Skip to main content

GitLab Token

Description#

General#

  • Documentation: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html
  • Summary: GitLab is an open-source code hosting website that provides issue tracking, continuous integration and deployment pipeline. This detector aims at detecting tokens used to programmatically act on behalf of a user.
  • IPs allowlist: Allowlists are supported for self-managed installs.
  • Scopes: A range of scopes can be set when creating an access token, more information in the scopes documentation.

Revoke the secret#

Tokens can be revoked from the user's dashboard or programmatically.

Check for suspicious activity#

For each personal token, GitLab displays the last used date, under Settings and Access Tokens.

Details for Gitlab token#

  • Category: Version control platform

  • Company: GitLab

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 32.99

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - gitlab

Examples#

- text: >    git+https://gitlab+deploy-token-4:taivmyYoedWX8uwxvrR-@git.icare.univ-luzy1.fr/aero/eurochamp-componen
  apikey: taivmyYoedWX8uwxvrR-
- text: |    +gitlab_config    +set _SCRIPTDIR=%CD%    +popd    +    +set _TOKEN=u_zz1rnzC26JFwjAzAPu
  apikey: u_zz1rnzC26JFwjAzAPu
- text: |    GitLab Runner    +  runnerRegistrationToken: "tQtCbx5UZy_ByS7FyzhU"    +  # resources:    +  #   limits:    +  #     memory:
  apikey: tQtCbx5UZy_ByS7FyzhU

Details for Gitlab personnal token#

  • Category: Version control platform

  • Company: GitLab

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.26

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - gitlab

Examples#

- text: 'my gitlab token is set below.  I want something that is not handled by the AssignmentRegexMatcher not to interfer  with the gitlab_token detector  "qZ3do4vK3MiSHbE29vAQ"'  apikey: qZ3do4vK3MiSHbE29vAQ