Configure GitLab access
Threat Dragon can be run as a web application and if GitLab repository access is required then some configuration is needed for the necessary environment variables. The GitLab specific environment variables are listed at the end of this page, other variables are described in the installation instructions.
GitLab repository access
Most of steps are the same as the GitHub configuration but there are some parts that are different:
- Web App GitLab Access
- Environment variables
1. Web App GitLab Access
It is recommended to follow the gitlab official guide to set up the OAuth Application.
The recommended configuration is similar to below:
- Redirect URI:
{BaseURL of your Threat Dragon Instance}/api/oauth/return - Scopes: Check
read_user read_repository write_repository profile read_api api
Other options like Trusted are according to personal preference.
From the OAuth Application you will get Application ID and Application Secret,
which are used for the environment variables below.
2. Environment variables
The Application ID obtained from the Gitlab OAuth Application is used for GITLAB_CLIENT_ID,
and the Application Secret used for GITLAB_CLIENT_SECRET.
The GITLAB_REDIRECT_URI environment variable follows
the pattern {BaseURL of your Threat Dragon Instance}/api/oauth/return,
for example <URL of Threat Dragon app>/api/oauth/return
The GITLAB_SCOPE is set to the scope of permissions allowed for the Threat Dragon application,
for example api provides maximum scope and read_user read_repository write_repository profile read_api
provides a more restricted set of permissions.
The GITLAB_HOST is set to the base URL of the GitLab instance.
If you’re using the official GitLab instance do not set this variable or set it to https://gitlab.com/.
An example set of environment variables to support GitLab access :
GITLAB_CLIENT_ID=00112233445566778899aabbccddeeff
GITLAB_CLIENT_SECRET=gloas-deadbeef0123456789abcdefdeadbeef
GITLAB_SCOPE=read_user read_repository write_repository profile read_api
GITLAB_REDIRECT_URI=http://threat-dragon-instance/api/oauth/return
GITLAB_HOST=http://gitlab-instance
Clearly these values shown here are not to be used for a real application, they are merely for illustrative purposes.
If Threat Dragon is successfully configured for GitLab access then the ‘Login with GitLab’ button is made visible.
Refer to the the GitHub configuration guide for a similar example of setting up Github step by step.
GitLab environment variables
| GitLab specifics | Description | Default |
|---|---|---|
GITLAB_CLIENT_ID |
The ‘Application ID’ provided by the Gitlab OAuth app used for authentication | |
GITLAB_CLIENT_SECRET |
The ‘Application Secret’ generated by the Gitlab OAuth authentication app | |
GITLAB_SCOPE |
The scope provided to the Gitlab OAuth app | read_user read_repository |
GITLAB_HOST |
The URL of Gitlab server, for example https://gitlab.com/ |
|
GITLAB_REDIRECT_URI |
The redirect provided to the Gitlab OAuth app | |
GITLAB_REPO_ROOT_DIRECTORY |
Optional path where saved models are stored in a Gitlab repo |
Threat Dragon: making threat modeling less threatening