Skip to main content
mcpSource-backed
GitLab logo

GitLab MCP Server for Claude

Official GitLab MCP server that connects Claude and other MCP clients to GitLab projects, issues, merge requests, pipelines, job logs, labels, work items, and semantic code search through OAuth.

by GitLab · submitted by oktofeesh1·added 2026-06-03·
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://docs.gitlab.com/user/gitlab_duo/model_context_protocol/mcp_server/, https://github.com/JSONbored/awesome-claude/blob/main/content/mcp/gitlab-mcp-server.mdx
Brand
GitLab
Brand domain
gitlab.com
Brand asset source
brandfetch
Safety notes
GitLab explicitly warns that you are responsible for guarding against prompt injection when using MCP tools. Treat issue text, merge request comments, code diffs, wiki-like content, job logs, and pipeline output as untrusted input that can attempt to steer the agent., Some GitLab MCP tools perform write actions, including creating issues, creating merge requests, creating work item notes, and managing pipelines. Keep manual approval on any operation that changes GitLab state., OAuth Dynamic Client Registration creates an OAuth application and access token for the connected client. Review the authorization request, keep tokens out of prompts and logs, and revoke access when a client is no longer trusted., Use the HTTP tool-name prefix header when connecting multiple GitLab instances or overlapping MCP servers so the model does not confuse similar tool names., The GitLab MCP server is beta. Availability, tool behavior, protocol support, feature gates, and required GitLab versions can change between GitLab releases.
Privacy notes
Tool results can expose project paths, issue titles and descriptions, confidential issue metadata, merge request titles, comments, commits, diffs, pipeline status, job logs, labels, work item notes, semantic code search results, user names, group names, and project identifiers., GitLab issues, merge requests, comments, job logs, and code search results can contain secrets, customer data, vulnerability details, incident notes, unreleased roadmap information, internal URLs, employee data, and proprietary source code., MCP client logs, AI transcripts, terminal scrollback, screenshots, generated summaries, and downstream tickets can retain GitLab data outside GitLab's normal permission, audit, and retention controls., Self-managed GitLab instances may have stricter network, SSO, retention, and data residency policies than GitLab.com. Confirm MCP clients are approved before connecting them to internal instances.
Author
GitLab
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-03

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

CLI install

Copy-ready — paste the snippet to get started.

10 minutes

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

6 prerequisites to line up before setup. Have accounts and credentials ready first.

0/6 ready
Account & credentials1Install & runtime1Permissions & scopes1General310 minutes

Safety & privacy surface

Safety & privacy surface

5 safety and 4 privacy notes across 4 risk areas. Review closely: credentials & tokens, permissions & scopes, network access.

4 areas
  • SafetyNetwork accessGitLab explicitly warns that you are responsible for guarding against prompt injection when using MCP tools. Treat issue text, merge request comments, code diffs, wiki-like content, job logs, and pipeline output as untrusted input that can attempt to steer the agent.
  • SafetyNetwork accessSome GitLab MCP tools perform write actions, including creating issues, creating merge requests, creating work item notes, and managing pipelines. Keep manual approval on any operation that changes GitLab state.
  • SafetyCredentials & tokensOAuth Dynamic Client Registration creates an OAuth application and access token for the connected client. Review the authorization request, keep tokens out of prompts and logs, and revoke access when a client is no longer trusted.
  • SafetyNetwork accessUse the HTTP tool-name prefix header when connecting multiple GitLab instances or overlapping MCP servers so the model does not confuse similar tool names.
  • SafetyGeneralThe GitLab MCP server is beta. Availability, tool behavior, protocol support, feature gates, and required GitLab versions can change between GitLab releases.
  • PrivacyNetwork accessTool results can expose project paths, issue titles and descriptions, confidential issue metadata, merge request titles, comments, commits, diffs, pipeline status, job logs, labels, work item notes, semantic code search results, user names, group names, and project identifiers.
  • PrivacyCredentials & tokensGitLab issues, merge requests, comments, job logs, and code search results can contain secrets, customer data, vulnerability details, incident notes, unreleased roadmap information, internal URLs, employee data, and proprietary source code.
  • PrivacyPermissions & scopesMCP client logs, AI transcripts, terminal scrollback, screenshots, generated summaries, and downstream tickets can retain GitLab data outside GitLab's normal permission, audit, and retention controls.
  • PrivacyNetwork accessSelf-managed GitLab instances may have stricter network, SSO, retention, and data residency policies than GitLab.com. Confirm MCP clients are approved before connecting them to internal instances.

Safety notes

  • GitLab explicitly warns that you are responsible for guarding against prompt injection when using MCP tools. Treat issue text, merge request comments, code diffs, wiki-like content, job logs, and pipeline output as untrusted input that can attempt to steer the agent.
  • Some GitLab MCP tools perform write actions, including creating issues, creating merge requests, creating work item notes, and managing pipelines. Keep manual approval on any operation that changes GitLab state.
  • OAuth Dynamic Client Registration creates an OAuth application and access token for the connected client. Review the authorization request, keep tokens out of prompts and logs, and revoke access when a client is no longer trusted.
  • Use the HTTP tool-name prefix header when connecting multiple GitLab instances or overlapping MCP servers so the model does not confuse similar tool names.
  • The GitLab MCP server is beta. Availability, tool behavior, protocol support, feature gates, and required GitLab versions can change between GitLab releases.

Privacy notes

  • Tool results can expose project paths, issue titles and descriptions, confidential issue metadata, merge request titles, comments, commits, diffs, pipeline status, job logs, labels, work item notes, semantic code search results, user names, group names, and project identifiers.
  • GitLab issues, merge requests, comments, job logs, and code search results can contain secrets, customer data, vulnerability details, incident notes, unreleased roadmap information, internal URLs, employee data, and proprietary source code.
  • MCP client logs, AI transcripts, terminal scrollback, screenshots, generated summaries, and downstream tickets can retain GitLab data outside GitLab's normal permission, audit, and retention controls.
  • Self-managed GitLab instances may have stricter network, SSO, retention, and data residency policies than GitLab.com. Confirm MCP clients are approved before connecting them to internal instances.

Prerequisites

  • GitLab Premium or Ultimate access on GitLab.com, GitLab Self-Managed, or GitLab Dedicated
  • GitLab Duo enabled for the top-level group or instance
  • Beta and experimental features enabled for the top-level group or instance
  • MCP client that supports HTTP transport and OAuth, such as Claude Code, Cursor, GitHub Copilot in VS Code, Gemini CLI, Kiro, Codex, or another compatible client
  • Node.js 20 or later when using `mcp-remote` for stdio-based clients such as Claude Desktop, Continue, or Zed
  • Project or group permissions for the GitLab issues, merge requests, pipelines, code, labels, and work items Claude should access

Schema details

Install type
cli
Troubleshooting
No
Collection metadata
Estimated setup
10 minutes
Difficulty
intermediate
Full copyable content
{
  "mcpServers": {
    "GitLab": {
      "type": "http",
      "url": "https://gitlab.com/api/v4/mcp"
    }
  }
}

About this resource

Content

The GitLab MCP server connects Claude and other MCP-compatible tools directly to GitLab through the GitLab API endpoint at /api/v4/mcp. It is designed for teams that want AI assistants to inspect GitLab project information, retrieve issues and merge requests, inspect CI/CD pipelines and job logs, search labels and code, and perform selected GitLab actions through OAuth-authorized access.

GitLab's MCP server is a beta GitLab Duo feature for Premium and Ultimate tiers on GitLab.com, GitLab Self-Managed, and GitLab Dedicated. It supports OAuth 2.0 Dynamic Client Registration, so compatible clients can register with the GitLab instance, open a browser authorization flow, and receive an access token for the approved GitLab scope. HTTP transport is the recommended setup path; stdio clients can use mcp-remote as a proxy.

Features

  • HTTP MCP endpoint at https://gitlab.com/api/v4/mcp or the equivalent self-managed GitLab instance URL.
  • OAuth 2.0 Dynamic Client Registration for first-time client setup.
  • Claude Code HTTP setup with claude mcp add --transport http.
  • Claude Desktop, Continue, and Zed setup through npx -y mcp-remote.
  • Optional tool-name prefixing with X-Gitlab-Mcp-Server-Tool-Name-Prefix.
  • Issue creation and issue lookup.
  • Merge request creation, lookup, commit listing, diff retrieval, and pipeline lookup.
  • CI/CD pipeline job listing, job log retrieval, and pipeline management.
  • Work item note creation and retrieval.
  • Global, group, and project search across scopes such as issues, merge requests, and projects.
  • Label search and semantic code search for relevant code snippets.

Use Cases

  • Ask Claude to inspect a GitLab issue and summarize related merge requests before starting implementation.
  • Review merge request diffs, commits, and pipeline status without switching out of the coding session.
  • Pull failing CI job logs and summarize likely failure causes.
  • Search issues or merge requests across a group for prior art before filing a duplicate.
  • Use semantic code search to find relevant implementation examples inside a GitLab project.
  • Draft an issue or merge request only after a human approves the exact action.

Installation

Claude Code

  1. Confirm GitLab Duo, beta features, and MCP server access are enabled for the target GitLab group or instance.
  2. Add the GitLab MCP server:
claude mcp add --transport http GitLab https://gitlab.com/api/v4/mcp
  1. Start Claude Code:
claude
  1. Type /mcp, select the GitLab server, and complete the browser OAuth authorization flow.
  2. Verify the connection with /mcp, then start with a read-only prompt.

Claude Desktop

  1. Confirm Node.js 20 or later and npx are available.
  2. Add the mcp-remote configuration below to the Claude Desktop MCP config.
  3. Restart Claude Desktop.
  4. Complete the browser OAuth authorization flow on first connect.

Configuration

HTTP transport

{
  "mcpServers": {
    "GitLab": {
      "type": "http",
      "url": "https://gitlab.com/api/v4/mcp"
    }
  }
}

HTTP transport with tool prefixing

{
  "mcpServers": {
    "GitLab": {
      "type": "http",
      "url": "https://gitlab.com/api/v4/mcp",
      "headers": {
        "X-Gitlab-Mcp-Server-Tool-Name-Prefix": "gitlab_"
      }
    }
  }
}

Claude Desktop with mcp-remote

{
  "mcpServers": {
    "GitLab": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://gitlab.com/api/v4/mcp"]
    }
  }
}

Examples

Inspect an issue before coding

Get GitLab issue 42 in project group/project, summarize the acceptance criteria, and list any linked merge requests without changing anything.

Review a merge request

Fetch merge request 15 from group/project, summarize the changed files, pipeline status, and unresolved risks.

Debug a CI failure

Get the jobs for the latest failed pipeline in group/project and summarize the relevant job log lines.

Search for related work

Search GitLab issues for "flaky login test" in group/project and return likely duplicates or related fixes.

Use semantic code search

Use semantic code search in group/project to find where authorization decisions are implemented.

Source notes

  • GitLab's official documentation describes the GitLab MCP server as a beta GitLab Duo feature for Premium and Ultimate tiers on GitLab.com, GitLab Self-Managed, and GitLab Dedicated.
  • The setup guide states that the server lets AI assistants such as Claude Desktop, Claude Code, Cursor, and other MCP-compatible tools access GitLab data and perform actions on behalf of the authenticated user.
  • GitLab documents OAuth 2.0 Dynamic Client Registration, where the client registers as an OAuth application, requests authorization, and receives an access token.
  • The recommended HTTP configuration points to https://<gitlab.example.com>/api/v4/mcp, with GitLab.com using https://gitlab.com/api/v4/mcp.
  • GitLab documents Claude Code setup with claude mcp add --transport http GitLab https://<gitlab.example.com>/api/v4/mcp and Claude Desktop setup through npx -y mcp-remote.
  • The tools reference lists issue, merge request, pipeline, work item note, search, label, and semantic code search tools, including write-capable tools such as create_issue, create_merge_request, create_workitem_note, and manage_pipeline.

Duplicate check

Checked current content/mcp/, content/tools/, guides, skills, agents, open pull requests, and repository-wide content for GitLab MCP, GitLab Duo MCP, /api/v4/mcp, gitlab.com/api/v4/mcp, mcp-remote GitLab, oauth_dynamic_client_registration, create_merge_request, get_merge_request, semantic_code_search, GitLab issue tracking, and self-hosted git platform MCP. Existing GitHub, Jira, Azure DevOps, and generic MCP server content do not duplicate GitLab's native MCP server for GitLab.com and self-managed GitLab instances. No dedicated GitLab MCP entry, GitLab MCP source URL duplicate, or open duplicate PR was found.

Disclosure

Editorial listing. No paid placement or affiliate link is used.

Source citations

Add this badge to your README

Show that GitLab MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/gitlab-mcp-server.svg)](https://heyclau.de/entry/mcp/gitlab-mcp-server)

How it compares

GitLab MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

3 trust signals differ across this comparison (Package trust, Source provenance, Submitter).

Field

Official GitLab MCP server that connects Claude and other MCP clients to GitLab projects, issues, merge requests, pipelines, job logs, labels, work items, and semantic code search through OAuth.

Open dossier

Manage Backlog projects from Claude — create and update issues, comment on tickets, manage wiki pages, review pull requests, and navigate your Nulab Backlog space — with the official Backlog MCP server supporting stdio and HTTP transports.

Open dossier

Manage Jira tickets and Confluence documentation

Open dossier

Integrate with Linear's issue tracking and project management system

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage not verifiedPackage not verifiedPackage verifiedPackage verified
Source provenanceDiffersSource-backedSource-backedNo submission linkNo submission link
SubmitterDiffersoktofeesh1
Install riskReview firstReview firstLow riskLow risk
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandGitLab logoGitLabJira logoJiraLinear logoLinear
Categorymcpmcpmcpmcp
SourceSource-backedSource-backedFirst-partyFirst-party
AuthorGitLabNulabAtlassianLinear
Added2026-06-032026-06-182025-09-182025-09-18
Platforms
Harness
Source repo
Safety notesGitLab explicitly warns that you are responsible for guarding against prompt injection when using MCP tools. Treat issue text, merge request comments, code diffs, wiki-like content, job logs, and pipeline output as untrusted input that can attempt to steer the agent. Some GitLab MCP tools perform write actions, including creating issues, creating merge requests, creating work item notes, and managing pipelines. Keep manual approval on any operation that changes GitLab state. OAuth Dynamic Client Registration creates an OAuth application and access token for the connected client. Review the authorization request, keep tokens out of prompts and logs, and revoke access when a client is no longer trusted. Use the HTTP tool-name prefix header when connecting multiple GitLab instances or overlapping MCP servers so the model does not confuse similar tool names. The GitLab MCP server is beta. Availability, tool behavior, protocol support, feature gates, and required GitLab versions can change between GitLab releases.Tools can create, update, and delete projects, issues, wikis, and pull requests — changes affect your live Backlog space. Use `ENABLE_TOOLSETS` to restrict which tool groups are available if you only need read access.Scope Atlassian access and review issue or page writes because updates can notify teams and change project records.Scope the Linear token to the intended workspace and review issue or project writes before changing active roadmaps.
Privacy notesTool results can expose project paths, issue titles and descriptions, confidential issue metadata, merge request titles, comments, commits, diffs, pipeline status, job logs, labels, work item notes, semantic code search results, user names, group names, and project identifiers. GitLab issues, merge requests, comments, job logs, and code search results can contain secrets, customer data, vulnerability details, incident notes, unreleased roadmap information, internal URLs, employee data, and proprietary source code. MCP client logs, AI transcripts, terminal scrollback, screenshots, generated summaries, and downstream tickets can retain GitLab data outside GitLab's normal permission, audit, and retention controls. Self-managed GitLab instances may have stricter network, SSO, retention, and data residency policies than GitLab.com. Confirm MCP clients are approved before connecting them to internal instances.Issue content, comments, wiki pages, pull request details, and user information from your Backlog space are surfaced in Claude's context. Your `BACKLOG_API_KEY` grants account-level Backlog access — keep it in the MCP config env and never commit it to version control.Jira tickets, Confluence pages, comments, attachments, user metadata, and organization details may be sent through tool calls.Issue text, comments, assignees, labels, project context, customer references, and workspace metadata may be sent through tool calls.
Prerequisites
  • GitLab Premium or Ultimate access on GitLab.com, GitLab Self-Managed, or GitLab Dedicated
  • GitLab Duo enabled for the top-level group or instance
  • Beta and experimental features enabled for the top-level group or instance
  • MCP client that supports HTTP transport and OAuth, such as Claude Code, Cursor, GitHub Copilot in VS Code, Gemini CLI, Kiro, Codex, or another compatible client
  • A Backlog account on backlog.com or your Backlog.jp/enterprise space.
  • A Backlog API key: Personal Settings → API → Generate API Key.
  • Node.js with `npx` available.
  • An MCP client such as Claude Code or Claude Desktop.
  • Atlassian account (Jira Cloud or self-hosted Jira instance access)
  • OAuth credentials or API token (Jira Cloud: email + API token from account settings; self-hosted: Personal Access Token or OAuth)
  • HTTP/SSE transport support (remote MCP server at https://mcp.atlassian.com/v1/sse)
  • Internet connection (remote Atlassian API access required)
  • Linear workspace account (Member or Admin role required, not Guest)
  • OAuth credentials or Personal API Key (generate from Linear Security & access settings)
  • SSE transport support (remote MCP server at https://mcp.linear.app/sse)
  • Internet connection (remote Linear API access required)
Install
claude mcp add --transport http GitLab https://gitlab.com/api/v4/mcp
claude mcp add backlog -e BACKLOG_DOMAIN=yourspace.backlog.com -e BACKLOG_API_KEY=<your-api-key> -- npx backlog-mcp-server
claude mcp list && claude mcp status jira
claude mcp list && claude mcp status linear
Config
{
  "mcpServers": {
    "GitLab": {
      "type": "http",
      "url": "https://gitlab.com/api/v4/mcp",
      "headers": {
        "X-Gitlab-Mcp-Server-Tool-Name-Prefix": "gitlab_"
      }
    }
  }
}
{
  "mcpServers": {
    "backlog": {
      "command": "npx",
      "args": ["backlog-mcp-server"],
      "env": {
        "BACKLOG_DOMAIN": "yourspace.backlog.com",
        "BACKLOG_API_KEY": "<your-api-key>",
        "MAX_TOKENS": "50000"
      }
    }
  }
}
{
  "mcpServers": {
    "atlassian": {
      "url": "https://mcp.atlassian.com/v1/sse",
      "type": "sse"
    }
  }
}
{
  "mcpServers": {
    "linear": {
      "url": "https://mcp.linear.app/sse",
      "type": "sse"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.