GitLab

What is GitLab?

GitLab is a DevOps platform that combines code hosting, CI/CD pipelines, and project management. If your team uses GitLab, this integration allows Imara to monitor repository access controls, pipeline configurations, and security settings for compliance evidence.

What Imara collects from GitLab

• Group and project members with their roles
• Two-factor authentication (2FA) enforcement status
• Protected branch configurations
• CI/CD pipeline and runner settings
• Access token usage and expiry status
  
  

Required permissions

Imara connects via a GitLab Personal Access Token (or a Group Access Token on GitLab 14.7+) with the following scopes:

• read_api — read group and project data
• read_user — read user information and 2FA status
  
  

Imara does not write to or modify any GitLab group, project, or repository.

How to connect

1. In GitLab, go to User Settings → Access Tokens (or Group Settings for a Group Token).
2. Create a token with read_api and read_user scopes and an appropriate expiry date.
3. In Imara, go to Integrations and select GitLab.
4. Enter your GitLab instance URL (leave blank for gitlab.com), paste the token, and click Connect.
   
   

Frameworks supported

SOC 2, ISO 27001, NIST CSF.

What to expect

Imara surfaces development security findings — such as missing 2FA, unprotected branches, or overly permissive access — and maps each one to the relevant control in your active framework.