GitLab Token
Description
General
- Documentation: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html
- Summary: GitLab is an open-source code hosting website that provides issue tracking, continuous integration and deployment pipeline. This detector aims at detecting tokens used to programmatically act on behalf of a user.
Revoke the secret
Tokens can be revoked from the user's dashboard or programmatically.
Details for GitLab Token
-
Family: token
-
Category: version_control_platform
-
Company: GitLab
-
High recall: False
-
Validity check available: True
-
Analyzer available: True
-
On-premise instances exist: True
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 5.51
-
Prefixed: False
Details for GitLab Token
-
Family: token
-
Category: version_control_platform
-
Company: GitLab
-
High recall: False
-
Validity check available: True
-
Analyzer available: True
-
On-premise instances exist: True
-
Only valid secrets raise an alert: True
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 0.08
-
Prefixed: False
Details for GitLab Token
-
Family: token
-
Category: version_control_platform
-
Company: GitLab
-
High recall: True
-
Validity check available: True
-
Analyzer available: True
-
On-premise instances exist: True
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 15.16
-
Prefixed: True
Secret Analyzer
Analysis Method
- Provider allows scopes enumeration: False
- Total network call count: 2
- Total call count may vary: False
HTTP Calls
Requests are designed to capture metadata and not to function effectively.
- GET: /api/v4/personal_access_tokens/self
- GET: /api/v4/projects
Other Calls
Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.