Getting Started
Manage Targets
Manage Scans
Manage Organizations
Organization Settings
Plans
On Prem
GitLab Issues (On-Prem)
Unlike the Cloud version, ZeroThreat On-Prem connects to GitLab using a Personal Access Token and operates entirely from within your controlled infrastructure.
ZeroThreat On-Prem requires outbound network access to your GitLab instance. Ensure your firewall allows API communication to your GitLab domain.
Prerequisites
Before you begin:
- Your target is associated with an Enterprise plan that supports Issue Tracking.
- You have permission in GitLab to create issues in the intended project.
- Your On-Prem deployment has network access to your GitLab domain.
Step 1: Generate a GitLab Personal Access Token
ZeroThreat On-Prem requires a GitLab Personal Access Token for authentication.
Follow these steps:
- Log in to your GitLab account.
- Click on your profile avatar and go to Preferences.
- Navigate to Personal access tokens under the Access section.
.png)
- Click Add New Token.
.png)
- Provide a name for the token and set an expiry date (optional but recommended).
.png)
Grant the following permissions at a minimum:
read_userread_repositoryread_registryread_apiwrite_repositoryapi
- Click Generate Token.
.png)
- Copy and securely store the generated token, as it will only be visible once.
.png)
The steps above may vary slightly depending on your GitLab account configuration. In general, you simply need to generate a GitLab Personal Access Token with appropriate permissions from your GitLab account settings.
Step 2: Configure GitLab in ZeroThreat On-Prem
- Navigate to the Targets (
.png)
) section. - Select the target you want to configure and open the Target Configuration page.
- Go to the Issue Tracking (
.png)
) section. - Locate GitLab and click Configure.
- In the popup, enter your GitLab Personal Access Token saved in the previous step.
.png)
- Click Save.
Your GitLab integration is now connected to the target.
Step 3: Create GitLab Issues from a Scan Report
Once GitLab is configured:
- Go to the Scans (
.png)
) section. - Open a completed scan report.
- Click the GitLab Issue button at the top of the report.
.png)
A GitLab configuration popup will appear.
Step 4: Configure GitLab Issue Settings
- In the GitLab Issue popup:
- Select the GitLab project where vulnerabilities should be created.
- Choose the Issue board or project context if available.
.png)
- Click Submit to proceed.
All issues created from that scan will be added to the selected GitLab project.
Step 5: Create Issues for Vulnerabilities
- In the scan report, identify the vulnerability you want to track.
.png)
- Click Create Issue.
ZeroThreat will generate individual GitLab issues for each finding under that vulnerability.
All issues are immediately pushed to GitLab and can be managed directly within your GitLab project.
Create GitLab issues only for validated and high-priority vulnerabilities to avoid cluttering your issue backlog.
Viewing and Managing Issues
After creating issues:
- Go to Created Issues inside the scan report to see all GitLab issues generated.
- Click any issue to open it directly in GitLab.
Each GitLab issue includes:
- Detailed vulnerability description
- HTTP request and response evidence
- Proof-of-concept details
- Direct link back to the full ZeroThreat scan report
In ZeroThreat On-Prem, bi-directional comment synchronization and automatic issue status synchronization are not available. Changes made in GitLab, such as updating status or adding comments, will not automatically reflect back in ZeroThreat.
Best Practices
- Use a dedicated GitLab Personal Access Token for ZeroThreat integration.
- Rotate API tokens periodically as part of your security practices.
- Create issues only for validated vulnerabilities to maintain a clean backlog.
- Ensure your firewall consistently allows communication to your GitLab domain.
You’re all set with GitLab Issues integration on ZeroThreat On-Prem.
Next, explore our other integrations — such as GitHub Issues, Azure Boards, Trello, or Jira — to further streamline your remediation workflows.