Get involved in the Burp challenge for opportunities to test your skills and win swag  –   Challenge me

ENTERPRISE

Integrating Burp Suite Enterprise Edition with GitLab

  • Last updated: November 30, 2022

  • Read time: 3 Minutes

If you or your teams use GitLab, you may like to integrate this with Burp Suite Enterprise Edition. Once configured, this enables you to raise GitLab issues from directly within Burp Suite Enterprise Edition for any security vulnerabilities found by your scans.

Prerequisites

  1. You have access to Burp Suite Enterprise Edition as an administrator.
  2. You have access to your GitLab instance as an administrator.
  3. You have the Maintainer or Owner role for any GitLab projects you want to create issues on.

To integrate with GitLab, Burp Suite Enterprise Edition must be linked to a specific GitLab user.

We recommend creating a new GitLab user specifically for the integration. This allows you to control which projects are available for use in Burp Suite Enterprise Edition - simply by adding your user as a Reporter to those projects.

Generate a GitLab impersonation token

A GitLab impersonation token allows Burp Suite Enterprise Edition to raise GitLab issues as a specific user.

Note

The latest version of GitLab adds a prefix to the personal access token, which means the token now exceeds our 20-character limit. You can use the following workaround to fix this:

  1. Go to the following link: https://gitlab.example.com/admin/application_settings/general#application_setting_personal_access_token_prefix
  2. Delete all the contents from the Personal Access Token prefix field.
  3. Click Save changes.
  4. Create a new impersonation token.

To generate a GitLab impersonation token:

  1. Sign into GitLab with administrator privileges.
  2. In the Admin area, select the user you want Burp Suite Enterprise Edition to use to raise GitLab issues.
  3. Click Impersonation Tokens.
  4. Give the impersonation token a name (e.g. "Burp Suite Enterprise Edition"), and check the box to give the impersonation token api scope.
    Creating a GitLab impersonation token
  5. Click the Create impersonation token button.
  6. Copy the impersonation token to your clipboard.

Connect Burp Suite Enterprise Edition to GitLab

To connect Burp Suite Enterprise Edition to GitLab:

  1. Log in to Burp Suite Enterprise Edition as an administrator.
  2. From the settings menu, select Integrations.
  3. On the GitLab tile, select Configure.
  4. Enter your GitLab API URL (e.g. gitlab.example.com) in the provided field.

    Connecting Burp Suite Enterprise Edition to GitLab
  5. Enter the GitLab personal access token you created earlier.
  6. Click Connect.

If Burp Suite Enterprise Edition successfully connects to GitLab, you'll be presented with options to configure how issues are raised both manually and automatically.

Note

You must enable at least one of these in order to complete the GitLab configuration.

Enable GitLab issues to be raised manually

To enable users to raise GitLab issues manually from within Burp Suite Enterprise Edition, you need to configure the list of GitLab projects and issue types that they can choose from:

  1. Select a project from the Project drop-down list.
  2. Select an issue type from the Issue type drop-down list.
  3. Click the + symbol.
  4. If necessary, repeat these steps to add more projects and issue types.

    Note

    You need to add separate entries for each issue type, even when adding multiple issue types from the same project.

  5. Click Save.
    Enabling manual issue creation for GitLab

Enable GitLab issues to be raised automatically

You can configure Burp Suite Enterprise Edition to raise GitLab issues automatically. Issues are created if they meet the minimum severity and confidence levels that you specify.

Note

To avoid inadvertently flooding your GitLab backlog with an overwhelming number of issues, we recommend setting high severity and confidence levels initially. You can then lower these once you have a better understanding of how many issues are raised as a result of your scans.

  1. Click Enable.
  2. Select a project from the Project drop-down list.
  3. Select an issue type from the Issue type drop-down list.
  4. Use the sliders to set the minimum issue severity and confidence levels that trigger GitLab issue creation.
  5. Click Save.
    Enable automatic issue creation for GitLab

Raising GitLab issues from within Burp Suite Enterprise Edition

For information on how users can manually raise GitLab issues, refer to Raise GitLab issues from within Burp Suite Enterprise Edition.

Was this article helpful?