Integrations Overview

CodeThreat integrates with all major version control systems to scan your repositories for security vulnerabilities.

Supported Platforms

GitHub

GitHub Cloud with OAuth, GitHub App, or Personal Access Token

GitLab

GitLab Cloud and Self-Hosted with OAuth or Personal Access Token

Azure DevOps

Azure DevOps with OAuth or Personal Access Token

Bitbucket Cloud

Bitbucket Cloud with OAuth or App Passwords

Bitbucket Server

Bitbucket Server (Data Center) with Personal Access Tokens

Connection Methods

Different platforms support different authentication methods:

Platform	OAuth	GitHub App	Personal Access Token	App Password
GitHub	✅	✅	✅	—
GitLab	✅	—	✅	—
Azure DevOps	✅	—	✅	—
Bitbucket Cloud	✅	—	—	✅
Bitbucket Server	—	—	✅	—

Which Method Should You Use?

OAuth (Recommended)
GitHub App
Personal Access Token

Best for: Most users and teamsPros:

Quick and easy setup
No manual token management
Automatic token refresh
Revocable from VCS settings

Cons:

Requires browser access
May need org admin approval

What Permissions Does CodeThreat Need?

CodeThreat requests read-only access to your repositories:

Repository Access

✅ Read repository content: To scan code for vulnerabilities
✅ Read repository metadata: To display repo names, branches, commits
✅ Read pull requests: To scan PR changes
❌ Write access: CodeThreat never modifies your code

Webhook Access

✅ Create webhooks: To receive notifications about commits and PRs
✅ Read webhook events: To trigger automatic scans

Pull Request Integration (Optional)

✅ Read PR changes: To scan only modified code
✅ Post PR comments: To provide security feedback (if enabled)
✅ Create checks: To show pass/fail status (GitHub only)

CodeThreat operates on a read-only basis. We never push commits, modify files, or change repository settings.

How Connections Work

When you connect a VCS platform:

Authentication

You authorize CodeThreat to access your account via OAuth, token, or app installation

Repository Discovery

CodeThreat fetches a list of repositories you have access to

Repository Selection

You choose which repositories to import for scanning

Webhook Setup

CodeThreat creates webhooks to receive notifications about code changes (if automated scanning is enabled)

Initial Scan

CodeThreat automatically runs an initial security scan on imported repositories

Next Steps

GitHub Integration

Connect GitHub repositories

Automated Scanning

Set up automatic scans

Introduction

Quick Start

Pull Requests & Scanning

Security Capabilities

Setup & Configuration

Reference & Support

Integrations Overview

Supported Platforms

GitHub

GitLab

Azure DevOps

Bitbucket Cloud

Bitbucket Server

Connection Methods

Which Method Should You Use?

What Permissions Does CodeThreat Need?

Repository Access

Webhook Access

Pull Request Integration (Optional)

How Connections Work

Next Steps

GitHub Integration

Automated Scanning

Introduction

Quick Start

Pull Requests & Scanning

Security Capabilities

Setup & Configuration

Reference & Support

​Supported Platforms

GitHub

GitLab

Azure DevOps

Bitbucket Cloud

Bitbucket Server

​Connection Methods

​Which Method Should You Use?

​What Permissions Does CodeThreat Need?

​Repository Access

​Webhook Access

​Pull Request Integration (Optional)

​How Connections Work

​Next Steps

GitHub Integration

Automated Scanning

Supported Platforms

Connection Methods

Which Method Should You Use?

What Permissions Does CodeThreat Need?

Repository Access

Webhook Access

Pull Request Integration (Optional)

How Connections Work

Next Steps