Authorizing Access to Your Source Code

Most developers use a tool to manage the archiving and versioning of their source code. Such systems are referred to as Version Control Systems (VCS).

Thankfully, the industry has standardized over the years to models based upon Git. “Git was originally authored by Linus Torvalds in 2005 for development of the Linux kernel.” Since then, systems based upon Git have become prominent in the industry. These include GitHub, GitLab and Bitbucket. iCR is designed to work with all three of these industry leading Version-Control Systems (VCS), and before iCR can analyze your source code, it needs to be authorized to access your VCS repositories.

GitHub, GitLab are offered with 2 distinct deployment models. There is the cloud version in which a developer’s source code is stored in the cloud using servers provided by the VCS itself. iCR also supports Bitbucket in this cloud deployment model. A developer logs into the cloud service and then gains access to their personal projects.

A similar service is available for private deployments for GitHub and GitLab. In these cases, an “enterprise” version of GitHub or GitLab is acquired by the developer and installed within their development network. In these cases, a developer still must authenticate with the VCS in order to gain access to their source code.

One of the key features of iCR is that using it does not require you to expose your source code outside of your own development team. So how does iCR gain access to your source code? iCR offers 2 methods for code authorization.

The first method is to have each user of iCR configure a Personal Access Token or PAT into iCR. The PAT is a secure method unique to each developer which authorizes the developer to access all of their projects.

The second method uses the industry standard protocol: OAuth.

From Wikipedia: “OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.”

Both PAT and OAuth modes of authorization are used for both cloud-based and privately deployed instances of GitHub, GitLab and Bitbucket. The setup is slightly different for each modes and each VCS. They will be explained individually in the following pages.