Integrations

Connect your Git providers and container registries so the platform can clone repositories, trigger scans, and deliver remediation pull requests. Integrations are managed per organization and support multiple providers simultaneously.

Git providers

Git integrations provide repository access for cloning source code and creating remediation pull requests:

GitHub

One-click setup through the GitHub App. Install it on your organization or repositories and access permissions, webhooks, and repository syncing are configured automatically.

GitLab

Connect with a personal or group service account access token. Provide the token and the platform handles repository discovery and cloning automatically.

Container registries

Registry integrations allow the platform to pull and scan container images:

AWS ECR

Authenticate with an IAM access key and secret. Specify the AWS region and optionally a registry ID.

GCP Artifact Registry

Provide a service account key, project ID, and location for access to Google Cloud container images.

Azure ACR

Connect using a service principal with client ID, client secret, tenant ID, and registry name.

Docker Hub

Authenticate with your username and a personal access token for public and private image scanning.

Managing integrations

The integrations page in the dashboard lists all configured providers with their current status - Active, Pending, Failed, Suspended, or Revoked. You can search by name, filter by provider or type, and sort by any column.

Each integration can be verified on demand to confirm that credentials are still valid. Verification automatically syncs the list of accessible repositories in the background.

Credentials are encrypted at rest using a transit encryption engine and are never exposed in the dashboard. Only non-sensitive metadata is displayed in the integration detail view.