Internal users

History
  • Introduced in GitLab 15.4, bots are indicated with a badge in user listings.

GitLab uses internal users (sometimes referred to as “bots”) to perform actions or functions that cannot be attributed to a regular user.

Internal users:

  • Are created programmatically and do not count towards a license limit.
  • Are used when a traditional user account isn’t applicable. For example, when generating alerts or automatic review feedback.
  • Have reduced access and a very specific purpose. They cannot be used for regular user actions, such as authentication or API requests.
  • Have email addresses and names that can be attributed to any actions they perform.

Internal users are sometimes created as part of feature development. For example, the GitLab Migration Bot for migrating from GitLab Snippets to Versioned Snippets. GitLab Migration Bot was used as the author of snippets when a snippet’s original author wasn’t available. For example, when the user was disabled.

Other examples of internal users:

GitLab Admin Bot

GitLab Admin Bot is an internal user that cannot be accessed or modified by regular users and is responsible for many tasks including:

GitLab Security Bot

GitLab Security Bot is an internal user responsible for commenting on merge requests that violate a security policy.

GitLab Security Policy Bot

GitLab Security Policy Bot is an internal user responsible for triggering scheduled pipelines defined in security policies. This account is created in every project on which a security policy is enforced.