Connecting Your VCS

Codity supports four version control providers. Each provider has specific setup requirements — follow the guide for your platform below.

Supported providers

ProviderAuthenticationPAT required?
GitHubOAuth + GitHub AppNo
GitLabOAuth + PATYes
Azure DevOpsOAuth + PATYes
BitbucketOAuthNo

GitHub

Sign in

  1. Click Sign in with GitHub on the login page.
  2. Authorize the Codity OAuth application when prompted.
  3. Select whether you want to use Codity with your personal account or an organization.

Connect repositories

  1. Install the Codity GitHub App on your organization (or personal account).
  2. Choose which repositories the app can access — you can grant access to all repos or select specific ones.
  3. Go to the dashboard and your repositories will appear automatically.

Requirements

  • You must be an organization owner or have permission to install GitHub Apps to set up Codity for an organization.
  • For personal accounts, no additional permissions are needed beyond the OAuth authorization.

GitLab

Sign in

  1. Click Sign in with GitLab on the login page.
  2. Authorize the Codity OAuth application.

Provide a Personal Access Token (PAT)

GitLab requires a PAT to access group members and project details. After signing in:

  1. Go to the GitLab Repos page in the dashboard.
  2. You will be prompted to enter a PAT.
  3. Generate a PAT in GitLab and paste it into the dashboard.

PAT requirements

Your GitLab Personal Access Token must have the following:

  • Role: The token owner must have at least Member access (Developer role or above) to the groups and projects you want Codity to scan.
  • Scopes:
    • read_api — Required for listing projects and group members.
    • read_repository — Required for accessing repository contents.

> Your PAT is encrypted before storage and is never exposed in logs or API responses.

Connect repositories

  1. Select the GitLab group you want to work with.
  2. Browse the available projects.
  3. Toggle on the repositories you want Codity to monitor.

Azure DevOps

Sign in

  1. Click Sign in with Azure DevOps on the login page.
  2. Authorize the Codity OAuth application.
  3. Select the Azure DevOps organization you want to use.

Provide a Personal Access Token (PAT)

Azure DevOps requires a PAT for member listing and seat tracking. After signing in:

  1. Go to Settings > Azure PAT in the dashboard (or you'll be redirected automatically).
  2. Generate a PAT in Azure DevOps and paste it in.

PAT requirements

Your Azure DevOps Personal Access Token must have:

  • Access: The token owner must have Member access to the organization.
  • Scopes:
    • Member Entitlement Management (Read) — Required for listing organization members and tracking seats.

> If your PAT is missing required scopes, the dashboard will display a warning and prompt you to update it.

Connect repositories

  1. Select the Azure DevOps organization and project.
  2. Browse available repositories.
  3. Toggle on the repositories you want Codity to monitor.

Bitbucket

Sign in

  1. Click Sign in with Bitbucket on the login page.
  2. Authorize the Codity OAuth application.

Connect repositories

  1. Select the workspace you want to use.
  2. Browse available repositories.
  3. Toggle on the repositories you want Codity to monitor.

Requirements

  • You must have read access to the workspace and its repositories.
  • Bitbucket uses OAuth tokens with automatic refresh — no PAT is required.

Token security

All access tokens and PATs are:

  • Encrypted at rest using industry-standard encryption.
  • Never logged or exposed in API responses.
  • Scoped to the minimum permissions needed by Codity.

If you need to rotate a token, simply update it from the dashboard — the old token is immediately replaced.