Skip to main content

Connect a GitLab Repository

In Buzzbin, a repository is the main unit for settings, spend, and review history. You connect it once, and after that GitLab events keep reviews flowing.

What you need

  • The repository HTTPS URL
  • A Project Access Token created in that same GitLab project
  • Maintainer role for the token/bot
  • api and read_repository scopes

Buzzbin needs both repository access and permission to manage the project webhook. That is why Maintainer is required; Developer is not enough for the automatic webhook flow even if some scopes exist.

Official GitLab references:

If you want the same flow with Buzzbin-specific recommendations, open Create a GitLab Project Access Token.

Create the project access token in GitLab

If you do not have a token yet, this is usually the fastest path:

  1. Open the target project in GitLab.
  2. In the left sidebar, go to Settings > Access tokens.
  3. Select Add new token.
  4. Enter a clear token name such as buzzbin-reviewer.
  5. Optionally add a description and expiration date.
  6. Set the token role to Maintainer.
  7. Select the api and read_repository scopes.
  8. Select Create project access token and copy the token immediately.

Important token notes

  • GitLab does not show the full token value again after you leave or refresh the page.
  • If you do not set an expiration date, GitLab usually applies a default expiry.
  • Creating a project access token also creates a bot user for that project, and Buzzbin output is associated with that bot identity.
  • If the token expires, is rotated, or is revoked, Buzzbin stops working with that token until you provide the new value.

Connection steps

  1. Open the organization in Buzzbin and go to Repositories.
  2. Choose to add a repository.
  3. Enter the repository name, HTTPS URL, and Project Access Token.
  4. Buzzbin validates the token live.
  5. On success, Buzzbin registers the project webhook automatically.

What Buzzbin does behind the scenes

On a successful connection, Buzzbin:

  • validates the token, scopes, and role
  • resolves the project identity and connection metadata
  • stores the token in encrypted form and keeps only a non-sensitive hint
  • registers a webhook for merge request, note, and related events
  • seeds the initial review configuration for the repository

Common connection failures

These are the most common reasons a connection fails:

  • the token is invalid
  • the token is missing api or read_repository
  • the token role is lower than Maintainer
  • the GitLab host is not reachable from Buzzbin servers

If the repository was connected before and later stopped working, rotate the token. Buzzbin re-validates the new token and repairs the webhook when needed.

Security notes

  • Buzzbin does not keep repository source code as permanent stored data.
  • The Project Access Token is encrypted at rest.
  • The full token is not returned in API responses, logs, or settings screens.
  • When needed, you can rotate the token in GitLab and then update the repository settings in Buzzbin with the new value.

Next step

After the repository is connected, the next useful pages are How reviews work, Comment Answers, Repository lifecycle, Findings, severity, and expected output, and Review existing open merge requests.