GitLab Integration
CodeStax integrates with GitLab for repository scanning, PR reviews via merge requests, and OAuth authentication.
Connecting GitLab
During Signup
Click Continue with GitLab on the signup page. This authorizes CodeStax with the required OAuth scopes and connects your GitLab account automatically.
After Signup
- Go to Settings on the dashboard
- Navigate to the Integrations tab
- Click Connect GitLab
- Authorize the CodeStax application on GitLab
Permissions
CodeStax requests standard GitLab OAuth scopes for reading repositories, user profile, and API access.
Features
Repository Import
Once connected, you can import GitLab repositories (personal and group-owned). CodeStax fetches your repository list and lets you select which ones to scan.
Automated MR Reviews
When you open or update a merge request, CodeStax can:
- Analyze the MR diff for security issues
- Score the MR risk level (0-100)
- Post findings as MR notes/comments
- Set commit status (pass/fail)
Scan Support
All scan types work with GitLab repositories:
- SAST — Static analysis of source code
- SCA — Dependency vulnerability scanning
- Secrets — Secret detection in code history
- IaC — Infrastructure-as-code scanning (Terraform, Kubernetes)
- Dockerfile — Hadolint linting for Dockerfiles
Token Management
GitLab OAuth tokens are automatically refreshed when they expire. CodeStax stores tokens encrypted and refreshes them proactively to ensure scheduled scans and CI/CD integrations continue working without manual re-authentication.
CI/CD Integration
You can integrate CodeStax into your GitLab CI pipeline. Go to Reviews > CI/CD in the dashboard and select GitLab to generate a .gitlab-ci.yml template that runs CodeStax quality gate checks on every merge request.
Self-Managed GitLab
CodeStax supports self-managed GitLab instances. Configure the GitLab URL in Admin > Settings > GitLab OAuth to point to your instance (e.g., https://gitlab.yourcompany.com).