Gitpod seamlessly integrates with major source control providers, enabling you to work with your code repositories directly within your Gitpod environments.
Gitpod’s zero-trust architecture ensures that developers can only access repositories they have permission to view:
SCM Permission Enforcement: Developers can only open environments for repositories they have access to in your source control management system. Repository access is validated through real-time API calls to your SCM provider during environment initialization.
Continuous Credential Validation: User credentials and permissions are validated continuously throughout the environment lifecycle (every 60 seconds), ensuring that permission changes in your SCM are immediately reflected in Gitpod environments.
No Privilege Escalation: Users cannot access repositories beyond their granted SCM permissions. All SCM operations use the user’s own OAuth tokens or Personal Access Tokens, with no token sharing or privilege escalation mechanisms.
Real-time Authorization: SCM permissions are validated through live API calls to your source control provider, ensuring current permission state is always respected rather than relying on cached permissions.
This approach ensures that your existing source control permissions and security policies are continuously respected and enforced within Gitpod environments, with near real-time synchronization of permission changes.Visit the provider-specific pages for detailed setup instructions and best practices.