Overview

Scrut integrates with GitLab via secure API authentication to automatically ingest repository data, user accounts, and change management activity. The integration runs automated tests to verify MFA enforcement, account-to-user associations, timely deprovisioning of accounts when personnel leave, repository visibility set to private, and proper review of application changes. With GitLab repositories also added to Scrut’s Asset Management module, organizations gain centralized visibility into repo ownership, monitoring status, and critical data handling. By syncing this evidence directly into Scrut’s GRC platform, the integration eliminates manual checks, strengthens source code security, and ensures audit-ready compliance.

Why Connect

• Prove repo MFA enforcement, visibility, and reviewer separation
• Provide auditors with centralized change management and ownership evidence
• Eliminate manual repo compliance checks with automated tests.

Supported Automated Tests

Scrut provides pre-built automated tests for Gitlab. Here are a few examples of Scrut’s Gitlab tests:

• Access reviews completed for all in-scope applications
• Gitlab accounts associated with users
• Gitlab accounts deprovisioned when employees leave

Supported Automated Evidence

Scrut automates the collection of some evidences for Gitlab. Here are a few examples of Scrut’s Gitlab-driven evidences that can be collected:

• Code Repository Branch Protection Settings
• Code Repository Server for Software Code Maintenance
• Code Review Results and Action Items
• Custom Code Review Prior Release
• Enabled Multi-Factor Authentication
• Offboarding - Logical Access & Physical Access Revocation
• Reports of User Access Reviews
• User Access Approval list to Application, Infrastructure and Service