Skip to Content

Security & Compliance

Lynx Compliance - GitLab Connector

Pulls compliance evidence from GitLab - project inventory, protected branches, signed-commit ratio, MR-review coverage, CODEOWNERS, vulnerability findings, pipelines - via the GitLab REST API.

Talk to sales See pricing

lynx_compliance_connector_gitlab · v19.0.1.0.0 · Premium

What this solves

Lynx Compliance - GitLab Connector

Sister to the GitHub and Northstar source-control connectors. Same ten resource types, GitLab-specific HTTP layer. For customers running primary source-control on GitLab Cloud (gitlab.com) or self-hosted GitLab CE / EE / Ultimate, this connector mechanises the same auditor-loved evidence: who can push to main, are commits signed, are merge requests reviewed, are secrets ever committed.

Authentication is a personal access token (or project access token) with read-only scopes for the projects / groups in scope. GitLab self-hosted customers point config_json.endpoint at their instance API root; the default is https://gitlab.com/api/v4.

Key Features

  • GitLab connector type - configure with the API endpoint + a personal access token (read_api scope is sufficient).

  • Ten resource pulls - projects, protected branches, CODEOWNERS files, signed-commit percentages, merge-request review coverage, secret-scanning / vulnerability findings, CI pipelines, webhooks, group owners, releases.

  • Pre-seeded collectors - five evidence collectors covering software inventory (ID.AM-02), change management (PR.PS-02), code-signing (PR.PS-01), privileged-user inventory (PR.AA-05), and CI configuration (A.8.9).

  • GitLab self-hosted support - point endpoint at https://gitlab.example.com/api/v4 to use a private GitLab CE / EE / Ultimate install.

  • GitLab Ultimate vulnerability findings - secret-scanning resource silently degrades on CE / EE (free tiers don't expose vulnerabilities).

Integrates With

  • lynx_compliance_connectors - registers under the connector framework.

  • lynx_compliance_evidence_collectors - shipped collectors use the standard schedule.

  • GitLab via the requests HTTP client.

Depends on

base lynx_compliance lynx_license_enforcer lynx_base lynx_compliance_evidence_collectors lynx_compliance_connectors lynx_compliance_certification

Try Lynx Compliance - GitLab Connector on your team.

Free trial, no credit card. Talk to sales when you're ready.

Start free trial Browse all modules