Skip to main content

GitLab Enterprise Token

Description#

General#

  • Documentation: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html
  • Summary: GitLab is an open-source code hosting website that provides issue tracking, continuous integration and deployment pipeline. This detector aims at detecting tokens used to programmatically act on behalf of a user. In particular, this detector matches token/host couples that are used for on-premise GitLab installations.
  • IPs allowlist: Allowlists are supported for self-managed installs.
  • Scopes: Scopes can be set when creating an access token, more information in the scopes documentation.

Revoke the secret#

Tokens can be revoked from the user's dashboard or programmatically.

Check for suspicious activity#

For each personal token, GitLab displays the last used date, under Settings and Access Tokens.

Details for Gitlab enterprise personal token#

  • Category: Version control platform

  • Company: GitLab

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 25.46

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - gitlab\.

Examples#

- text: >    git+https://developer:C4FSHpor42bkSumYEZuD@gitlab.secrets.tech/modules/squalize-auto.git
  apikey: C4FSHpor42bkSumYEZuD  host: gitlab.secrets.tech
- text: >    pat: C4FSHpor42bkSu_YEZu-    branch_id: 1548452    server_url: gitlab.guardian.com
  apikey: C4FSHpor42bkSu_YEZu-  host: gitlab.guardian.com