Skip to main content

GitLab Cloud


Checkmarx One supports GitLab integration, enabling automated scanning of your GitLab projects whenever the code is updated. Checkmarx One’s GitLab integration listens for GitLab commit events and uses a webhook to trigger Checkmarx scans when a push, or a pull request occurs. Once a scan is completed, the results can be viewed in Checkmarx One.

In addition, for pull requests, a comment is created in GitLab, which includes a scan summary, list of vulnerabilities and a link to view the scan results in Checkmarx One.


This integration supports both public and private git based repos.

The integration is done on a per project basis, with a specific Checkmarx One Project corresponding to a specific GitLab repo.


You can select several repos to create multiple integrations in a bulk action.


  • The source code for your project is hosted on a GitLab repo.

  • You have a Checkmarx One account and have credentials to log in to your account.

  • The GitLab user has Maintainer or Owner privileges for this Project, see Code Repository Integrations.

Setting up the Integration and Initiating a Scan

To integrate your GitLab organization with Checkmarx One, perform the following:

  1. In the Applications and Projects home page, click on New > New Project - Code Repository Integration.


    The Import From window opens.

  2. Select Cloud-hosted > GitLab.

  3. Upon initial log in, approve GitLab account authorization request via Checkmarx One.

    Click Authorize.

  4. Sign in to GitLab using one of the following options:

  5. Select the GitLab User/Organization or Group (for the requested repository) and click Select Organization.

  6. Select the Repository inside the GitLab organization and click Next.


    • A separate Checkmarx One Project will be created for each repo that you import.

    • There can’t be more than one Checkmarx One Project per repo. Therefore, once a Project has been created for a repo, that repo is greyed out in the Import dialog.

  7. In the Repositories Settings screen, configure the following and click Next.

    • Permissions:

      • Scan Trigger: Push, Pull request - Enable/disable automatic scans for every push event or pull request.

    • Scanners: Select the scanners for All/Specific repositories. At lease 1 scanner must be selected for each repository.

    • Protected Branches: Select which Protected Branches to scan for each repository.


      For additional information about Protected Branches see About Protected Branches

    • Add SSH key.

    • Assign Groups: Specify the Groups to which you would like to assign the project.

    • Assign Tags: Add Tags to the Project. Tags can be added as a simple strings or as key:value pairs.

    • Set Criticality Level: Manually set the project criticality level.

  8. Select which Protected Branches to scan for each Repository and click Next.


    For additional information about Protected Branches see About Protected Branches

  9. In the Advanced Options screen it is possible to select Scanning the default branch upon the creation of the Project.

    Click Create Project.

  10. The Project is successfully created in the Applications and Projects home page, and the scan is initiated.



    In order to update the scanners see Imported Project Settings

Updating Project Settings

See Imported Project Settings.