GitLab self-managed

Step 1: Create a Bearer API token

  1. 1.
  2. 2.
    Go to Settings
  3. 3.
    Select API Tokens
4. Generate a token for the Broker
5. Copy and keep safe the token you generated, you will need it later in the configuration file.
You can't display a generated token twice. If you haven't saved it, you will need to generate a new one and revoke the one you lost.

Step 2: Create a GitLab personal access token

For Bearer to perform the required actions, the user account creating the personal access token needs the role Guest (or higher) on the projects you wish to scan.
The Bearer Broker acts on behalf of the user account who created the personal access token. We recommend that you create a dedicated Service Account for Bearer and invite it to all the projects you wish to scan with the role Guest (or higher).
Create a personal access token 👇
Select the scopes: api read_repository

Step 3: Deploy the Broker

We recommend 1 vCPU and 1 GB of RAM to run one Broker.
You can speed up the scan of your repositories by deploying multiple brokers. We support up to 100 simultaneous brokers.

Method 1: docker-compose.yml

A Docker image is available on Docker Hub: bearersh/broker:latest
version: "3"
image: bearersh/broker:latest
- BEARER_TOKEN=<your-bearer-token>
- GITLAB_TOKEN=<your-gitlab-token>

Method 2: helm

$ helm install --set BEARER_TOKEN=<your-bearer-token> \
--set GITLAB_BASE_URL=<your-gitlab-instance-url> \
--set GITLAB_TOKEN=<your-gitlab-token> \
--repo \
bearer-broker bearer-broker