Represents a GitLab project — the primary unit of work in GitLab, containing a repository, CI/CD pipelines, issues, merge requests, and access control. Projects are owned by either a group namespace (GL_HasProject from GL_Group) or a user's personal namespace (GL_HasProject from GL_User). Each project has exactly one associated repository (GL_HasRepo), a set of role nodes for access control, and optionally pipelines, runners, and CI/CD variables.
Renovate configuration properties are collected when a renovate.json or .renovaterc file is found in the project's default branch, supporting Renovate invite-and-takeover attack path analysis.
| Property Name | Data Type | Description |
|---|---|---|
| name | string | Project name |
| name_with_namespace | string | Full display name including group path (e.g., MyOrg / MyProject) |
| path | string | URL path slug |
| description | string | Project description |
| visibility | string | Visibility level: private, internal, or public |
| web_url | string | URL to the project's GitLab page |
| default_branch | string | Name of the default branch |
| forks | integer | Number of forks of this project |
| stars | integer | Number of stars |
| last_activity | datetime | Timestamp of the most recent activity |
| topics | string | Comma-separated list of project topics/tags |
| archived | bool | Whether the project is archived (read-only) |
| shared_runners_enabled | bool | Whether instance-level shared runners are enabled for this project |
| group_runners_enabled | bool | Whether group-level runners are enabled for this project |
| renovate_config | string | Raw contents of the Renovate configuration file found in the project |
| renovate_self_hosted | bool | Whether the Renovate config references a self-hosted Renovate instance |
| renovate_autodiscovery | bool | Whether Renovate autodiscovery is enabled in the config |
| renovate_autodiscovery_filter_type | string | Autodiscovery filter type (e.g., autodiscoverFilter) |
| renovate_autodiscovery_filter_value | string | Autodiscovery filter value (pattern or list) |
flowchart TD
GL_User[fa:fa-user GL_User]
GL_Pipeline[fa:fa-angles-right GL_Pipeline]
GL_PipelineSchedule[fa:fa-clock-rotate-left GL_PipelineSchedule]
GL_ProjectVariable[fa:fa-sliders GL_ProjectVariable]
GL_InstanceRole[fa:fa-user-tie GL_InstanceRole]
GL_Runner[fa:fa-gears GL_Runner]
GL_ProjectRole[fa:fa-user-tie GL_ProjectRole]
GL_Repository[fa:fa-box-archive GL_Repository]
GL_ProjectAccessToken[fa:fa-key GL_ProjectAccessToken]
GL_Group[fa:fa-user-group GL_Group]
GL_Project[fa:fa-diagram-project GL_Project]
GL_Group -.->|GL_HasProject| GL_Project
GL_User -.->|GL_HasProject| GL_Project
GL_Project -.->|GL_ForkedFrom| GL_Project
GL_Project -.->|GL_HasPipeline| GL_Pipeline
GL_Project -.->|GL_HasPipelineSchedule| GL_PipelineSchedule
GL_Project -->|GL_Defines| GL_ProjectVariable
GL_User -.->|GL_Created| GL_Project
GL_Group -->|GL_InvitedTo| GL_Project
GL_User -.->|GL_Developed| GL_Project
GL_User -.->|GL_Contributed| GL_Project
GL_ProjectRole -->|GL_ManageMembers| GL_Project
GL_Project -.->|GL_HasRepo| GL_Repository
GL_ProjectRole -.->|GL_RunCICD| GL_Project
GL_ProjectRole -.->|GL_DownloadJobArtifacts| GL_Project
GL_InstanceRole -.->|GL_DownloadJobArtifacts| GL_Project
GL_ProjectRole -.->|GL_ViewJobLogs| GL_Project
GL_InstanceRole -.->|GL_ViewJobLogs| GL_Project
GL_ProjectRole -.->|GL_DownloadSecureFiles| GL_Project
GL_ProjectRole -.->|GL_ManageRunners| GL_Project
GL_ProjectRole -.->|GL_ManageSecureFiles| GL_Project
GL_ProjectRole -.->|GL_ManageVariables| GL_Project
GL_ProjectRole -.->|GL_ManageReleases| GL_Project
GL_ProjectRole -.->|GL_ManageProjectAccessTokens| GL_Project
GL_ProjectRole -.->|GL_ManageDeployKeys| GL_Project
GL_ProjectRole -.->|GL_ManageWebHooks| GL_Project
GL_ProjectRole -.->|GL_InviteGroups| GL_Project
GL_ProjectRole -.->|GL_ArchiveProject| GL_Project
GL_ProjectRole -.->|GL_DeleteProject| GL_Project
GL_ProjectRole -.->|GL_TransferProject| GL_Project
GL_Project -.->|GL_CanUseRunner| GL_Runner
GL_Project -.->|GL_HasToken| GL_ProjectAccessToken