GitLab

configuration the gitlab integration scans repositories in gitlab to scan artifacts in gitlab ci, see scanning in ci docid 8dqnvc9xddxkjkd3dy8xu instead web configuration you can configure this integration via the web ui through the integrations tab or you can use a local configuration file as outlined below local configuration access token sources \ connection '@type' type googleapis com/sources gitlab endpoint https //gitlab ourbusiness com \# the gitlab token must be created with the \# `read api` scope token xxxxxxxxxxxxxxxxxxxxxxxxxx skipbinaries true name gitlab scanperiod 12h type source type gitlab verify true basic auth sources \ connection '@type' type googleapis com/sources gitlab endpoint https //gitlab ourbusiness com basicauth password xxxxxxxxxxxxxxx username svc user ignorerepos \ trufflesecurity/test keys skipbinaries true name gitlab scanperiod 12h type source type gitlab verify true options key description required endpoint the url endpoint for the gitlab server defaults to gitlab cloud no repositories list of repository names to scan in gitlab omit to enumerate instead no ignorerepos list of repository names to ignore in an organization scan supports globbing with no includerepos list of repository names to include in an organization scan supports globbing with no skipbinaries whether to skip scanning binary files no skiparchives whether to skip scanning archive files no capabilities feature supported scan archive files ✅ scan archived repos ✅ scan base64 encoded data ✅ scan binaries ✅ exclude filter ✅ include filter ✅ pre commit ✅ pre receive ✅ scan gitlab actions ✅ auto resume ✅ notes trufflehog does not scan diffs > 1 gb there is presently an known issue where, when you attempt to clone multiple refs that cannot coexist on disk at the same time, an error is thrown here is an anonymized example of this error thrown in github, but it would look similar in gilabt "could not clone repo https //git xxxxx com/xxxxx/thog git, error executing git clone exit status 128, fatal cannot process 'refs/remotes/origin/release/21 22/test' and 'refs/remotes/origin/release/21 22' at the same time\n" this happens with some particular ref configurations that are not common in repositories, but occasionally exist when it is thrown, we will skip over the repo causing this error and begin scanning the next one there are workarounds that can be implemented that can attempt to scan the repos that throw this error but they have 2 potential limitations first, they may not be able to scan the entire repo second, they may require a manual step to run the scan if you would like assistance establishing a workaround, please open a bug report here report a bug