Skip to main content

Enable pull requests for GitLab

To use automatic pull requests for Veracode Software Composition Analysis (SCA) agent-based scanning, you need permission to create merge requests in GitLab.

To complete this task:

  1. Go to GitLab.com.

  2. If prompted, enter your GitLab credentials to log in.

  3. On the Personal Access Tokens page, enter a token name.

  4. Select the api checkbox.

  5. Click Create personal access token.

  6. After generating the token, copy it to your clipboard and save it to a safe location.

    note

    After you leave the page, you cannot access this token again.

  7. If your GitLab instance requires SSH, follow GitLab's instructions to add an SSH key to your account.

  8. Add your token using one of these methods:

    • Add this code to the agent.yml file installed in your ~/.srcclr folder:

      scmType: GITLAB
      scmToken: {token copied in earlier step}
    • Set the token as an environment variable in your CI/CD settings or in a command script. For example, add this code in Linux bash:

      export SRCCLR_SCM_TYPE="GITLAB"
      export SRCCLR_SCM_TOKEN="{token copied in earlier step}"
  9. If you are using an installation of GitLab other than GitLab.com, add your project URL using one of these methods:

    • Add the project URL to the agent.yml file installed in your ~/.srcclr folder:

      scmUrl: https://gitlab.acme.io
    • Set the project URL as an environment variable in your CI/CD settings.

    • Set the project URL as an environment variable in a command script. For example, add this code in Linux bash:

      export SRCCLR_SCM_URL=https://gitlab.acme.io