Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.iru.com/llms.txt

Use this file to discover all available pages before exploring further.

About GitLab

The GitLab connector reads project metadata, group membership, branch protection, CI/CD configuration, and (where your plan and token allow) audit-oriented events from your GitLab.com group or self-managed instance. Data appears as artifacts in Iru Compliance for mapping to actions and controls. Iru sends credentials using GitLab’s PRIVATE-TOKEN header - typically with a personal access token so reads can span the groups and projects you choose.

How it works

GitLab’s REST API authenticates with the PRIVATE-TOKEN header: 
PRIVATE-TOKEN: glpat-XXXXXXXXXXXXXXXXXXXX
Personal access tokens are usually the best fit because they can cover multiple projects and groups. Project-scoped or group-scoped tokens work but may narrow what evidence Iru can collect.
DetailValue
CategoryDeveloper tools / source control
AuthenticationPRIVATE-TOKEN header (personal access token recommended)
HostingGitLab SaaS or self-managed
Documentation: Personal access tokens, REST authentication, Token scopes.

Prerequisites

  • GitLab access to the groups and projects compliance cares about.
  • Group Owner or Maintainer where you need membership and audit-style reads (exact needs depend on your controls).
  • For self-managed GitLab, confirm Iru targets your instance base URL (not only gitlab.com).
Starting point for scopes
ScopePurpose
read_apiBroad read access to API endpoints used for inventory and configuration evidence
read_repositoryRepository metadata aligned to branch protection and repo settings
read_userUser profile reads needed for membership evidence
Add scopes only when your security team requires deeper reads.

Connect GitLab to Iru

GitLab

1

Open personal access tokens

Sign in to GitLab. Select your avatar → Edit profileAccess Tokens, then Add new token.
2

Set token name, expiration, and scopes

Enter a name (for example Iru Compliance). Set an expiration (GitLab requires one; maximum duration may be limited by your administrator). Choose the scopes from Prerequisites.
3

Create and copy the token

Create the token and copy it immediately. GitLab shows it once. Tokens typically begin with glpat-.

Iru Compliance

1

Open Sources

In Iru Compliance, on the left navigation bar, expand Compliance and select Sources.
Left navigation: Compliance expanded, Sources selected
2

Turn on GitLab

Find GitLab (use Category or Search by name or description). On that card, turn on the toggle. A browser tab or window may open for the connector wizard.
3

Paste the personal access token

When the wizard asks for the PRIVATE-TOKEN value, paste your token and submit.
4

Confirm the source is Active

When the connection succeeds, the GitLab card shows Active.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
Confirm the full token string, check expiry, and verify the account still has access to target groups.
Increase scopes or elevate project/group role - your token cannot read endpoints your account cannot access.
Ensure the integration points at your instance hostname and that network paths allow Iru’s outbound calls.
Some audit APIs require Premium/Ultimate features - compare your GitLab tier to the evidence your framework expects.

Considerations

Tokens expire on a schedule: rotate early and update…

Tokens expire on a schedule - rotate early and update the connector.

GitLab applies rate limits; large groups may take…

GitLab applies rate limits; large groups may take longer during first sync.

Iru reads configuration exposed by the API: it does…

Iru reads configuration exposed by the API - it does not rewrite pipelines or repository settings.

See also