Manage Targets
GitLab Issues
The GitLab Issues integration connects your ZeroThreat security findings with your team's development workflows in GitLab. This allows you to convert identified vulnerabilities into actionable issues within your GitLab projects, ensuring that security tasks are tracked and managed with the same efficiency as your other development work. By centralizing vulnerability management within GitLab, you can improve collaboration between security and development teams, ease remediation efforts, and maintain a clear view of your security posture directly within your development environment.
Prerequisites
Before you begin, make sure:
- Your target application is verified on ZeroThreat.
- You have a GitLab account with the appropriate permissions. At a minimum, you need a role of Maintainer or higher in the target project to create issues.
- You are logged into the correct GitLab account in your browser.
- Your target is associated with a professional plan (or any plan that supports Issue Tracking integrations) in ZeroThreat.
Step 1: Connect ZeroThreat to GitLab
- Navigate to the Targets (
.png)
) section in ZeroThreat. - Click the Continuous Integration (
.png)
) button for your desired target. - In the configuration drawer, click the Issue Tracking (
.png)
) section. - Locate GitLab and click Authorize.
.png)
A new browser tab will open for GitLab authorization. Review the requested permissions and click Authorize. You may be asked to complete multi-factor authentication if you have it enabled on your GitLab account.
.png)
Once authorized, you will be redirected back to your ZeroThreat dashboard.
Note: On the GitLab side, ZeroThreat will now be listed as an authorized application in your profile. You can manage or revoke access at any time by navigating to User Settings > Applications in your GitLab account.
Step 2: Create GitLab Issues from a Scan Report
Once GitLab is connected:
- Go to the Scans (
.png)
) section in ZeroThreat. - Open any completed scan report.
- Click the GitLab Issues (
.png?alt=media&token=36c361a0-6acf-4493-82ad-6a5ba860fa20)
) button at the top of the report. - A GitLab integration popup will appear with configuration options.
Step 3: Configure GitLab Issue Settings
In the GitLab Issue popup:
- Project: Select the GitLab project where you want to track vulnerabilities.
- Include Group Resources (optional): Toggle this if you need to browse projects across different groups or subgroups you have access to.
- Click Submit to save your selections.
.png)
Step 4: Create Issues for Vulnerabilities
- In the scan report, select the vulnerability you want to create a GitLab Issue for.
- Click on Create Issue (
.png)
) button. - ZeroThreat will generate individual GitLab issues for each finding under that vulnerability.
.png)
All findings are immediately pushed to GitLab and can be tracked from either platform.
You can only create an Issue for one vulnerability at a time. This is designed to prevent cluttering your GitLab issue boards and allows your team to focus on a specific set of related findings.
Step 5: View and Manage Issues in GitLab
- Go to Created Issues in ZeroThreat to see all GitLab issues created for that scan.
.png)
- Click any issue to open it directly in GitLab. Each GitLab issue includes:
- A detailed description of the vulnerability
- HTTP request and response headers
- Evidence (such as vulnerable parameters, payloads, or proof of concept)
- A link back to the full scan report in ZeroThreat
.png)
The integration uses two specific labels for syncing: ZeroThreatAI and a unique ZT-ID (e.g., ZT-MDWSAU027854). Do not remove these labels, as they are essential for the bi-directional sync to function. You can, however, add your own labels like security, bug, or priority::high to organize and filter issues within GitLab's boards and lists.
Step 6: Bi-directional Comment Sync
Collaborate without switching platforms:
- Leave comments on the GitLab issue—these will automatically appear in the corresponding vulnerability in ZeroThreat.
- Add comments from within ZeroThreat—they will be synced back to the GitLab Issue.
.png)
Comments synced from ZeroThreat to GitLab will be posted by the GitLab user who originally authorized the integration.
Step 7: Monitor Issue Status in ZeroThreat
To view the current status of the issues you created:
- Open the same scan report where you initially generated the GitLab issues.
- Click the GitLab Issue () button again and select the same project.
- You’ll see the latest details for each issue, including assignees and the current status—OPEN or CLOSED—which directly mirrors the issue status in GitLab.
.png)
This provides a central, security-focused view of your development team’s progress on remediation.
Best Practices
- Create GitLab issues only for validated, high-priority vulnerabilities to avoid noise.
- Use GitLab Issue Boards: After creating issues from ZeroThreat, use GitLab's Issue Boards to visualize the remediation workflow. You can create columns like
To Do,In Progress,In Review, andDoneto track the progress of security fixes. - Assign Issues to Milestones: To align remediation with your development schedule, assign the created issues to specific GitLab Milestones. This helps ensure that critical vulnerabilities are addressed within the relevant sprint or release cycle.
- Leverage Assignees: Once an issue is in GitLab, assign it to the relevant developer or team member directly within the GitLab UI to establish clear ownership for the fix.
- Filter by Label: Use the
ZeroThreatAIlabel in GitLab to create dedicated views or board filters that show only the security vulnerabilities identified by ZeroThreat.
You’re all set with GitLab Issues.
Head over to our guide on Reviewing Scan Reports to learn and analyze different sections of the scan report.