GitLab

Set up GitLab for automated tests with TrustCloud

Purpose

Once you set up your compliance program, TrustCloud TrustOps works to ensure that your systems remain compliant with your adopted controls. To do so, TrustCloud runs automated tests against systems in your product and business stack, and verifies that they are properly configured.

This document outlines the steps you can take to grant TrustCloud access to only read metadata about the configuration settings for your GitLab organization and GitLab Users, so that TrustOps can validate and generate evidence for your compliance program.

Instructions to grant TrustCloud limited access to GitLab metadata

1. Log into GitLab with a user who is an owner of your GitLab organization.
2. In the upper-right corner of any page, click the user profile photo, then click Edit profile.
3. In the left sidebar, click Access Tokens.
   
4. Create an access token. For Token Name, give your token a descriptive name Ex. TrustCloud TrustCloud. For Expiration date, leave it blank. For select scopes select read_api scope.
5. Click on Copy personal access token
6. In the upper-left corner of any page, click the Menu
   
7. On the opened menu click Groups, then Your Groups
8. On the Groups page click your organization group
9. On the opened organization group page click the Group ID: number (ex. 12345678), this will copy the group id to the clipboard to be pasted into TrustOps.