Help Center/ CodeArts Repo/ User Guide/ Security Management
Updated on 2024-12-12 GMT+08:00
View PDF
Share

Security Management

For higher security, CodeArts Repo allows you to add IP addresses to the whitelist, change the repository owner, delete the repository, change the repository name, add watermarks, lock the repository, and record audit logs. For details, see the following sections. Only the users who have the permission to set repo groups or repositories can perform these operations. For details about how to set permissions, see Configuring Repo-Level Permissions.

Configuring a Deploy Key

For security purposes, some repositories can only be cloned and downloaded and do not support other change operations such as merge code. You can configure a deploy key for a read-only repository. To generate a deploy key locally, choose Settings > Security Management > Deploy Key on the repository details page. On the Deploy Key page, click Add Deploy Key. For details about how to generate an SSH key locally, see step 1 to step 3 in Configuring an SSH Private Key.

  • Multiple repositories can use the same deploy key, and a maximum of 10 deploy keys can be added to a repository.
  • The difference between an SSH key and repository deploy key is that the former is associated with a user and PC and the latter is associated with a code repository. The SSH key has the read and write permissions on the repository, and the deploy key has the read-only permission on the repository.
  • The settings take effect only for the repository configured.

Risky Operations

CodeArts Repo allows you to change the repository owner, delete a repository, and change the repository name, but these operations are also risky. Exercise caution when performing these operations.

To configure risky operations, choose Settings > Security Management > Risky Operations on the repository details page. The following operations are supported:

  • Transfer repository ownership: You can transfer the current repository to another member in the repository (but not to a viewer).
  • Delete repository: Once you delete the repository, all content in the repository will be permanently deleted. This operation cannot be undone. Please exercise caution.
  • Rename repository: This will invalidate the original path for access and clone. Please exercise caution.
  • Transfer repository: This will change the repo access and clone addresses. The previous addresses before the transfer will become invalid. Exercise caution when performing this operation.

Adding Watermark to a Repository

CodeArts Repo allows you to add watermarks to repositories to protect intellectual property rights.

To set watermarks, choose Settings > Security Management > Watermark on the repository details page.

After the watermark is enabled, the repository displays the following watermark content: account + time.

Locking a Repository in CodeArts

You can lock a repository to prevent anyone from damaging its upcoming versions.

To lock a repository, choose Settings > Security Management > Repository Locking on the repository details page. Repo members with the settings permission can perform this operation.

If the watermark is enabled, the repository is locked and read-only. No one can commit code to any branch, create comments, or perform other related operations.

Setting an IP Address Whitelist for CodeArts Repo

In CodeArts, you can set the IP address range and access for the IP address whitelist to restrict users' access, upload, and download permissions, enhancing repository security. The IP address whitelist takes effect only for repos whose visibility is Private, Read-only for project members, and Read-only for tenant members.

To configure the IP address whitelist, you can choose Settings > Security Management > IP Address Whitelist on the repository details page. IPv4 and IPv6 are supported. The following table lists the three formats of IP address whitelists.

Click Add IP Whitelist and set parameters by referring to the following table. To modify an IP address whitelist, click the in the row where the IP address whitelist is located.

Table 1 Parameters for creating an IP address whitelist

Parameter

Description

IPv4

If you select this option, you can specify an IP address, set an IP address range, or set a route in CIDR format. The differences are as follows:

  • IP address: The IP address will be added to the whitelist. For example, you can add the IP address of your personal computer to the whitelist.
  • IP address segment: If you have multiple servers and the IP address segments are consecutive or your IP addresses dynamically change in a network segment, you can add an IP address segment. Example: 100.*.*.0 - 100.*.*.255.
  • CIDR: When your server is on a LAN and uses CIDR routing, you can specify a 32-bit egress IP address of the LAN and the number of bits of a specified network prefix. Requests from the same IP address are accepted if the network prefix is the same as the specified one.

IPv6

If you select this option, you can specify an IP address and an IP address range. For details, see IP address and IP address segment.

Description

Optional.

Access Control

Optional. Select the corresponding options as needed.

  • Allowed to access the repository: Only whitelisted IP addresses and the repository owner can access the repository.
  • Allowed to download code: If this option is selected, IP addresses in the whitelist can download code online and clone code locally.
  • Allowed to commit code: Only whitelisted IP addresses can modify and upload code online, or commit code locally. Code-based build project orchestration and YAML file synchronization are not affected.
  • To set an IP address whitelist for all repositories of your tenant, log in to the repository list page of CodeArts Repo, click the alias in the upper right corner, and choose All Account Settings > Repo > IP Address Whitelist. The configuration rules are the same as the preceding configuration.
  • If you want to import the repository of another tenant but they have configured an IP address whitelist, the import will fail. In this case, contact your administrator to obtain the proxy IP address and ask the target tenant to add the proxy IP address to the IP address whitelist.

CodeArts Repo Audit Logs

CodeArts Repo allows you to modify repository attributes. It records information such as code commits and merge requests about the code repository. Each audit log contains the operator, operation type, and operation content. You can filter and view audit logs by time.

Adjusting Repository Visibility

CodeArts Repo allows you to adjust the visibility of repositories.

On the CodeArts homepage, click the profile picture and choose All Account Settings. In the navigation pane on the left, choose Repo > Repo Visibility Adjustment, and click Adjust to adjust the visibility of the code repo of a tenant.

  • If the page shown in the following figure is displayed, you can create a public code repository (group) and set the visibility of the code repository to public.

  • If the page shown in the following figure is displayed, the public code repository (group) cannot be created and the visibility of the code repository cannot be set to public.