Name: GitLabHound
Display Name: GitLab (GitLabHound)
Version: v0.0.1
Namespace: GL
Environment Kind: GL_Instance
Source Kind: GL_Base
Note
This file is automatically generated from the schema.json file that is bundled with GitLab (GitLabHound).
| Icon | Node Kind | Display Name |
|---|---|---|
 |
GL_AccessToken | Access Token |
 |
GL_Bot | GitLab Bot |
 |
GL_Branch | GitLab Branch |
 |
GL_Group | GitLab Group |
 |
GL_GroupAccessToken | Group Access Token |
 |
GL_GroupRole | Group Role |
 |
GL_GroupVariable | Group CI/CD Variable |
 |
GL_Instance | GitLab Instance |
 |
GL_InstanceRole | Instance Role |
 |
GL_InstanceVariable | Instance CI/CD Variable |
 |
GL_Job | GitLab Job |
 |
GL_JobArtifact | Job Artifact |
 |
GL_JobLog | Job Log |
 |
GL_LeakedSecret | Secret |
 |
GL_PersonalAccessToken | Personal Access Token |
 |
GL_Pipeline | GitLab Pipeline |
 |
GL_PipelineSchedule | Pipeline Schedule |
 |
GL_PipelineVariable | Pipeline Schedule Variable |
 |
GL_Project | GitLab Project |
 |
GL_ProjectAccessToken | Project Access Token |
 |
GL_ProjectRole | Project Role |
 |
GL_ProjectVariable | Project CI/CD Variable |
 |
GL_Repository | GitLab Repository |
 |
GL_Runner | GitLab Runner |
 |
GL_RunnerManager | Runner Manager |
 |
GL_SecureFile | Secure File |
 |
GL_User | GitLab User |
 |
GL_Variable | CI/CD Variable |
| Relationship Kind | Traversable | Description |
|---|---|---|
| GL_ArchiveProject | ❌ | Role can archive this project |
| GL_AssignedTo | ❌ | Group runner is registered to / assigned to this group |
| GL_BuildsAsSystem | ✅ | Pipelines on this branch run on a shell executor and execute as the runner manager's system user |
| GL_BuildsOn | ❌ | Pipelines on this branch may execute on this runner |
| GL_CanAssumeIdentity | ✅ | Pipelines on this branch can assume this Entra service principal identity via federated credentials |
| GL_CanCreateGroup | ❌ | User or group role is allowed to create top-level groups or subgroups |
| GL_CanCreateProject | ❌ | User or group role is allowed to create projects |
| GL_CanMerge | ✅ | Role can merge merge requests into this branch |
| GL_CanPull | ❌ | Role can pull/clone from this repository (including unauthenticated/member access to public/internal projects) |
| GL_CanPush | ✅ | Role can push commits to this branch |
| GL_CanReadSecret | ✅ | Role can read a secret |
| GL_CanRequestAccess | ❌ | Instance members can request access to this group |
| GL_CanSignUp | ❌ | Open registration is enabled; unauthenticated users can create an account (edge property require_admin_approval indicates whether the account requires admin approval before activation) |
| GL_CanUseRunner | ❌ | Group or project is allowed to use this runner for its pipelines |
| GL_ContainsCredentialsFor | ✅ | Node (CI/CD variable, job log, or artifact) contains credentials for the target secret |
| GL_Contributed | ❌ | User opened, closed, or commented on issues or merge requests in this project |
| GL_Created | ❌ | User created another user (admin action), a project, or triggered a pipeline |
| GL_Defines | ✅ | Instance, group, project, or pipeline schedule defines this CI/CD variable |
| GL_DeleteProject | ❌ | Role can delete this project |
| GL_Developed | ❌ | User pushed code or merged / approved merge requests in this project |
| GL_DownloadJobArtifacts | ❌ | Instance or project role can download job artifacts |
| GL_DownloadSecureFiles | ❌ | Role can download secure files from this project |
| GL_ExecutedBy | ❌ | Job was executed by this runner |
| GL_ForkedFrom | ❌ | Project was forked from the target project |
| GL_HasBaseRole | ✅ | Role subsumes all permissions of the lower role (permission hierarchy); also models instance Admin holding Owner in all top-level groups and user-owned projects |
| GL_HasBranch | ❌ | Repository contains this branch |
| GL_HasGroup | ❌ | Instance contains this top-level group |
| GL_HasJob | ❌ | Pipeline contains this job |
| GL_HasPipeline | ❌ | Project contains this pipeline run |
| GL_HasPipelineSchedule | ❌ | Project has this pipeline schedule |
| GL_HasPrivilegeOf | ✅ | Entity inherits the privileges of the target (e.g. a token with equivalent scope to a user) |
| GL_HasProject | ❌ | Group namespace or user personal namespace owns this project |
| GL_HasRepo | ❌ | Project has this associated git repository |
| GL_HasRole | ✅ | User holds an instance/group/project role |
| GL_HasToken | ❌ | Acess token defined by the respective entity (user, project, or group) |
| GL_HostedOn | ❌ | Runner manager process is hosted on this Active Directory computer |
| GL_InheritRole | ✅ | Subgroup role inherits from the equivalent parent group role, or a project role is inherited from the equivalent parent group role |
| GL_InvitedTo | ✅ | Group is shared/invited into another group or project |
| GL_InviteGroups | ❌ | Role can invite groups into this group or project |
| GL_IsToken | ✅ | Variable or secret value is or contains a valid GitLab access token |
| GL_ManagedBy | ❌ | Runner instance is managed by this runner manager process |
| GL_ManageDeployKeys | ❌ | Role can manage deploy keys |
| GL_ManageMembers | ✅ | Role grants permission to add/remove group or project members |
| GL_ManageProjectAccessTokens | ❌ | Role can create and revoke project access tokens |
| GL_ManageProtectedBranches | ❌ | Role can configure protected branch rules |
| GL_ManageProtectedTags | ❌ | Role can configure protected tag rules |
| GL_ManageReleases | ❌ | Role can create and manage releases |
| GL_ManageRunners | ❌ | Role can enable/disable runners for this project |
| GL_ManageSecureFiles | ❌ | Role can upload/delete secure files |
| GL_ManageVariables | ❌ | Role can manage variables |
| GL_ManageWebHooks | ❌ | Role can manage webhooks |
| GL_MemberOf | ✅ | Subgroup belongs to the parent group, or a group role grants membership in the group |
| GL_Owns | ✅ | User created and owns this pipeline schedule |
| GL_Produced | ❌ | Job produced this artifact archive or execution log |
| GL_PushedTo | ❌ | User pushed commits to this branch |
| GL_RenovateInviteAndTakeover | ✅ | Renovate bot can invite itself to the target group or project and take over its resources |
| GL_RunCICD | ❌ | Role can trigger CI/CD pipelines in this project |
| GL_RunsOn | ❌ | Pipeline was run against this branch/ref |
| GL_SyncedTo | ✅ | Entra or Active Directory user is linked / synced to this GitLab user via SSO (SAML, OAuth, OIDC, or LDAP) |
| GL_TransferProject | ❌ | Role can transfer this project to another namespace |
| GL_Triggers | ❌ | A branch push or pipeline schedule triggered this pipeline run |
| GL_ViewJobLogs | ❌ | Instance or project role can view job logs |