Workspaces & Members
A workspace is where your repositories, scans, and trust data live. You can work solo in your personal workspace, spin up a shared workspace for your team, and invite people to join it - by email or with a single shareable link. This page covers everything you need to set one up and run it.
How workspaces are organized
Every account has one personal workspace, created for you the first time you sign in. It is yours alone and cannot be deleted or left. When you want to collaborate, you create a shared workspace and invite your team into it.
| Type | Who it is for | What you can do |
|---|---|---|
| Personal | Just you | Created automatically and shown as “Your workspace”. Always available to fall back to. Cannot be deleted or shared. |
| Shared | A team or company | Created by you, with members, roles, and invitations. Can be split into branches for sub-teams. |
You can belong to as many workspaces as you like and switch between them at any time with the workspace switcher.
Create a shared workspace
Open the workspace switcher in the sidebar and choose Create workspace. Give it a name - your team or company name works well - and you are done. You become its owner, it becomes your active workspace, and you can start inviting people right away.
Member roles
Every member of a shared workspace has one of three roles. Roles control who can change settings, manage people, and see results.
| Role | Can do |
|---|---|
| Owner | Everything an admin can do, plus transfer ownership and delete the workspace. There is exactly one owner at a time. |
| Admin | Invite and remove members, change member roles, rename the workspace, and create branches. Cannot transfer ownership or delete the workspace. |
| Member | View repositories, scan results, and trust data. Read-only - members cannot manage people or settings. |
Owners and admins can promote a member to admin or demote an admin back to member at any time. The owner role is special - it can only change hands through ownership transfer.
Invite members by email
Inviting someone specific? Open your workspace members, enter their email, and pick whether they join as an admin or a member. They receive a link to accept. The invite is tied to that exact email address - only the person who owns it can use it.
Expires in 72 hours
If it lapses before they accept, regenerate it from the members list to issue a fresh link.
One pending invite per email
You cannot stack invites for the same address. Cancel the pending one first if you need to change the role.
Invite members with a shareable link
Onboarding a whole team? Generate a shareable link instead. Anyone with the link can join after signing in - no need to enter each address. Drop it in Slack, an onboarding doc, or a welcome email.
When you create a link, you choose two limits:
| Setting | Options | What it controls |
|---|---|---|
| Expires after | 1h / 24h / 7d | How long the link stays valid before it stops working. |
| Max uses | 1 / 5 / 25 / 100 | How many people can join through it. It closes itself once the limit is reached. |
A workspace has one active link at a time. Generating a new one replaces the old one immediately, and you can revoke a link whenever you want to cut off access. Re-joining with the same account does not burn an extra use, so your quota reflects real people, not repeat clicks.
Transfer ownership
Handing the workspace to a colleague? As the owner, choose any existing member and transfer ownership to them. They become the new owner, and you step down to admin so you keep managing the workspace day to day.
The new owner must already be a member
Invite them and let them accept first, then transfer.
Owners cannot simply leave
To step away entirely, transfer ownership first, then leave the workspace.
Branches for sub-teams
Larger organizations can split a workspace into branches - separate sub-workspaces grouped under a parent. Use them to give each squad, product line, or business unit its own repositories and members while keeping them organized under one roof.
Owners and admins of the parent create branches from the workspace settings. A few things to know:
- The hierarchy is two levels deep - a parent and its branches. A branch cannot have branches of its own.
- Each branch has its own members and roles, managed just like any shared workspace.
- Branches appear indented under their parent in the workspace switcher, so it is always clear how they relate.
Switch between workspaces
The workspace switcher in the sidebar lists every workspace you belong to - your personal one, any shared workspaces, and their branches nested underneath. Each entry shows the workspace name and your role in it.
Click one to make it active. From that point on, every page - repositories, scans, trust data, settings - reflects the workspace you picked. Your choice sticks across sessions, so you land back in the same place next time you sign in.
Leave a workspace
You can leave any shared workspace you no longer need access to. When you do, you drop straight back to your personal workspace. Two rules apply:
- You cannot leave your personal workspace - it is always there.
- Owners must transfer ownership before leaving. Leaving a parent workspace also removes you from its branches.