45
grade D
3 days ago
npm

zereight/gitlab-mcp

GitLab MCP server for projects, merge requests, issues, pipelines, wiki, releases, and more

zereight/gitlab-mcp· npm: @zereight/mcp-gitlab· listed on npm

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
🚨
Known vulnerabilities in dependencies: 1 critical, 2 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
🔐
You'll be asked for 3 credentials: GITLAB_OAUTH_CLIENT_SECRET, GITLAB_PERSONAL_ACCESS_TOKEN, GITLAB_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configDEFAULT_NULL
configDISCUSSION_ID
configGITLAB_ALLOWED_PROJECT_IDS
configGITLAB_API_URLapi-url - GitLab API URL (replaces )
configGITLAB_COMMIT_FILES_PER_PAGE
configGITLAB_GRAPHQL_URL
configGITLAB_OAUTH_CLIENT_IDLocal OAuth: GITLAB_USE_OAUTH=true, , GITLAB_OAUTH_REDIRECT_URI, GITLAB_API_URL
🔐 secretGITLAB_OAUTH_CLIENT_SECRET
configGITLAB_OAUTH_REDIRECT_URILocal OAuth: GITLAB_USE_OAUTH=true, GITLAB_OAUTH_CLIENT_ID, , GITLAB_API_URL
configGITLAB_OAUTH_TOKEN_PATH
🔐 secretGITLAB_PERSONAL_ACCESS_TOKEN1. Personal Access Token () — simplest setup
configGITLAB_PROJECT_ID
configGITLAB_READ_ONLY_MODEread-only=true - Enable read-only mode (replaces )
🔐 secretGITLAB_TOKEN
configGITLAB_TOKEN_TEST
configHOSTe =0.0.0.0 \
configISSUE_IID
configLOG_LEVEL
configMAX_REQUESTS_PER_MINUTERate limiting: Each session is limited to requests per minute (default 60)
configMAX_SESSIONSCapacity limit: Server accepts up to concurrent sessions (default 1000)
configMCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URLNo Set true for local HTTP dev only
configMERGE_REQUEST_IID
configNOTE_ID
configPROJECT_ID
configSESSION_TIMEOUT_SECONDSSession timeout: Auth tokens expire after (default 1 hour) of inactivity. After timeout, the client must send auth headers again. The transport session remains active.
configTEST_PROJECT_ID
configWORKSPACE_ROOT
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 7 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/zereight-mcp-gitlab-14pdxb)](https://m8ven.ai/mcp/zereight-mcp-gitlab-14pdxb)
commit: 5bd7c81e422bf9666dfd6f0d89c49ed9e80e2409
code hash: 2cec22178a611f7a72fae1e7c6659c7652e1f35c1906c720af7d614f25737b14
verified: 4/18/2026, 4:00:44 PM
view raw JSON →