B
GitLab MCP Server
Community GitLab MCP server covering merge requests, issues, repositories, CI/CD pipelines, wiki, releases, work items, webhooks, and code search with SSE and Streamable HTTP transports.
Overall Score79/100
Score Breakdown
Server Info
- Package
- @zereight/mcp-gitlab
- Registry
- npm
- Repository
- zereight/gitlab-mcp
- Maintainer
- Community
- Category
- Developer Tools
- Tags
- gitci-cddevops
- Last Scanned
- 28 May 2026
Findings
8 issuesTool Schema Quality
HIGHRequired fields missing on 1 write operations
Write tools without required field declarations: mark_all_todos_done.
Remediation
Add required arrays to all write/delete tool schemas.
MEDIUMOnly 0 of 182 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Remediation
Add constraints to string parameters, especially on write operations.
CRITICALDangerous execution surface: execute_graphql
Tool allows raw code/query execution which could be exploited via prompt injection.
Remediation
Use parameterized queries or validated command sets.
LLM Safety
MEDIUM1 tool descriptions are too vague
Short or generic descriptions make tool selection unreliable.
Remediation
Expand descriptions with specific actions, data types, and side effects.
MEDIUMOverlapping tool descriptions may cause wrong selection
Similar descriptions between tools could cause the LLM to pick the wrong one.
Remediation
Differentiate descriptions with unique use cases.
Data Exposure
MEDIUM8 list operations lack pagination
Most list tools include page/per_page pagination params. list_merge_request_diffs, list_pipeline_jobs, list_issue_discussions, get_pipeline_job_output include offset pagination. Response objects return full GitLab API records without field selection support. No projection parameters.
Remediation
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Remediation
Implement field selection to return only relevant fields.
Maintenance & Trust
LOWCommunity-maintained by zereight
No official vendor backing.
Remediation
Seek vendor verification.
Tools
182 total| Name | Description | Risk |
|---|---|---|
| merge_merge_request | Merge a merge request | write |
| approve_merge_request | Approve a merge request | write |
| unapprove_merge_request | Unapprove a merge request | write |
| get_merge_request_approval_state | Get merge request approval details including approvers | read |
| get_merge_request_conflicts | Get the conflicts of a merge request | read |
| list_merge_request_pipelines | List pipelines for a merge request with pagination | read |
| execute_graphql | Execute a GitLab GraphQL query | write |
| create_or_update_file | Create or update a file in a GitLab project | write |
| search_repositories | Search for GitLab projects | read |
| create_repository | Create a new GitLab project | write |
| create_group | Create new group or subgroup | write |
| get_file_contents | Get contents of a file or directory from a GitLab project | read |
| push_files | Push multiple files in a single commit | write |
| create_issue | Create a new issue | write |
| create_merge_request | Create a new merge request | write |
| fork_repository | Fork a project to your account or specified namespace | write |
| create_branch | Create a new branch | write |
| get_branch | Get branch details (commit, protection status) | read |
| list_branches | List branches in project with search filter | read |
| delete_branch | Delete branch from project | admin |
| get_merge_request | Get details of a merge request (mergeRequestIid or branchName required) | read |
| get_merge_request_diffs | Get the changes/diffs of a merge request (mergeRequestIid or branchName required) | read |
| list_merge_request_changed_files | List changed file paths in a merge request without diff content (mergeRequestIid or branchName required) | read |
| list_merge_request_diffs | List merge request diffs with pagination (mergeRequestIid or branchName required) | read |
| get_merge_request_file_diff | Get diffs for specific files from a merge request (mergeRequestIid or branchName required) | read |
| list_merge_request_versions | List all versions of a merge request | read |
| get_merge_request_version | Get a specific version of a merge request | read |
| get_branch_diffs | Get diffs between two branches or commits | read |
| update_merge_request | Update a merge request (mergeRequestIid or branchName required) | write |
| create_note | Create a new note (comment) to an issue or merge request | write |
| create_merge_request_thread | Create a new thread on a merge request | write |
| resolve_merge_request_thread | Resolve a thread on a merge request | write |
| mr_discussions | List discussion items for a merge request | read |
| delete_merge_request_discussion_note | Delete a discussion note on a merge request | admin |
| update_merge_request_discussion_note | Update a discussion note on a merge request | write |
| create_merge_request_discussion_note | Add a new discussion note to an existing merge request thread | write |
| create_merge_request_note | Add a new note to a merge request | write |
| delete_merge_request_note | Delete an existing merge request note | admin |
| get_merge_request_note | Get a specific note for a merge request | read |
| get_merge_request_notes | List notes for a merge request | read |
| update_merge_request_note | Modify an existing merge request note | write |
| get_draft_note | Get a single draft note from a merge request | read |
| list_draft_notes | List draft notes for a merge request | read |
| create_draft_note | Create a draft note for a merge request | write |
| update_draft_note | Update an existing draft note | write |
| delete_draft_note | Delete a draft note | admin |
| publish_draft_note | Publish a single draft note | write |
| bulk_publish_draft_notes | Publish all draft notes for a merge request | write |
| list_merge_request_emoji_reactions | List all emoji reactions on a merge request | read |
| list_merge_request_note_emoji_reactions | List all emoji reactions on a merge request note. Pass discussion_id for discussion thread replies. | read |
| create_merge_request_emoji_reaction | Add an emoji reaction to a merge request (e.g. thumbsup, rocket, eyes) | write |
| delete_merge_request_emoji_reaction | Remove an emoji reaction from a merge request | admin |
| create_merge_request_note_emoji_reaction | Add an emoji reaction to a merge request note. Pass discussion_id for discussion thread replies. | write |
| delete_merge_request_note_emoji_reaction | Remove an emoji reaction from a merge request note. Pass discussion_id for discussion thread replies. | admin |
| update_issue_note | Modify an existing issue thread note | write |
| create_issue_note | Add a note to an issue, optionally replying to a discussion thread | write |
| list_issue_emoji_reactions | List all emoji reactions on an issue | read |
| list_issue_note_emoji_reactions | List all emoji reactions on an issue note. Pass discussion_id for discussion thread replies. | read |
| create_issue_emoji_reaction | Add an emoji reaction to an issue (e.g. thumbsup, rocket, eyes) | write |
| delete_issue_emoji_reaction | Remove an emoji reaction from an issue | admin |
| create_issue_note_emoji_reaction | Add an emoji reaction to an issue note. Pass discussion_id for discussion thread replies. | write |
| delete_issue_note_emoji_reaction | Remove an emoji reaction from an issue note. Pass discussion_id for discussion thread replies. | admin |
| list_issues | List issues (default: created by current user; use scope='all' for all) | read |
| my_issues | List issues assigned to the authenticated user | read |
| get_issue | Get details of a specific issue | read |
| update_issue | Update an issue | write |
| update_issue_description_patch | Apply a patch (search/replace or unified diff) to an issue description. Reduces token usage by allowing small changes without sending the full description. Supports dry_run to preview changes and create_note to summarize updates. | write |
| delete_issue | Delete an issue | admin |
| list_todos | List GitLab to-do items for the current user | read |
| mark_todo_done | Mark a GitLab to-do item as done | write |
| mark_all_todos_done | Mark all pending GitLab to-do items as done for the current user | write |
| list_issue_links | List all issue links for a specific issue | read |
| list_issue_discussions | List discussions for an issue | read |
| get_issue_link | Get a specific issue link | read |
| create_issue_link | Create an issue link between two issues | write |
| delete_issue_link | Delete an issue link | admin |
| list_namespaces | List all namespaces (users and groups) available to the current user. Filter by kind='group' for groups only. | read |
| get_namespace | Get details of a namespace (user or group) by ID or path. Groups are namespaces with kind='group'. | read |
| verify_namespace | Verify if a namespace path exists | read |
| get_project | Get details of a specific project | read |
| list_projects | List projects accessible by the current user | read |
| list_project_members | List members of a GitLab project | read |
| list_labels | List labels for a project | read |
| get_label | Get a single label from a project | read |
| create_label | Create a new label in a project | write |
| update_label | Update an existing label in a project | write |
| delete_label | Delete a label from a project | admin |
| list_group_projects | List projects in a group | read |
| list_wiki_pages | List wiki pages in a project | read |
| get_wiki_page | Get details of a specific wiki page | read |
| create_wiki_page | Create a wiki page in a project | write |
| update_wiki_page | Update a wiki page in a project | write |
| delete_wiki_page | Delete a wiki page from a project | admin |
| list_group_wiki_pages | List wiki pages in a group | read |
| get_group_wiki_page | Get details of a specific group wiki page | read |
| create_group_wiki_page | Create a wiki page in a group | write |
| update_group_wiki_page | Update a wiki page in a group | write |
| delete_group_wiki_page | Delete a wiki page from a group | admin |
| get_repository_tree | List files and directories in a repository | read |
| list_pipelines | List pipelines with filtering options | read |
| get_pipeline | Get details of a specific pipeline | read |
| list_deployments | List deployments with filtering options | read |
| get_deployment | Get details of a specific deployment | read |
| list_environments | List environments in a project | read |
| get_environment | Get details of a specific environment | read |
| list_pipeline_jobs | List all jobs in a specific pipeline | read |
| list_pipeline_trigger_jobs | List trigger jobs (bridges) in a pipeline | read |
| get_pipeline_job | Get details of a GitLab pipeline job number | read |
| get_pipeline_job_output | Get the output/trace of a pipeline job with optional pagination | read |
| validate_ci_lint | Validate provided GitLab CI/CD YAML content for a project | read |
| validate_project_ci_lint | Validate an existing .gitlab-ci.yml configuration for a project | read |
| create_pipeline | Create a new pipeline for a branch or tag | write |
| retry_pipeline | Retry a failed or canceled pipeline | write |
| cancel_pipeline | Cancel a running pipeline | write |
| play_pipeline_job | Run a manual pipeline job | write |
| retry_pipeline_job | Retry a failed or canceled pipeline job | write |
| cancel_pipeline_job | Cancel a running pipeline job | write |
| list_job_artifacts | List artifact files in a job's archive | read |
| download_job_artifacts | Download job artifact archive (zip) and save to a local path | read |
| get_job_artifact_file | Get content of a single file from a job's artifacts | read |
| list_merge_requests | List merge requests (without project_id: user's MRs; with project_id: project MRs) | read |
| list_milestones | List milestones with filtering options | read |
| get_milestone | Get details of a specific milestone | read |
| create_milestone | Create a new milestone | write |
| edit_milestone | Edit an existing milestone | write |
| delete_milestone | Delete a milestone | admin |
| get_milestone_issue | Get issues associated with a specific milestone | read |
| get_milestone_merge_requests | Get merge requests associated with a specific milestone | read |
| promote_milestone | Promote a milestone to the next stage | write |
| get_milestone_burndown_events | Get burndown events for a specific milestone | read |
| get_users | Get GitLab user details by usernames | read |
| get_user | Get user details by ID | read |
| whoami | Get current authenticated user details | read |
| list_commits | List repository commits with filtering options | read |
| get_commit | Get details of a specific commit | read |
| get_commit_diff | Get changes/diffs of a specific commit | read |
| get_file_blame | Get git blame for a file at a given ref. Each entry maps a contiguous range of source lines to the commit that last changed them (id, author, authored_date, message). Use range_start/range_end to limit blame to specific lines. | read |
| list_commit_statuses | List statuses for a commit | read |
| create_commit_status | Create or update the status of a commit | write |
| list_group_iterations | List group iterations with filtering options | read |
| upload_markdown | Upload a file for use in markdown content | write |
| download_attachment | Download an uploaded file from a project (images returned as base64; use local_path to save to disk) | read |
| health_check | Verify server status and authentication | read |
| list_events | List events for the authenticated user (before/after: YYYY-MM-DD) | read |
| get_project_events | List events for a project (before/after: YYYY-MM-DD) | read |
| list_releases | List all releases for a project | read |
| get_release | Get a release by tag name | read |
| create_release | Create a new release | write |
| update_release | Update an existing release | write |
| delete_release | Delete a release (does not delete the tag) | admin |
| create_release_evidence | Create release evidence (Premium/Ultimate) | write |
| download_release_asset | Download a release asset file by direct asset path | read |
| list_tags | List repository tags for a project | read |
| get_tag | Get a repository tag by name | read |
| create_tag | Create a new repository tag | write |
| delete_tag | Delete a repository tag | admin |
| get_tag_signature | Get the X.509 signature of a signed tag (404 if unsigned) | read |
| get_work_item | Get a work item with full details including status, hierarchy, type, and widgets | read |
| list_work_items | List work items with filters (type, state, search, assignees, labels) | read |
| create_work_item | Create a work item (issue, task, incident, epic, etc.) with full field support | write |
| update_work_item | Update a work item (title, description, labels, assignees, state, parent, custom fields, etc.) | write |
| convert_work_item_type | Convert a work item to a different type | write |
| list_work_item_statuses | List available statuses for a work item type (Premium/Ultimate) | read |
| list_custom_field_definitions | List custom field definitions for a work item type | read |
| move_work_item | Move a work item to a different project | write |
| list_work_item_notes | List notes and discussions on a work item | read |
| create_work_item_note | Add a note to a work item (supports Markdown, internal notes, threads) | write |
| list_work_item_emoji_reactions | List all emoji reactions on a work item | read |
| list_work_item_note_emoji_reactions | List all emoji reactions on a work item note (comment, thread, or thread reply) | read |
| create_work_item_emoji_reaction | Add an emoji reaction to a work item (e.g. thumbsup, rocket, eyes) | write |
| delete_work_item_emoji_reaction | Remove an emoji reaction from a work item | admin |
| create_work_item_note_emoji_reaction | Add an emoji reaction to a work item note (comment, thread, or thread reply) | write |
| delete_work_item_note_emoji_reaction | Remove an emoji reaction from a work item note (comment, thread, or thread reply) | admin |
| get_timeline_events | List timeline events for an incident | read |
| create_timeline_event | Create a timeline event on an incident | write |
| list_webhooks | List webhooks for a project or group | read |
| list_webhook_events | List recent webhook events (past 7 days) | read |
| get_webhook_event | Get full details of a specific webhook event | read |
| search_code | Search for code across all projects (requires advanced search or Zoekt) | read |
| search_project_code | Search for code within a specific project (requires advanced search or Zoekt) | read |
| search_group_code | Search for code within a specific group (requires advanced search or Zoekt) | read |
| discover_tools | Discover and activate additional tool categories for this session. Available categories: merge_requests, issues, repositories, branches, projects, labels, ci, groups, pipelines, milestones, wiki, releases, tags, users, workitems, webhooks, search. Already-active categories are listed in the response. | read |
Deploy GitLab MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow