GitLab Token
Description
General
- Documentation: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html
- Summary: GitLab is an open-source code hosting website that provides issue tracking, continuous integration and deployment pipeline. This detector aims at detecting tokens used to programmatically act on behalf of a user.
Details for GitLab Token
-
Family: token
-
Category: version_control_platform
-
Company: GitLab
-
High recall: False
-
Validity check available: True
-
Analyzer available: True
-
Revoker available: True
-
On-premise instances exist: True
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 5.51
-
Prefixed: False
Details for GitLab Token
-
Family: token
-
Category: version_control_platform
-
Company: GitLab
-
High recall: False
-
Validity check available: True
-
Analyzer available: True
-
Revoker available: True
-
On-premise instances exist: True
-
Only valid secrets raise an alert: True
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 0.08
-
Prefixed: False
Details for GitLab Token
-
Family: token
-
Category: version_control_platform
-
Company: GitLab
-
High recall: True
-
Validity check available: True
-
Analyzer available: True
-
Revoker available: True
-
On-premise instances exist: True
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 15.16
-
Prefixed: True
Secret Analyzer
Analysis Method
- Provider allows scopes enumeration: False
- Total network call count: 2
- Total call count may vary: False
HTTP Calls
Requests are designed to capture metadata and not to function effectively.
- GET: /api/v4/personal_access_tokens/self
- GET: /api/v4/projects
Other Calls
Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.
Revoker
Auth Credentials
Valid credentials needed to authenticate the request. No extra credentials needed for this revoker.
HTTP Calls
List of calls performed by the revoker.
- DELETE: /api/v4/personal_access_tokens/self
Revocation Mode
Revocation is synchronous.
