Skip to main content

GitLab

This article explains how Pensero connects to GitLab, what MR data it reads, and how admins can set up and manage repositories. It also outlines the metrics Pensero derives to support delivery analysis.

Written by Wayne

Overview

Pensero integrates with GitLab to read metadata from your Merge Requests (MRs), including descriptions, comments, and workflow events. This allows Pensero to understand what work is being delivered, how it flows through reviews, and how effort turns into outcomes, without ever accessing your actual code.

Pensero processes metadata only. Source code and diffs are never read or stored.

Admins can configure the GitLab integration from the Integrations section by following the steps below.

What Pensero Reads from GitLab

Pensero ingests metadata only to build an accurate picture of delivery.

From each Merge Request, Pensero reads:

  • Title and MR number: Identifiers of the contribution

  • State: Open, closed, draft, locked, or merged

  • Description: Context and intent of the change

  • Key timestamps: Creation, approval, merge, and closure

  • Author: Who opened the MR

  • Source and target branches: Branches involved in the merge

  • Related tickets: When the MR is linked to an issue or task

  • Change metrics: Number of files touched and lines changed (summary only)

Pensero never reads the actual code diff, only high-level metrics.

How Pensero Uses This Data

Merge Requests are one of the core building blocks of delivery.

Pensero combines MR metadata with related tickets, documents, and collaboration signals to understand:

  • What problem was being addressed

  • How complex the work was

  • How work moved through review and approval

Rather than counting activity, Pensero focuses on understanding delivery and workflow behavior.

From this data, Pensero derives insights such as:

  • Time to merge

  • Time to approve

  • Time to first comment

  • High-level change summaries (for Code Insights customers)

These signals help teams understand how work flows, where friction appears, and how delivery evolves over time.

How to Connect Your GitLab Repositories

Prerequisites

  • GitLab account with access to the projects you want to track

  • Owner or Maintainer role on those projects

First-Time Setup

Step 1 - Go to Integrations

Navigate to the Integrations section from the left sidebar, locate GitLab and click Connect.

Step 2 - Complete GitLab Authentication

Complete the authentication flow and authorize Pensero.

  • You must be a GitLab Group Owner to install the app.

  • Access permissions can be updated later from your GitLab App settings.

Approve the following permissions:

  • read_user: Read user profile information

  • read_api: Read-only access to the API

  • read_repository: Read repository data

Step 3 - Select Repositories

Choose the repositories you want to connect.

You must be an owner or admin of each repository.

After Connecting

Pensero will begin syncing merge requests, commits, and repository metadata immediately. Initial sync may take 30 to 60 minutes depending on repository size and history.

Adding new Repositories Later

Step 1 - Go to Integrations

Open the Integrations page.

Step 2 - Click “Manage GitLab”

This opens the GitLab management panel.

Step 3 - Select Additional Repositories

Choose the new repositories you want to connect.

How to Connect GitLab On-Premises / Self-Hosted GitLab

Pensero supports connecting to self-hosted GitLab instances in addition to GitLab.com.

This guide explains how to connect your GitLab instance to Pensero using either OAuth or a personal access token.

Prerequisites

Before you begin, make sure you have:

  • A running self-hosted GitLab instance

  • A GitLab instance that is either:

    • accessible from the public internet, or

    • configured with Pensero IP allowlisting

  • A GitLab account with the required permissions on the projects you want to track:

    • Owner or Maintainer role

  • Access to Pensero’s Integrations page

For OAuth setup, you may also need a GitLab administrator to create an OAuth application for the instance.

Step 1 - Go to Integrations

In Pensero, navigate to:

Make sure the URL matches the base URL of your self-hosted GitLab instance.

Step 3 - Complete Authentication

You can authenticate using either:

Option 1: Connect with OAuth

OAuth is recommended when your organization wants to authorize Pensero through a GitLab OAuth application.

Create a GitLab OAuth Application

In your self-hosted GitLab instance, go to: Admin → Applications → New application

  • Create a new application for Pensero

After the application is created, GitLab will show:

GitLab field

Enter in Pensero as

Application ID

Client ID

Secret

Client

In Pensero, select OAuth and enter:

  • GitLab instance URL

  • Client ID

  • Client secret

Then click Connect GitLab and complete the OAuth approval flow.

Option 2: Connect with a Personal Access Token

Use this option if your organization prefers token-based authentication instead of OAuth.

Create a Personal Access Token in GitLab

In GitLab, go to: User avatar → Edit profile → Access tokens

  • Create a new token for Pensero.

  • Suggested token name: Pensero Integration

Approve the following permissions:

Scope

Purpose

read_user

Read user profile information

read_api

Read-only access to the GitLab API

read_repository

Read repository data

Copy the token after creating it. GitLab may not show the token value again after you leave the page.

Step 4 - Select Repositories

After the connection is complete, choose the repositories you want Pensero to track.

In Pensero, go to: Integrations → GitLab → Manage → Search repos

Enable the repositories you want to include.

After Connecting

Pensero will begin syncing merge requests, commits, and repository metadata immediately. Initial sync may take 30 to 60 minutes depending on repository size and history.

How to Verify It Is Working

  1. Navigate to Integrations > GitLab > Manage and confirm that your GitLab projects are listed, Auto-Sync is enabled, there are no warnings, and the last sync date is recent.

  2. Run a health check from the integration card

Troubleshooting GitLab On-Premise 404 Errors

If you're seeing 404: Not Found errors when Pensero attempts to sync with your GitLab on-premise repositories, this guide will help you diagnose and resolve the issue.

Understanding the Problem:

A 404 error means Pensero cannot locate your GitLab repositories. This typically happens due to:

  • ❌ Incorrect user permissions - The user doesn't have access to the repositories

  • ❌ Invalid/expired access token - Authentication credentials are missing required scopes

  • ❌ Wrong repository paths - Repository URLs are misconfigured

  • ❌ Network/firewall restrictions - GitLab instance is not accessible from Pensero

Step-by-Step Troubleshooting

Follow these steps in order to identify and fix the issue:

Step 1: Verify User Account Access

What to check:

The user account configured in Pensero must exist in your GitLab instance and have access to all repositories you want to sync.

How to validate:

Log into your GitLab instance with the user account configured in Pensero

Navigate to each repository that shows 404 errors

Check user's role in each repository:

Go to: Repository → Settings → Members

  • The user must have at least Reporter role

  • Recommended: Developer or Maintainer role

Validation checklist:

  • User account exists and can log into GitLab

  • User can view each repository in GitLab UI

  • User has Reporter/Developer/Maintainer role on each repository

  • User membership has not expired

How to fix:

  • Go to Repository → Settings → Members

  • Click "Invite members"

  • Add the user (e.g., [email protected])

  • Assign role: Developer or Maintainer

  • Set expiration: "No expiration" or future date

  • Click "Invite"

Step 2: Verify Repository Paths

What to check:

Repository paths must exactly match the namespace/project structure in your GitLab instance.

How to validate:

Find the correct path in GitLab:

  • Navigate to the repository in GitLab UI

  • Look for the path under the project name

  • Format: namespace/project-name or group/subgroup/project-name

  • Example:

    • ✓ Correct: platform/client-frontend

    • ✗ Wrong: client-frontend

Compare with Pensero configuration:

  • In Pensero, check the exact repository path configured

  • Paths are case-sensitive

  • Must include the full namespace hierarchy

Expected results:

  • ✅ Success (200): Returns JSON with repository details

  • ❌ 404 Error: Repository path is wrong or user has no access

How to fix:

  • Update the repository path in Pensero to match the exact GitLab path

  • Include all parent groups/namespaces in the path

Step 3: Verify Access Token Configuration

What to check:

The GitLab access token must have the correct scopes and not be expired.

How to validate:

Locate the access token in GitLab:

  • Go to: User Settings → Access Tokens (Log in as the user configured in Pensero)

Check token status:

  • Expiration date: Not expired

  • Status: Active

  • Verify token has these scopes:

    • api (recommended - provides full API access)

    • OR minimum scopes:

      • read_api

      • read_repository

How to fix (create new token):

  • Go to GitLab → User Settings → Access Tokens

  • Click "Add new token"

  • Configure:

    • Token name: Pensero Integration

    • Expiration date: Select future date or leave blank

    • Scopes: Check api (or both read_api + read_repository)

    • Click "Create personal access token"

    • Copy the token immediately (you won't see it again)

    • Update the token in Pensero integration settings

Still Having Issues?

If you've completed all steps and still see 404 errors, check these advanced scenarios:

Network restrictions:

  • Is the GitLab instance behind a VPN?

  • Are there IP whitelist restrictions?

  • Does Pensero's IP need to be whitelisted?

GitLab configuration:

  • Is the API enabled in GitLab? (Admin → Settings → Network)

Did this answer your question?