Versions Compared

Old Version 4

changes.mady.by.user Victor Wang

Saved on

compared with

New Version 5

changes.mady.by.user Phillip Tennen (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This guide describes the setup for enabling SAST scans on source code repositories hosted on a GitLab installation. These steps require coordination with Data Theorem’s support team.Let’s connect your GitLab integration! Data Theorem’s SAST can connect to GitLab.com, GitLab On-Prem, and GitLab Ultimate.

Onboarding your GitLab instance will require communication with Data Theorem. Please reach out to support@datatheorem.com if you need help!

Jump to:

  • Onboard GitLab Ultimate

  • Onboard GitLab

Onboard GitLab Ultimate

Note that the onboarding user must be an admin within your GitLab Ultimate workspace.

  1. Navigate to GitLab.com.

    Image Added

  2. Select Groups and select the group that you would like to connect to Data Theorem's SAST analyzer.

    Image Added

  3. Select Settings, then Applications.

    Image Added

  4. Select Add new application.

    Image Added

  5. Configure the application using the following options:

    1. Name: Data Theorem SAST

    2. Redirect URI: https://www.securetheorem.com/gitlab-integration/onboarding

    3. Check Confidential

    4. Enable the api scope checkbox

    5. Enable the read_repository scope checkbox

      Image Added

  6. Select Save Application

    Image Added

  7. Send the URL, the Application ID, and the Secret to your Data Theorem contact. These are the credentials that the Data Theorem SAST Analyzer will use to connect to your GitLab instance.

...

  1. Your Data Theorem contact will send you an email, so let us know what email address should receive it.

    Image Added

  2. Important: Click the link in the email, then click Authorize.

    Image Added

  3. Your GitLab Ultimate instance has been successfully onboarded! Your source code will now continuously be scanned for security and privacy issues, which can be found on https://www.securetheorem.com/mobile-secure/v2/security/sast?view=issues or directly in your GitLab Ultimate merge requests.

    Image Added

Requirements

  • The GitLab installation must be exposed to the internet

  • The user following these instructions must have administrator permissions to the GitLab instance

Onboarding the GitLab installation

Start with creating the GitLab application for the Data Theorem integration:

...

To complete the installation process, please check your inbox for an email from Data Theorem with the subject line that says “GitLab integration onboarding”. This email will contain a link to a confirmation page in GitLab to allow access to the installation. Approve the application to complete the process.

Configuring the system hook

The system hook will notify the GitLab integration of changes to any of the repositories present in the GitLab integration.

...