Install DryRun Security for GitLab (beta)

Install DryRun Security for GitLab (beta)

DryRun Security for GitLab.com, enables fast, contextual code reviews that help your team spot unknown risks before they start.

This guide will walk you through connecting your GitLab environment to DryRun Security by:

  1. Creating a GitLab Personal Access Token with the correct scopes.
  2. Installing DryRun Security via the DryRun Security Dashboard.

Once installed and activated, you’ll get immediate visibility into security risks across your GitLab projects—without slowing development down.

Create a Personal Access Token

This section describes creating a Personal Access Token (PAT) that will be used during the installation of DryRun Security.

*Note: The GitLab user used to create the Personal Access Token (PAT) needs to have at least Maintainer access to the Group or Project where DryRun Security will run.

Generating the Personal Access Token

  1. Log in to gitlab.com
  2. Navigate to https://gitlab.com/-/user_settings/personal_access_tokens (opens in a new tab)
  3. Under Personal Access Tokens click Add new token
  4. Add Token name and select api and read_user scopes
  5. Click Create personal access token
  6. Copy the token and save for later use
  7. Verify that the user that created the PAT has access to the Group where DryRun Security will be installed. The User should have at least Maintainer access to the Group. Add the User if necessary.

Done! The Personal Access Token can be used to install DryRun Security

Install DryRun Security via the Dashboard

  1. Navigate to https://app.dryrun.security (opens in a new tab) and click the Log in with GitLab Button

  1. Authorize the DryRun Security OAuth Application

  1. Important: Choose the User or Group where DryRun Security will run from the User/Group Selector. This is usually a Group.

  1. Click the Add Token Button or navigate to Settings > GitLab

  1. Enter the Personal Access Token created earlier and click Save Token

  1. Verify the User/Group for the Installation and Click Confirm to Confirm API Access.

  1. Install on Projects by clicking + next to the Project and then click Save Projects

Activation

Your installation may be paused for up to 2 business days as we activate your account. We’ll notify you as soon as your account has been activated.

Once your account has been activated. You’ll see the “Installation Complete” message the next time you log in to the portal at https://app.dryrun.security (opens in a new tab).

Congratulations! Installation is complete.

*Note: At this point the DryRun Security application will run and analyze changes as code is committed to the Project(s).

Best Practices: Backgrounds in Natural Language Code Policies