# Code Scanning With a Personal Access Token

### ⚠️ Disclaimer

For **Gitlab Premium & Gitlab Ultimate** users we recommend using [Gitlab Service Accounts](https://help.aikido.dev/pr-and-release-gating/gitlab-mr-gating/gitlab-server-ci-mr-gating-via-aikido-dashboard-with-a-service-account-token). In case you would use this approach, make sure to setup an integration user that is called AikidoSec.

### Introduction

You can both use personal access or group tokens (Gitlab Premium required). Aikido will use these to perform the code scanning. You can update this token on [this page](https://app.aikido.dev/onboarding/gitlab/update-workspace-access-token).

### Creating a Personal Access or Group Access Token <a href="#creating-a-personal-access-token" id="creating-a-personal-access-token"></a>

Gitlab cloud supports several different personal access tokens, which all work the same way. We usually recommend to create a group PAT, but for Gitlab cloud this is only possible for premium customers.

1. Navigate to the **Token settings page**
   1. For a **group access token**: Go to you group page > Settings > Access Tokens<br>

      <figure><img src="https://3149773201-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyKbzcQGrx7UtrG0nPZZ7%2Fuploads%2FyqSMZ98TCnx4RaCWOBwb%2Fimage.png?alt=media&#x26;token=6da5ef04-a7f6-4e6e-ac69-a9346a8aa6bc" alt=""><figcaption></figcaption></figure>
   2. For a **personal access token**: Go to your profile page > User settings > Access Tokens
2. Click on "**Add new token**"
3. Enter a name for the token, remove the expiration date and select the **read\_api, read\_user and read\_repository** scope<br>

   <figure><img src="https://3149773201-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyKbzcQGrx7UtrG0nPZZ7%2Fuploads%2Fk7E9OtnoLgQOFdze1iMq%2FScherm%C2%ADafbeelding%202025-12-11%20om%2012.11.34.png?alt=media&#x26;token=8833dde6-ed95-4225-aa43-4eddea5f3a40" alt=""><figcaption></figcaption></figure>
4. Click on "**Create token**"
5. Copy the token and enter it into the input field on the update access token page of Aikido<br>

   <figure><img src="https://3149773201-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyKbzcQGrx7UtrG0nPZZ7%2Fuploads%2FUrQEqurtCGh5y4ZdSQFB%2FScherm%C2%ADafbeelding%202025-12-11%20om%2012.15.09.png?alt=media&#x26;token=69832055-017e-4d4e-8989-00e3061e206a" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/code-scanning/connect-your-source-code/connect-gitlab-account-to-aikido/code-scanning-with-a-personal-access-token.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.