Integrate with GitLab Peer Reviewer Assistant

Integrate with GitLab Peer Reviewer Assistant

Steps to configure the GitLab Peer Reviewer Assistant integration

This guide outlines the generalized steps for configuring the GitLab Peer Reviewer Assistant integration within the Fluid Attacks platform. This integration enables an automatic peer reviewer to analyze Merge Requests (MRs) in GitLab and add comments regarding security findings.

1. Initiate the integration within the Fluid Attacks platform

  1. Navigate to the Integrations section on the Fluid Attacks platform dashboard.
  2. Scroll down to locate the Gitlab Peer Reviewer Assistant card.
  3. Click the Use integration button on the card.

2. Connect the integration to an organization group

  1. A window titled "Choose the Group you want to connect to Gitlab Peer Reviewer Assistant integration" will appear.
  2. Select the specific group within your organization that contains the repositories you wish to scan.
  3. Click the Connect button next to your selected group.

3. Authorize the GitLab connection

  1. The authorization dialog "Connect to Gitlab Peer Reviewer Assistant" will open.
  2. Click the Authorize button.
  3. You will be redirected to GitLab for the OAuth authorization flow.
  4. Review the requested permissions and click the authorization button (e.g., "Authorize GitLab_smells") to grant Fluid Attacks access to your GitLab account.

4. Configure integration details

  1. Upon successful authentication, the "Configure integration" dialog will reappear in the Fluid Attacks platform.
  2. GitLab project: Select the specific GitLab project that will be monitored by the integration.
  3. Assignee: Select a user to be assigned to new issues created by the integration.
  4. Click the Update button to finalize the configuration.
  5. Confirmation: A success message, such as "Success! You updated the integration set," will confirm that the setup is complete.

Integration management and verification

Manage the connected integration

  1. Return to the Gitlab Peer Reviewer Assistant card and click Edit (or the corresponding management button) for the connected group.
  2. The "Manage Gitlab Peer Reviewer Assistant Integrations" window will display the connected repository and its details.
  3. From this screen, you can edit the configuration, disconnect the integration, or add a new integration for other repositories within the same group.
  4. Click Close to exit the management window.

Gitlab service hook verification (optional)

The integration automatically creates a WebHook in your selected GitLab repository. This hook is designed to activate the Peer Reviewer Assistant automatically upon a "Merge request updated" event, ensuring continuous security analysis when changes are made to an MR.
Idea
There is also a guide to integrate with Azure DevOps.