Git Data

Our Git integration collects metadata about your organization’s activity across repositories, pull requests, and deployments. We never read, transmit, or store source code. Sensitive data, such as branch names and pull request titles, are always encrypted.

We partner with Drata, a continuous compliance platform, to monitor our security posture on an ongoing basis. Our SOC 2 Type 2 report, latest security and policy documents, continuous monitoring status, and list of subprocessors can all be found at our Trust Center.

Data We Collect


Organizations, Teams, and Members

We collect basic information about your organization, teams, and members. Member data includes usernames, organization role (e.g. admin), and team memberships, helping you filter data at the team level.

We store minimal personally identifiable information (PII) for organization members, such as name and email address. We also collect basic location information (e.g. city, state, or country) that is publicly available on a user’s GitHub profile.

Repositories, Pull Requests, and Deployments

Repository metadata we collect includes name, visibility (public or private), and branch names. We never read or access code.

We track basic information about pull requests, such as titles, URLs, statuses, labels, branches, authors, and change counts (additions, deletions, modifications). Additionally, we track when a pull request is opened, reviewed, merged, and closed. We also collect basic commit details (SHAs, timestamps, filenames).

Deployment tracking covers events related to workflows/pipelines, check runs, deployments, commit statuses, releases, and tags. The metadata we collect includes run name, status, completion time, and run time.

GitHub Copilot

If your organization purchased GitHub Copilot licenses, we collect data about GitHub Copilot usage — including seat assignments, last activity, and a breakdown of suggestions, acceptances, and usage by editor or language.

Permissions

We request only the necessary permissions to analyze Git metadata. Below is a description of the scopes requested when connecting to GitHub, GitLab, Bitbucket, or Azure DevOps.

GitHub

We request the following scopes when connecting GitHub: 

  • Repository: Read access to actions, checks, code, commit statuses, deployments, issues, metadata, and pull requests
  • Organization: Read access to members, organization administration, organization copilot seat management, and organization projects
  • User: Read access to email addresses, public repositories, public organization information, and public user profile data

We require read access to metadata for commits, branches, and releases. Since GitHub’s API does not offer more granular permissions for these specific endpoints, we must request read access to all repository contents. Please note that we never read, transmit, or store source code.

You can learn more about permissions for GitHub Apps in GitHub’s documentation

GitLab

We request the following scopes when connecting GitLab: 

  • api: Read/write access to the API, including all groups and projects, the container registry, the dependency proxy, and the package registry.

Due to limitations in GitLab’s scopes, our platform requires api, not read_api, in order to install webhooks on each project. Please note that we never read, transmit, or store source code. We also do not edit or modify code or files.

You can learn more about scopes for authorized applications in GitLab’s documentation

Bitbucket

We request the following scopes when connecting Bitbucket: 

  • Account: Ability to see all the user's account information
  • Project: Access to projects
  • Pull Request: Read access to pull requests and collaborate on them
  • Repository: Read access to all the repositories the authorizing user has access to
  • Access runners: Access to runners (Pipelines on your own infrastructure)
  • Team: Ability to find out what teams the current user is part of

You can learn more about scopes for Atlassian Connect apps in Atlassian’s documentation

Azure DevOps

We request the following scopes when connecting Azure DevOps: 

  • Build: Read access to build artifacts, including build results
  • Code: Read access to source code and metadata about commits, changesets, branches, and other version control artifacts
  • Code (status): Ability to read and write commit and pull request status
  • Member Entitlement Manager: Read access to users
  • Project and Team: Read access to projects and teams
  • Release: Read access to release artifacts

You can learn more about scopes for Azure DevOps in Microsoft’s documentation.

Still need help? Contact Us Contact Us

Related Articles