Integrations
Kolega connects to your Git provider via OAuth. Read-only scope by default, no long-lived tokens stored, scan results posted directly to your PRs.
Three integrations available today. Pick yours below.
GitHub
The most common setup. Connect Kolega via OAuth, choose which repos to scan, and findings appear as PR comments alongside your existing reviews.
Setup guideGitLab
Self-hosted GitLab and gitlab.com both supported. Same OAuth flow, same read-only scope, same PR-level findings (merge request comments in GitLab terminology).
Setup guideAzure DevOps
Connect your Azure DevOps organisation, select projects, and Kolega scans on every pull request. Findings post inline.
Setup guideHow the integration works
The same flow for every provider:
- 1
Sign in to Kolega and connect your Git provider via OAuth.
- 2
Choose which repositories to scan.
- 3
Findings appear in your dashboard and as PR comments.
- 4
Autofix PRs are opened directly against your repo when applicable.
No CI pipeline changes required. No config files to maintain. The integration uses read-only scope by default — Kolega can read code to scan it and write PR comments, but doesn't have permission to modify repository contents unless you explicitly enable autofix PRs.
Bitbucket & Jira
Bitbucket and Jira integrations are on the roadmap. Email info@kolega.ai if either is a blocker for your team.
Security
Code is cloned into ephemeral containers for each scan and deleted immediately after. We don't store source code at rest. Full details on the Trust Center.