Required permissions and roles
There are two ways to integrate Snyk with GitLab, either via our Broker, or directly. Our Broker enables organizations to integrate from within their private network. This article describes the permissions needed for direct integration (when Broker is not implemented).
To integrate with GitLab, as a Snyk admin user or as a member of the organization, generate a personal access token enabling the api scope for access.
This scope enables:
- Snyk to authenticate user accounts and to create webhooks, which are necessary for automating fix pull requests and Snyk test on your pull requests
- Continuous write access to enable the Snyk organization users to manually trigger creation of fix pull requests
- Continuous read access enabling Snyk to monitor your projects and enabling you and the organization’s other members to manually re-trigger tests.
When the first user in a Snyk organization (a Snyk admin account user) sets up an integration with a GitLab personal token, the token is authenticated with GitLab, enabling Snyk access to the repositories in that account. Thereafter, all users in that Snyk organization can add and work with any related projects.