GitLab
Connect GitLab.com or self-hosted GitLab using OAuth or a personal access token
GitLab supports two auth methods: OAuth 2.0 (recommended) or a personal access token. OAuth supports automatic token refresh when the access token expires; PATs are simpler but require manual rotation.
Recommended: OAuth 2.0
Click "Connect GitLab via OAuth"
In the dashboard under Project → Code Repos → Connect repository → GitLab → OAuth, you'll be redirected to GitLab's OAuth consent page.
Authorize the requested scopes
GitLab asks you to authorize SigSentry with these scopes:
| Scope | Why |
|---|---|
read_api | Read API access (project metadata, MRs) |
read_repository | Read file contents and commit history |
Click Authorize.
Return to SigSentry
GitLab redirects back. OAuth tokens are stored encrypted and refreshed automatically before they expire.
Configure repos
| Field | Value |
|---|---|
| Repositories | One per line, in group/project format (or group/subgroup/project) |
| Lookback days | Default 30 |
Save
Click Save. Run an analysis to confirm code correlation works.
Fallback: Personal Access Token
Generate a Personal Access Token
In GitLab, User Settings → Access Tokens → Add new token.
| Setting | Value |
|---|---|
| Token name | sigsentry-readonly |
| Expiration | Set a real expiration; rotate periodically |
| Scopes | read_api and read_repository |
Click Create personal access token and copy it — shown only once.
Add in SigSentry
Project → Code Repos → Connect repository, pick GitLab and Personal Access Token.
| Field | Value |
|---|---|
| Personal access token | The PAT you generated |
| Repositories | One per line, group/project format |
| Lookback days | Default 30 |
Save
Click Save.
Self-hosted GitLab
If you're running GitLab self-hosted (Community or Enterprise edition),
add the Base URL field with your instance URL — e.g.
https://gitlab.company.com. The OAuth and PAT flows both support
self-hosted; the difference is just the host.
For self-hosted, the OAuth callback URL needs to be allowlisted in your GitLab admin. Contact your GitLab admin to add SigSentry's callback URL to the allowed list.
How tokens are refreshed
OAuth tokens refresh automatically as needed. If your refresh token expires (rare, but possible on some GitLab setups), SigSentry shows a "needs re-authorization" prompt in the dashboard.
PATs don't refresh automatically — set a real expiration and rotate manually.
Revoking access
| For | Action |
|---|---|
| OAuth | GitLab → User Settings → Applications → revoke SigSentry |
| PAT | GitLab → User Settings → Access Tokens → revoke |
Troubleshooting
| Error | Fix |
|---|---|
401 Unauthorized | Token expired or invalid; re-authorize |
403 Forbidden | Token lacks read_repository scope |
404 Not Found | Project name typo or path wrong; for self-hosted, check the Base URL |
| Slow PR diffs | Large MRs can take time; the API doesn't expose file stats so we parse the full diff |