Integrate Cortex Cloud Application Security with your GitLab SaaS version control system (VCS) to enable security scans for exposed secrets, infrastructure-as-code (IaC) misconfigurations, vulnerabilities, package operational risks, and license compliance issues in your repositories. This integration allows you to analyze, prioritize, and resolve detected issues efficiently.
How to integrate GitLab SaaS
Prerequisite
Before you begin:
In Gitlab, the following permissions are required to integrate the application:
Maintainer (Project-level). Grants sufficient permissions to configure external integrations, manage repository access, and adjust CI/CD settings
Administrator (Repository-level): Required to scan pull requests (PRs). This enables Cortex Cloud to set up subscription webhooks for the selected repositories
Scope: The Cortex application requires the following authorization scope:
api: Grants full read and write access to the API, including all groups and projects, as well as permissions to interact with the container registry, the dependency proxy, and the package registry
Onboarding steps
In the Cortex Cloud tenant.
Search for GitLab (SaaS) , hover over it and click , or Add Another Instance if an instance is already onboarded.
Click on the Configure account step of the GitLab SaaS onboarding wizard.
You are redirected to your GitLab SaaS account in order to install and authorize Cortex AppSec, the GitLab App application handling the Cortex Cloud Application Security functionality.
On GitLab SaaS: Review the requested permissions and click Authorize Cortex AppSec.
You are redirected to the Select Repositories step of the installation wizard on the console.
On the Cortex Cloud console.
Under Selection Options, choose the repositories to be connected to the instance:
Permit all existing repositories
Permit all existing and future repositories
→
Click .
Note
A repository can only be integrated with a single instance. The first instance that connects with the repository will be the one that the repository is assigned to. This means that if multiple integrations attempt to connect to the same repository, only the first integration to establish the connection will be associated with that repository.
Verify integration and confirm that the your integrated GitLab SaaS instance has a status of Connected.
On the Data Sources & Integrations page, search for GitLab SaaS in the search bar.
Hover over and select the resulting entry.
Locate your instance and verify that the status of your GitLab SaaS instance is Connected.
View repository assets and mitigate detected issues.
Subscribed events
Below is a comprehensive list of events to which Cortex Cloud Application Security is subscribed. These events encompass various actions and changes occurring within your GitLab SaaS environment that trigger notifications and integrations with Cortex Cloud Application Security:
Manage data source integrations
Manage integrations to align with evolving requirements and ensure they remain current.
Navigate to → and use the Vendor filter to located the required integration.
Select your vendor from the list.
The integrated instances for the selected vendor are displayed.
Right-click on an instance and select an option:
: Redirects to the Select Repositories step of the integration wizard, where you can modify configurations for the selected instance. For more details, refer to the relevant integration guide
: When confirmed, deletes the instance, including data from previous scans
Copy entire row – Copies all column values for the selected row to the clipboard.