Documentation Index
Fetch the complete documentation index at: https://docs.corridor.dev/llms.txt
Use this file to discover all available pages before exploring further.
GitLab Integration
Corridor integrates with GitLab to import your repositories, scan code for security vulnerabilities, and generate guardrails tailored to each project. When merge requests are opened or updated, Corridor automatically reviews the changes and posts findings directly on the MR.What you get
- Automated MR reviews: Every merge request analyzed for security vulnerabilities
- Inline comments: Findings posted directly on the affected code lines
- Finding tracking: Issues persist and track through remediation
- Guardrail generation: Security guardrails tailored to your project’s stack
Prerequisites
- A Corridor account with admin access to your team
- A GitLab account with access to the group containing your repositories
Connecting GitLab.com
Authorize Corridor
You’ll be redirected to GitLab to authorize Corridor. Review the permissions and click Authorize.
Connecting a Self-Hosted GitLab Instance
Self-hosted GitLab instances require you to create an OAuth application on your GitLab instance so that Corridor can authenticate with it.Contact Corridor to whitelist your domain
Email support@corridor.dev with your self-hosted GitLab instance URL (e.g.,
https://gitlab.yourcompany.com). The Corridor team will whitelist your domain so the integration can communicate with your instance.Create an OAuth application on your GitLab instance
Go to your GitLab instance’s Admin Area → Applications (
https://gitlab.yourcompany.com/admin/applications/new) or User Settings → Applications (https://gitlab.yourcompany.com/-/user_settings/applications) and create a new application with:- Name:
Corridor Security - Redirect URI:
https://app.corridor.dev/api/auth/gitlab/callback - Confidential: Checked
- Scopes:
api
Connect from Corridor
In the Corridor dashboard, go to Teams and click Connect GitLab (Self-Hosted). Enter your GitLab instance URL, the Application ID, and the Secret from the previous step.
Authorize Corridor
You’ll be redirected to your GitLab instance to authorize Corridor. Review the permissions and click Authorize.
Permissions
Corridor requests theapi scope from GitLab. This scope is used for both read operations and to set up automated security reviews on your merge requests. Here’s what that access covers:
| Resource | Usage |
|---|---|
| Groups | List available groups during setup |
| Projects | List repositories in your group for import |
| Repository code | Clone and scan code for security analysis |
| Webhooks | Register per-project webhooks to trigger security reviews on merge requests |
| Merge requests | Read MR diffs for security review and post review comments with findings |
| Project access tokens | Create a bot token per project (“Corridor Security”) to post MR comments |
GitLab does not offer granular OAuth scopes for these individual operations, so
api is the minimum scope required. OAuth tokens are encrypted at rest and automatically refreshed when they expire. Corridor does not store your source code beyond what is needed for analysis.Importing repositories
Troubleshooting
Reviews not appearing
- Verify GitLab is connected in your team settings
- Check that the project was imported from GitLab (not added manually)
- Verify the webhook is registered on the GitLab project:
- Go to your GitLab project → Settings → Webhooks
- Look for a Corridor webhook
- Check Recent events for delivery failures
Permission errors
- Reconnect GitLab from Teams settings
- Ensure your GitLab user has at least Maintainer access to the project
- Verify the project belongs to the connected GitLab group
Webhook delivery failures
- Go to the GitLab project → Settings → Webhooks
- Find the Corridor webhook and click Edit
- Check Recent events for HTTP errors (4xx, 5xx)
- If persistent, contact support@corridor.dev
Next steps
PR Reviews
Learn more about automated reviews
Guardrails
Configure security guardrails for your project