Skip to main content
All CollectionsIntegrations
Gitlab Setup
Gitlab Setup

Organizations: Sync information between your HackerOne report and your Gitlab issue

Updated today

You can integrate with GitLab to sync information between your HackerOne report and your Gitlab issue.

Before configuring the integration on HackerOne, you will need to set up an OAuth 2.0 application for your GitLab instance. You can find step-by-step instructions on the GitLab documentation site: https://docs.gitlab.com/ee/integration/oauth_provider.html.

Use the following settings for the application:

Name

HackerOne

Redirect URI

https://hackerone.integration-authentication.com/oauth2/token

Confidential

Checked

Scopes

API

After creating the new application, you will receive an Application ID and Secret. Make sure to store them somewhere safe.

To set up the integration with GitLab on HackerOne:

  1. Go to Program Engagement > Settings > Automation > Integrations.

  2. Click the Connect with GitLab link.

  3. Click the Set up new integration button.

  4. Enter the Name and Description for your new integration and click Next.

  5. Click on New authentication, enter the Client ID and Client secret you were provided with after creating the OAuth 2.0 application in GitLab, and enter the Instance URL (without https://). Then click Create.

  6. Click on Authorize HackerOne in the popup window.

  7. If you use a self-hosted GitLab server rather than Gitlab.com, please update the Base URL. Click Next to finalize the setup between HackerOne and your GitLab instance.

  8. In the GitLab project window, configure which GitLab project you'd like to escalate HackerOne reports to and click Next.

  9. Select the HackerOne fields you want to map to the corresponding GitLab fields. Alternatively, enter any text using integration variables. By default, the Title and Description fields are configured. Optionally, you can configure a default Epic or Milestone (enter the global ID of the epic/milestone) or mark the created issue as confidential (true).

  10. Click Next.

    • Note: You can also manually set the mapping to a single field or combination of fields from the integration variables.
      Example: {{triage_summary}} \\ Link: {{report_link}} \\ Date: {{submission_date}} \\ Reporter: {{reporter_name}} \\ Weakness: {{weakness}} would create a combination of the triage summary, a link to the report, the submission date, the reporter's name, and the weakness of their report and map that to a single field.

    • Note: Syncing activities back to HackerOne will not work when issues are marked as confidential.

  11. (Optional) Select the GitLab labels you want to map to the corresponding HackerOne Severities. This enables setting the right labels when escalating a HackerOne report to GitLab. Click Next.

  12. (Optional) You can add an intro text to the issue description or include a Hai-generated summary as the first comment. Click Next to continue.

  13. (Optional) Automatically set the due date for the issue depending on the report's severity. You can configure it for every severity or when no severity has been set. The due date is calculated in days from the moment the report was triaged. Click Next.

  14. (Optional) Select which GitLab events you'd like to post onto HackerOne in the Select GitLab to HackerOne events window. You can choose from:

    • Comment added: Post an internal comment when someone comments on an issue.

    • State changes: Post an internal comment when an issue changes status.

    • If you choose to enable one of the events, you need to set up a webhook.

      • In GitLab, on the left sidebar, select Search or go to and find your project, which you configured in step 8.

      • Select Settings > Webhooks.

      • Select Add new webhook.

      • In URL, enter the URL of the webhook endpoint shown.

      • Enter a Name and Description for the webhook. (optional)

      • In Secret token, enter the token configured to validate requests.

      • In the Trigger section, select Comments and Issues events.

      • Click Add webhook.

  15. (Optional) Select which actions in HackerOne you'd like to post to GitLab in the Select HackerOne to GitLab events window. You can choose from:

    • Comments: Post an update on the associated GitLab issue when someone comments on a report.

    • State changes: When someone changes the state of a report, post an update on the associated GitLab issue.

    • Rewards: When someone awards or suggests a bounty and/or bonus, post an update on the associated GitLab issue.

    • Assignee changes: Post an update on the associated GitLab issue when someone assigns a user/group to a report.

    • Disclosure: Post an update on the associated GitLab issue when disclosure is requested or a report becomes public.

    • Close GitLab issue: When someone closes the report, close the associated GitLab issue.​

  16. Click Finish. Once the screen disappears, click Enable to enable the integration.

You're all set! Now that you've finished setting up the GitLab integration, you can create GitLab issues right from your HackerOne report.

Related Articles
Jira Setup
ClickUp Setup
GitHub Integration
GitLab Integration
Linear Integration
Did this answer your question?