Ctrlk
Changelog NotificationsAPIAikido login

GitLab Premium, Ultimate & Server: MR Scans Setup

Publish MR scan results and comments for issues from Aikido. No pipeline code needed.

This setup is meant for GitLab Premium, GitLab Ultimate, or GitLab Server.

Service Accounts are available on these plans. They’re the recommended way to run MR scans.

If you’re on GitLab Free, use the user-based setup instead.

Set up GitLab MR scanning

1

Create a dedicated Service Account

In GitLab, go to GroupSettingsService accounts.

Select Add service account.

Set a Name and Username:

  • Name: Aikido Security

  • Username: AikidoSec

  • Select Create.

Use this account only for Aikido.

2

Create an Access Token

On the service account select the vertical ellipsis → Manage access tokens.

GitLab Service Accounts overview

Add a new token:

  • Name: for example Aikido Scans

  • Expiration date: Set an expiry date that matches your rotation policy

  • Scopes: api

3

Save the token

Copy the token now. GitLab won’t show it again.

You’ll paste it into Aikido in step 6.

4

Invite the account to your group(s)

Go to Groups in GitLab.

For each group you want to enable, open the group.

Go to ManageMembersInvite members.

Invite the service account.

Give it at least Maintainer access.

5

Enable the integration

In Aikido, open the Integrations page. Then select GitLab CI under MR Quality Gating.

6

Paste the access token

Paste the token you created in step 3.

Click Update token.

Aikido validates group access and required permissions.

7

Configure your first repository

After authorization, Aikido opens the GitLab MR Checks page.

Start with one repository first. Confirm everything works before rolling out broadly.

8

Verify with a new MR

Open a new merge request (MR) in the repo you configured.

Then confirm the checks run in the Pipelines tab.

Comments should appear as the service account. For example, @AikidoSec.

9

Require the scan to succeed

If you want to block merging until the scan succeeds, configure merge checks in GitLab.

In GitLab, go to [Repository]SettingsMerge Requests. Enable the check Pipelines must succeed.

10

Enable for all repositories

Once you’re happy with the results, go back to the GitLab MR Checks page and enable checks for the rest of your repositories.

11

Set the default for new repositories

In the top-right, open Actions and select Set Default for New Repos and enable automatic configuration for newly added repositories in the future.

Need the UI walkthrough? See Default PR/MR gating configuration for new repositories.

Ignore issues directly from MR comments

When Aikido posts an inline MR comment for a finding, you can ignore that issue directly from GitLab by replying to the comment with:

@AikidoSec ignore: [your reason to ignore]

Example:

@AikidoSec ignore: This secret is used for tests only.

Replace @AikidoSec with the username of the service account you created in step 1 if it differs.

This performs the same action as manually ignoring the issue in the Aikido platform:

  • The issue is marked as ignored in Aikido.

  • The ignore reason is stored.

  • MR gating can turn green once all blocking issues are resolved or ignored.

Last updated

Was this helpful?