Coming Soon

GitLab integration

Q: Is the GitLab integration available now?

Not yet — it's in active development. Add your email on this page and we'll notify you the moment it ships.

Q: Does it work with self-managed GitLab, not just GitLab.com?

That's the plan. The integration will authenticate with a standard project or group access token and target your instance URL, so self-managed and self-hosted GitLab will be supported alongside GitLab.com.

Q: Will it spam my project with issues?

No. You control which severities get filed, findings are deduplicated so a recurring exposure updates the existing issue instead of opening a new one, and lower-severity findings can stay in FortWatch rather than hitting your board.

DevOps & CI/CD

GitLab is where DevOps teams plan, review, and ship code — so it's also the right place to put external exposures in front of the people who can fix them. The FortWatch GitLab integration (currently in development) will turn every new finding from your continuous external scans into a tracked GitLab issue on the right project, complete with severity, the affected asset, and a remediation path — closing the loop between "FortWatch found an exposure" and "an engineer owns it."

Get notified All integrations

New alert in GitLab

Criticaljust now

Exposed Redis on 203.0.113.10:6379

Unauthenticated database reachable from the internet.

View finding & step-by-step fix →

Delivered in < 1 minute

How it works

GitLab + FortWatch

FortWatch connects to GitLab.com or a self-managed GitLab instance using a project (or group) access token scoped to the api permission — no broad personal credentials required. When a scan completes and a new issue is detected, FortWatch calls GitLab's Issues REST API to open an issue on the project you map, setting a title, a Markdown body with the finding details, and labels like security and severity::critical. You choose which FortWatch project maps to which GitLab project, and which severities get filed. As findings move through their lifecycle, FortWatch keeps GitLab in sync — adding a comment when a finding's severity changes on re-detection and closing the issue when a later scan confirms the exposure is remediated, so your board reflects reality without manual triage. For teams that want findings inside merge-request and pipeline workflows, a planned GitLab CI/CD component will let FortWatch results surface in the pipeline and (where supported) in GitLab's Security Dashboard via the standard security report artifact format.

FortWatch scans

Eleven scanners watch your external attack surface around the clock — ports, certs, DNS, cloud buckets, exposed files and more.

AI triages the finding

Each issue is scored by real-world impact and packaged with the affected asset and a one-line explanation of the risk.

Delivered to GitLab

The finding lands in GitLab, routed by severity — so the right people see the right alert, fast.

Capabilities

What you'll be able to do

Everything the GitLab integration will bring to your security workflow.

Auto-file findings as issues

a new critical — an exposed Redis port or a public storage bucket — opens a GitLab issue on the owning project the moment a scan detects it, already labeled with severity.

Severity-based filing

file only criticals and highs as issues while lower-severity findings stay in FortWatch, so your GitLab board doesn't fill with noise.

Project routing

map each FortWatch asset group to the GitLab project that owns it, so findings land with the team responsible for the fix.

Two-way lifecycle sync

FortWatch comments on the issue when a finding's severity changes and closes it automatically once a later scan confirms remediation.

Pipeline security gates

a planned CI/CD component lets FortWatch surface external-surface findings in merge-request pipelines, so a known exposure is visible before the next deploy.

Security Dashboard feed

where supported, ship findings in GitLab's security report format so external exposures appear alongside SAST and DAST results in one view.

In practice

What an alert looks like

Every finding arrives formatted for GitLab — severity up front, the affected asset, and a one-line explanation of why it matters, with a link straight to the step-by-step fix.

Severity-tagged and color-coded
The exact asset and port affected
One click to the full finding & remediation

GitLab

GitLab Issue · #FW-482  [security] [severity::critical]\n\nTitle: Exposed Redis (unauthenticated) on cache-prod-1 — 203.0.113.10:6379\n\nFortWatch detected an unauthenticated Redis instance reachable from the public internet.\nAnyone on the network can read, modify, or wipe the dataset and may be able to take over the host.\n\n- Asset: cache-prod-1 (203.0.113.10)\n- Port / service: 6379 / redis\n- Severity: Critical\n- First detected: 2026-06-07 14:02 UTC\n\nRemediation: bind Redis to localhost or a private interface, enable requirepass / ACLs, and\nrestrict 6379 with a firewall rule. → View full finding and step-by-step fix in FortWatch

Setup

Set it up in minutes, once it lands

No agents, no infrastructure changes — just connect GitLab and choose where alerts go.

When it launches, open Settings → Integrations in FortWatch and connect GitLab (GitLab.com or your self-managed URL).

Create a project or group access token in GitLab with the api scope and paste it into FortWatch.

Map each FortWatch asset group to the GitLab project that should receive its issues.

Choose which severities get filed as issues and which labels to apply (for example security and severity::critical).

Trigger a test finding to confirm the issue, labels, and formatting look right, then enable it.

Why route FortWatch into GitLab?

External exposures don't get fixed because they're in a dashboard — they get fixed because they're an issue assigned to an engineer in the tool they already work in. Filing FortWatch findings directly into GitLab puts every exposed database, expiring certificate, or public bucket on the same board as the rest of your engineering work, with the severity and context needed to triage it. And because FortWatch closes issues automatically when a scan confirms the fix, your board stays an accurate picture of your live attack surface instead of a backlog of stale tickets.

FAQ

Frequently asked questions

Is the GitLab integration available now?

Not yet — it's in active development. Add your email on this page and we'll notify you the moment it ships.

Does it work with self-managed GitLab, not just GitLab.com?

That's the plan. The integration will authenticate with a standard project or group access token and target your instance URL, so self-managed and self-hosted GitLab will be supported alongside GitLab.com.

Will it spam my project with issues?

No. You control which severities get filed, findings are deduplicated so a recurring exposure updates the existing issue instead of opening a new one, and lower-severity findings can stay in FortWatch rather than hitting your board.