GitLab Free: MR Scans Setup

Publish MR scan results and comments for issues from Aikido. No pipeline code needed.

This setup is meant for the GitLab Free plan, where Service Accounts aren’t available and a dedicated user is used instead.

If you’re on GitLab Premium, GitLab Ultimate or GitLab Server, use a Service Account instead of a user-based setup.

Set up GitLab MR scanning

Create a dedicated GitLab user

Create a dedicated user like AikidoSecurity[YourCompany]. Use it only for Aikido.

For easy recognition, use the Aikido logo as the profile picture.

Create a Personal Access Token

Go to Preferences → Personal access tokens.

Add a new token:

Name: for example Aikido Scans
Expiration date: Set an expiry date that matches your rotation policy
Scopes: api

Save the token

Copy the token now. GitLab won’t show it again.

You’ll paste it into Aikido in step 6.

Invite your Aikido user to your group

Log back in with your own GitLab account.

Go to Groups.

For each group you want to enable, open the group.

Go to Manage → Members → Invite members.

Invite the dedicated Aikido user.

Give it at least Maintainer access.

Enable the integration

In Aikido, open the Integrations page. Then select GitLab CI under MR Quality Gating.

Paste the Personal Access Token

Paste the token you created in step 3.

Click Update token.

Aikido validates group access and required permissions.

Configure your first repository

After authorization, Aikido opens the GitLab MR Checks page.

Start with one repository first. Confirm everything works before rolling out broadly.

Verify with a new MR

Open a new merge request (MR) in the repo you configured.

Then confirm the checks run in the Pipelines tab.

Comments should appear as the dedicated user. For example, @AikidoSecurity[YourCompany].

Require the scan to succeed

If you want to block merging until the scan succeeds, configure merge checks in GitLab.

In GitLab, go to [Repository] → Settings → Merge Requests. Enable the check Pipelines must succeed.

Enable for all repositories

Once you’re happy with the results, go back to the GitLab MR Checks page and enable checks for the rest of your repositories.

Set the default for new repositories

In the top-right, open Actions and select Set Default for New Repos and enable automatic configuration for newly added repositories in the future.

Need the UI walkthrough? See Default PR/MR gating configuration for new repositories.

Last updated 9 days ago

Was this helpful?

hashtagSet up GitLab MR scanning

hashtagCreate a dedicated GitLab user

hashtagCreate a Personal Access Token

hashtagSave the token

hashtagInvite your Aikido user to your group

hashtagEnable the integration

hashtagPaste the Personal Access Token

hashtagConfigure your first repository

hashtagVerify with a new MR

hashtagRequire the scan to succeed

hashtagEnable for all repositories

hashtagSet the default for new repositories