Skip to content

5. Play with GitLab Web API

Jump to bottom
Pierre-Yves Lapersonne edited this page Mar 9, 2022 · 1 revision

Play with GitLab web API

Prerequisites

  • Ruby Gem: git 1.8.1

  • Python3

  • Create a GitLab personal token and define it in the configuration.rb file for the GILAB_PERSONAL_ACCESS_TOKEN variable.

  • Define the GitLab organization id in the configuration.rb file for the GITLAB_ORGANIZATION_ID variable. It will allow to send requests to query and modify your organization.

Prepare project

gem install git

Features

Make a backup of organization repositories

Keywords: #organisation #GitLab #repositories #clones #dump

This feature allows to clone all repositories of the defined GitLab organization (groups and subgroups incldued) and save them in a specific folder.

Run the following command:

bash GitLabWizard.sh backup-all-repositories-from-org

This script will get configuation details picked from the Ruby configuration file; and triggers another Shell script to make a CURL request to the GitLab endpoint. A Python code will be called so as to extract repositories URLbefoire the cloning operation.

You need to define in the configuration.rb files the GitLab organisation ID at GITLAB_ORGANIZATION_ID. You have to also define the location to store clones at REPOSITORIES_CLONE_LOCATION_PATH and the access token at GILAB_PERSONAL_ACCESS_TOKEN.

You should also have your git environment ready, i.e. add your SSH private key if you clone by SSH for example.

Check if there are leaks in organisation repositories (using gitleaks)

Keywords: #organisation #GitLab #repositories #leaks #gitleaks

Warning: This operation can take long time because of both Git histories and file trees parsing

This feature allows to check in all repositories of the GitHub organisation if there are leaks using the gitleaks tool.

Run the following command:

bash GitLabWizard.sh look-for-leaks

This script needs a GitLab personal access otken to make requests to GitLab API and also the GitLab group ID to use to get projects under it. The wizard Shell script will pick configuration details from the Ruby configuration file ; and triggers another Shell script for the data process. A Python code will be called too to process JSON sent by GItLab API..

The gitleaks tool will be used to look inside the repository. To install it:

brew install gitleaks

You need to define in the configuration.rb files the GitLab organisation ID at GITLAB_ORGANIZATION_ID. You have to also define the location to store clones at REPOSITORIES_CLONE_LOCATION_PATH and the access token at GILAB_PERSONAL_ACCESS_TOKEN.

You should also have your git environment ready i.e. add your SSH private key if you clone by SSH for example. gh must be installed, and python3 be ready. Obviously gitleaks must be installed

Clone this wiki locally