At the moment of writing this, DeepSource supports native integrations with GitHub and GitLab. For both these VCS providers, access can be granted to DeepSource to both public as well as private repositories in a couple of clicks.
For GitHub
The access to the repositories — both public and private, is granted when a user installs our GitHub app on their personal or organization account after signing up. During installation, access can be granted to all repositories (current and future), or selected ones. This setting can be changed anytime from the GitHub app’s configuration page.
For GitLab
The access to repositories is granted by the access token of the user who’s created the team on DeepSource and connected it with the corresponding team on GitLab. DeepSource will be able to access all repositories that the user has access to.
If analysis has been activated on a private repository, only the users who have access to the repository on the VCS provider would be able to see it on DeepSource. Every time a new pull-request is created, or a new commit is pushed to an existing PR, the source code is fetched using a short lived token, and the analysis is run in an isolated environment. After the analysis, the source code is purged.
I have a Gitlab account from which I have signed up & also added the groups I am part of. One strange thing is I am only able to see few repositories of that group and not every repo in the list. Also another strange thing is the repositories which are coming in the list all are updated almost a month ago.
Anything I am doing wrong?
Hey Nikhil! The way our GitLab integration works, we get access to only those repositories that the user who’s created the DeepSource account has access to. This is because we need to use the user’s access key. We’re adding the ability to change the account’s primary owner from the dashboard very soon. If you don’t see some repositories, it is possible that those are not accessible by DeepSource, or have not been synced yet.
Also, at the moment, GitLab does not notify on its webhooks when a new repository is added, so that the data could be stale. We’re working on adding a button on the DeepSource dashboard that you can use to sync these repositories explicitly. Please keep an eye on when that release goes out via the “What’s new” button on your DeepSource dashboard.
If you’d like us to assist you with this for the time being, please send me an email with your account’s username at support@deepsource.io, and we’ll get on it right away!