Gitpod seamlessly integrates with major source control providers, enabling you to work with your code repositories directly within your Gitpod environments.

Key Features

  • Automated Repository Cloning: Your repositories are automatically cloned when you start a Gitpod environment
  • Full Branch Management: Create, switch, and manage branches directly within your environment
  • Commit and Push: Make changes and push them back to your repository without leaving Gitpod

Supported Providers

Gitpod integrates with the following source control providers:

Authentication

You can authenticate with your source control provider using:
  • OAuth: For a streamlined authentication experience
  • Personal Access Tokens (PAT): For more granular control over permissions

Security Architecture

Gitpod follows a secure architecture for source control integration:
  • All source control interactions occur only through the runner on your infrastructure
  • Gitpod’s management plane never has access to your credentials or source code
  • Your code and credentials remain exclusively within your control

Zero-Trust Permission Validation

Gitpod’s zero-trust architecture ensures that developers can only access repositories they have permission to view:
  • SCM Permission Enforcement: Developers can only open environments for repositories they have access to in your source control management system. Repository access is validated through real-time API calls to your SCM provider during environment initialization.
  • Continuous Credential Validation: User credentials and permissions are validated continuously throughout the environment lifecycle (every 60 seconds), ensuring that permission changes in your SCM are immediately reflected in Gitpod environments.
  • No Privilege Escalation: Users cannot access repositories beyond their granted SCM permissions. All SCM operations use the user’s own OAuth tokens or Personal Access Tokens, with no token sharing or privilege escalation mechanisms.
  • Real-time Authorization: SCM permissions are validated through live API calls to your source control provider, ensuring current permission state is always respected rather than relying on cached permissions.
This approach ensures that your existing source control permissions and security policies are continuously respected and enforced within Gitpod environments, with near real-time synchronization of permission changes. Visit the provider-specific pages for detailed setup instructions and best practices.