Help Center/ CodeArts Repo/ Best Practices/ CodeArts Repo Security Configuration Overview
Updated on 2025-07-10 GMT+08:00

CodeArts Repo Security Configuration Overview

Code Security

CodeArts Repo provides access tokens, deploy keys, and protected branches to safeguard your code assets.

Table 1 Code security

Security Configuration

Description

Suggestion

Reference

Access tokens

CodeArts Repo allows each user to generate access tokens. Tokens are displayed only when generated. You can set the validity period (max. 1 year) of a token. By default, a token is valid for 1 month.

When granting repo access to a third party, create an access token with a specific validity period. Access tokens prevent account and password disclosure.

Configuring an Access Token

Deploy keys

CodeArts Repo allows you to add deploy keys for each code repo. Users only have read permissions when accessing a repo using a deploy key.

In code repo reading scenarios, such as builds, use a deploy key to clone a repo to improve code repo security.

Configuring a Deploy Key for a Repository

Protected branches

You can set branch protection rules in a code repo to prevent branches from being modified or mis-deleted.

Set a protection rule for the master branch so that code can only be merged into it via merge requests. Only authorized roles can push code to protected branches.

Configuring Protected Branch Rules

Visibility

CodeArts Repo allows you to set the following visibility options for code repos:

  • Private (A repo can only be read, written, and accessed by its members.)
  • Public
    • Read-only for project members
    • Read-only for tenant members
    • Read-only for all visitors

Set the visibility when creating a repo or adjust the visibility for an existing repo to scale to your needs.

The administrator can determine whether to allow members to create "Public" code repos.

Commit rules

CodeArts Repo control code commits using specific rules. You can use the preconfigured commit rules or create new ones.

Set commit rules for each repo to prevent your code from being modified without permission.

Configuring Commit Rules