1. Home
  2. Integrations
  3. Phoenix SCA for GitLab
Searching...

Phoenix SCA for GitLab

Contents

This article covers the step required to configure your Phoenix SCA for GitLab integration, for which you have the required credentials.

Prerequisites

– In order to create a new scanner integration you should have access to the platform as an Admin user role.
– To connect your account to GitLab you need to have the API URL and your credentials (Personal Access Token).

GitLab Credentials

In order to integrate with GitLab to for Phoenix SCA scanning you’ll need a Personal Access Token. The follow steps guide you through the token creation process.

  1. To create a Personal Access Token, make sure that you are logged in with the user that you want to create the token with (e.g. “john-doe” in the screenshot below). Once you have confirmed this, click “Edit profile”.
  1. Select “Access tokens” in the left-hand menu, then “Add new token” on the right-hand side.
  1. Fill in the details presented to create a new token. The two key points to keep in mind are:
    • Make sure that you enter a fairly long, custom-defined Expiration date. You can set no expiration by clicking learn more and following the instructions.
    • In the Scopes section, select “read_api”.

Make sure that you copy the token in the last step since this is the last time that it will be visible.

Create a Phoenix SCA for GitLab Integration

  1. On the sidebar menu, navigate to the Scanners tab in the Integrations section.
  1. In the first step, enter a name for this scanner integration and populate the following details to complete the configuration:
  • Server URL: Enter the URL for GitLab’s REST API; typically “https://gitlab.com”.
  • Access Token: Enter the Personal Access Token obtained using the instructions at the start of this article.
  1. Click on the ‘Next’ button
  2. Select whether to fetch vulnerabilities from all repositories accessible to the Access Token, or to choose which ones to include or exclude.
  1. Then click on “Create scanner” to complete the process.

Unless there are issues with the credentials, the new scanner will appear in your list of integrations (under Integrations > Scanners) and the platform will start to collect asset and vulnerability details from the selected repositories (available through the integration credentials).

All the scanner’s assets and vulnerabilities will be automatically added to your account’s Default Application, and will be available to start assigning them to user-created Applications as required.

Updated on June 4, 2025
Tagged:

Related Articles

x Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
Shield Security