
13
          "ref": "'$CI_COMMIT_SHA'",
14
          "gitlab_merge_request_id": "'$CI_MERGE_REQUEST_IID'"
15
        }'
16
  only:
17
    - merge_requests
18
    - main

Permissions Required

• api - Full API access
• read_repository - Read repository files
• read_api - Read API data

Troubleshooting

• Token expired - Generate new token
• Webhooks not firing - Check webhook logs in GitLab
• Projects not showing - Verify token has api scope
• MR comments not appearing - Check project permissions

Next Steps

• GitHub Integration - Connect GitHub
• Azure DevOps - Connect Azure DevOps
• Running Scans - Learn scanning