GitLab Enterprise Token
#
Description#
General- Documentation: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html
- Summary: GitLab is an open-source code hosting website that provides issue tracking, continuous integration and deployment pipeline. This detector aims at detecting tokens used to programmatically act on behalf of a user. In particular, this detector matches token/host couples that are used for on-premise GitLab installations.
- IPs allowlist: Allowlists are supported for self-managed installs.
- Scopes: Scopes can be set when creating an access token, more information in the scopes documentation.
#
Revoke the secretTokens can be revoked from the user's dashboard or programmatically.
#
Check for suspicious activityFor each personal token, GitLab displays the last used
date, under Settings and Access Tokens.
Gitlab enterprise personal token
#
Details for Family: Api
Category: Version control platform
Company: GitLab
High recall: False
Validity check available: False
Minimum number of matches: 2
Occurrences found for one million commits: 4.89
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - gitlab\.
#
Examples- text: | git+https://developer:C4FSHpor42bkSumYEZuD@gitlab.secrets.tech/modules/squalize-auto.git
apikey: C4FSHpor42bkSumYEZuD host: gitlab.secrets.tech
- text: | pat: C4FSHpor42bkSu_YEZu- branch_id: 1548452 server_url: gitlab.guardian.com
apikey: C4FSHpor42bkSu_YEZu- host: gitlab.guardian.com