ENTERPRISE

Integrating Burp Suite Enterprise Edition with GitLab

  • Last updated: January 10, 2022

  • Read time: 3 Minutes

If you or your teams use GitLab, you may like to set up an integration with Burp Suite Enterprise Edition. Once configured, this enables you to raise GitLab issues from within Burp Suite Enterprise Edition for any security vulnerabilities found by your scans.

Prerequisites

  1. You have access to Burp Suite Enterprise Edition as an administrator.
  2. You have access to your GitLab instance as an administrator.
  3. You have the Maintainer or Owner role for any GitLab projects you want to create issues on.

To integrate with GitLab, Burp Suite Enterprise Edition must be linked to a specific GitLab user.

We recommend creating a new GitLab user specifically for this task. This will allow you to control which projects are available for use in Burp Suite Enterprise Edition - simply by adding your user as a Reporter to those projects.

Generate a GitLab impersonation token

A GitLab impersonation token will allow Burp Suite Enterprise Edition to raise GitLab issues as a specific user.

  1. Sign into GitLab with administrator privileges.
  2. In the Admin area, select the user you want Burp Suite Enterprise Edition to use to raise GitLab issues.
  3. Click Impersonation Tokens.
  4. Give the impersonation token a name (e.g. "Burp Suite Enterprise Edition"), and check the box to give the impersonation token api scope.
    Creating a GitLab impersonation token
  5. Click the Create impersonation token button.
  6. Copy the impersonation token to your clipboard.

Connecting Burp Suite Enterprise Edition to GitLab

To connect Burp Suite Enterprise Edition to GitLab:

  1. Log in to Burp Suite Enterprise Edition as an administrator. From the settings menu, select Integrations.
  2. From the Integrations page, select GitLab.
    Connecting Burp Suite Enterprise Edition to GitLab
  3. Enter your GitLab API URL (e.g. gitlab.example.com) in the provided field. Note that Burp Suite Enterprise Edition will automatically append api/v4 onto any URL you enter here.
  4. Enter the GitLab personal access token you created previously.
  5. Click Connect.
  6. You can now manage which GitLab projects Burp Suite Enterprise Edition users will be able to create tickets in. You can also allow Issue and / or Incident tickets to be created for each project.

Raise GitLab issues from within Burp Suite Enterprise Edition

Now Burp Suite Enterprise Edition is linked to GitLab, you can raise GitLab issues from within Burp Suite Enterprise Edition for any issues found by a scan. Note that the user you created previously will need Reporter level access to any projects you wish to create issues on.

  1. From within Burp Suite Enterprise Edition, click an issue you want to raise a GitLab issue for.
  2. In the top right hand corner of the page, click the Raise GitLab issue button. Note that if you have configured an integration with other tools, you may need to select this from the Raise ticket drop down.
    Raising a GitLab issue from within Burp Suite Enterprise Edition
  3. You have the option either to create a new GitLab issue, or link to an existing GitLab issue:
    • To create a new issue, select your project and ticket type from the drop down menu, then press the Create button.
    • To link to an existing GitLab issue, select Link to existing issue, choose the relevant project, and enter the relevant GitLab issue number. Then press the Link button.
  4. Observe that an issue is now included within your selected GitLab project or issue.
    Burp Suite Enterprise Edition raising an issue in GitLab