GitLab

gitlab edition enterprise + open source the gitlab integration scans repositories in gitlab for credentials and other sensitive data to scan artifacts produced by gitlab ci pipelines, see scanning in ci docid 8dqnvc9xddxkjkd3dy8xu instead configuration the gitlab integration can be configured in trufflehog under integrations , or via a local configuration file (below) web configuration configure this integration from the integrations page in trufflehog you'll need either a gitlab personal or project access token with the read api scope, or basic auth credentials for a service account local configuration local configuration supports two authentication methods access token — uses a gitlab personal or project access token with the read api scope basic auth — uses a service account username and password access token sources \ connection "@type" type googleapis com/sources gitlab endpoint https //gitlab ourbusiness com \# the gitlab token must be created with the `read api` scope token xxxxxxxxxxxxxxxxxxxxxxxxxx skipbinaries true name gitlab scanperiod 12h type source type gitlab verify true basic auth sources \ connection "@type" type googleapis com/sources gitlab endpoint https //gitlab ourbusiness com basicauth username svc user password xxxxxxxxxxxxxxx ignorerepos \ trufflesecurity/test keys skipbinaries true name gitlab scanperiod 12h type source type gitlab verify true configuration options field type required description endpoint string no the url endpoint for the gitlab server defaults to gitlab cloud repositories list no explicit list of repository names to scan omit to enumerate instead includerepos list no repositories to include in organization scans supports glob patterns ( ) ignorerepos list no repositories to skip during organization scans supports glob patterns ( ) skipbinaries boolean no skip binary files skiparchives boolean no skip archive files capabilities feature supported scan archive files ✅ scan archived repositories ✅ scan base64 encoded data ✅ scan binaries ✅ scan gitlab actions ✅ include / exclude filters ✅ pre commit ✅ pre receive ✅ auto resume ✅ notes trufflehog does not scan diffs larger than 1 gb for artifacts produced by gitlab ci pipelines, use the gitlab ci source rather than this integration troubleshooting error cause solution cannot process 'refs/remotes/origin/ ' and 'refs/remotes/origin/ ' at the same time repository contains refs that conflict on disk during clone (e g , a branch and a tag with overlapping paths) uncommon, but the scan will skip the affected repo and continue if you need to scan a repo that consistently throws this error, open a bug report https //trufflesecurity atlassian net/servicedesk/customer/portal/1/group/1/create/6 for workaround guidance