2 files changed, 13 insertions, 3 deletions

diff --git a/app/controllers/import/bitbucket_server_controller.rb b/app/controllers/import/bitbucket_server_controller.rb
index f71ea8642cd..dc72a4e4fd9 100644
--- a/app/controllers/import/bitbucket_server_controller.rb
+++ b/app/controllers/import/bitbucket_server_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class Import::BitbucketServerController < Import::BaseController
+  include ActionView::Helpers::SanitizeHelper
+
   before_action :verify_bitbucket_server_import_enabled
   before_action :bitbucket_auth, except: [:new, :configure]
   before_action :validate_import_params, only: [:create]
@@ -57,7 +59,7 @@ class Import::BitbucketServerController < Import::BaseController
 
   # rubocop: disable CodeReuse/ActiveRecord
   def status
-    @collection = bitbucket_client.repos(page_offset: page_offset, limit: limit_per_page)
+    @collection = bitbucket_client.repos(page_offset: page_offset, limit: limit_per_page, filter: sanitized_filter_param)
     @repos, @incompatible_repos = @collection.partition { |repo| repo.valid? }
 
     # Use the import URL to filter beyond what BaseService#find_already_added_projects
@@ -147,4 +149,8 @@ class Import::BitbucketServerController < Import::BaseController
   def limit_per_page
     BitbucketServer::Paginator::PAGE_LENGTH
   end
+
+  def sanitized_filter_param
+    sanitize(params[:filter])
+  end
 end
diff --git a/app/controllers/import/github_controller.rb b/app/controllers/import/github_controller.rb
index aa4aa0fbdac..ebb50fc8b10 100644
--- a/app/controllers/import/github_controller.rb
+++ b/app/controllers/import/github_controller.rb
@@ -10,7 +10,7 @@ class Import::GithubController < Import::BaseController
   rescue_from Octokit::Unauthorized, with: :provider_unauthorized
 
   def new
-    if github_import_configured? && logged_in_with_provider?
+    if !ci_cd_only? && github_import_configured? && logged_in_with_provider?
       go_to_provider_for_permissions
     elsif session[access_token_key]
       redirect_to status_import_url
@@ -169,11 +169,15 @@ class Import::GithubController < Import::BaseController
   # rubocop: enable CodeReuse/ActiveRecord
 
   def provider_auth
-    if session[access_token_key].blank?
+    if !ci_cd_only? && session[access_token_key].blank?
       go_to_provider_for_permissions
     end
   end
 
+  def ci_cd_only?
+    %w[1 true].include?(params[:ci_cd_only])
+  end
+
   def client_options
     {}
   end