Skip to main content

GitLab Integration

Corridor integrates with GitLab to import your repositories, scan code for security vulnerabilities, and generate guardrails tailored to each project. When merge requests are opened or updated, Corridor automatically reviews the changes and posts findings directly on the MR.
The GitLab integration is currently in beta. To enable it for your organization, contact the Corridor team at support@corridor.dev.
The integration currently supports GitLab.com only. Self-hosted GitLab instances are not supported at this time.

What you get

  • Automated MR reviews: Every merge request analyzed for security vulnerabilities
  • Inline comments: Findings posted directly on the affected code lines
  • Finding tracking: Issues persist and track through remediation
  • Guardrail generation: Security guardrails tailored to your project’s stack

Prerequisites

  • A Corridor account with admin access to your team
  • A GitLab.com account with access to the group containing your repositories

Connecting GitLab

1

Start GitLab connection

In the Corridor dashboard, go to Teams and click Connect GitLab.
2

Authorize Corridor

You’ll be redirected to GitLab to authorize Corridor. Review the permissions and click Authorize.
3

Select a GitLab group

After authorization, select the GitLab group containing the repositories you want to monitor.
Only one group can be connected per team. If you need to change groups later, you’ll need to disconnect and reconnect.

Permissions

Corridor requests the api scope from GitLab. This scope is used for both read operations and to set up automated security reviews on your merge requests. Here’s what that access covers:
ResourceUsage
GroupsList available groups during setup
ProjectsList repositories in your group for import
Repository codeClone and scan code for security analysis
WebhooksRegister per-project webhooks to trigger security reviews on merge requests
Merge requestsRead MR diffs for security review and post review comments with findings
Project access tokensCreate a bot token per project (“Corridor Security”) to post MR comments
GitLab does not offer granular OAuth scopes for these individual operations, so api is the minimum scope required. OAuth tokens are encrypted at rest and automatically refreshed when they expire. Corridor does not store your source code beyond what is needed for analysis.

Importing repositories

1

Open the Projects page

Navigate to Projects and click New Project.
2

Select GitLab as the source

Select the GitLab Repository tab.
3

Choose a repository

Choose a repository from the list, or paste a GitLab repository URL directly.
4

Wait for setup

Corridor will register a webhook on the project, scan the repository, and generate security guardrails.

Troubleshooting

Reviews not appearing

  1. Verify GitLab is connected in your team settings
  2. Check that the project was imported from GitLab (not added manually)
  3. Verify the webhook is registered on the GitLab project:
    • Go to your GitLab project → Settings → Webhooks
    • Look for a Corridor webhook
    • Check Recent events for delivery failures

Permission errors

  1. Reconnect GitLab from Teams settings
  2. Ensure your GitLab user has at least Maintainer access to the project
  3. Verify the project belongs to the connected GitLab group

Webhook delivery failures

  1. Go to the GitLab project → Settings → Webhooks
  2. Find the Corridor webhook and click Edit
  3. Check Recent events for HTTP errors (4xx, 5xx)
  4. If persistent, contact support@corridor.dev

Next steps

PR Reviews

Learn more about automated reviews

Guardrails

Configure security guardrails for your project