Introducing StackHawk’s GitLab Integration: Unlock Full API Discovery for Your Code

We’re excited to share that StackHawk’s API Discovery feature now integrates seamlessly with GitLab! With this new addition, teams using GitLab can automatically uncover their APIs, microservices, and web applications and bring them under continuous security testing. Whether you’re on GitLab SaaS (Premium or Ultimate) or using a self-managed GitLab instance that’s publicly accessible, our new integration enables you to easily inventory and secure your API Attack Surface.

Why GitLab + StackHawk?

• Automated Discovery: Instead of manually sifting through repositories, StackHawk analyzes your GitLab repositories to identify running testable applications and APIs, ensuring nothing goes unnoticed.
• AI-Driven Insights: Accelerate your vulnerability protection with the power of AI, providing context and prioritization so you know where to focus your remediation efforts first.
• Repository Insights: Beyond just finding endpoints, StackHawk offers commit history and framework details, giving security and development teams deeper visibility to plan tests effectively.
• Enterprise-Ready: Available on the StackHawk Enterprise Plan, this integration is designed to tackle large or complex codebases with ease.

“StackHawk’s API discovery notified us of a new repository within two minutes of commits being pushed and gave us an indication that it’s a testable API with a postman collection in it. That’s more than enough for us to start a conversation with the developer to understand how we can get that under test.”

Importance of a Complete Attack Surface View

Modern applications often span multiple repos, microservices, and code bases. By connecting GitLab to StackHawk:

• You gain a unified view of every Application and API across all your teams and projects.
• You can shift security left by identifying vulnerabilities early, right at the code repository level.
• You enable DevSecOps collaboration, with security directly integrated into developer workflows.

We now Support ALL the Major Source Code Management Systems

If GitLab isn’t your only code platform—no worries. Our coverage expands across GitHub, Microsoft Azure, and Bitbucket too. No matter where your code lives, StackHawk has you covered.

Getting Started

Getting up and running is a snap:

1. Create a GitLab Group Access Token with the read_api scope.
2. Connect Your Group in StackHawk’s Integrations page.
3. Configure which repos to monitor on StackHawk’s Attack Surface screen.
4. Sit back as we discover your APIs and alert you to new endpoints and potential vulnerabilities!

Final Thoughts

Security can’t wait until after code is deployed. With StackHawk’s GitLab API Discovery integration, you no longer have to guess if you’re testing the entire application and API footprint. Try it out and see how you can proactively protect your APIs from the earliest phases of development through production.

Ready to Secure Your GitLab Repos?Visit our API Discovery page or login to StackHawk to connect your GitLab instance today!