Platform Documentation

Learn how to use the RepoGate web platform.

Automated Governance for the Software Supply Chain

In today's competitive landscape, the pressure to accelerate development cycles is immense. However, this speed cannot come at the cost of security and compliance. RepoGate transforms dependency management from a reactive, manual bottleneck into a proactive, automated process that accelerates business while minimizing risk.

Our platform embeds security directly into the developer workflow, providing 100% visibility into your software supply chain and eliminating the pain of last-minute audit scrambles.

The RepoGate Philosophy: Governance-as-Code

At its core, RepoGate operates on the principle of Governance-as-Code. By treating your dependency governance rules as code, you can automate enforcement, create repeatable and auditable processes, and maintain a complete, version-controlled history of every decision. This approach shifts security "left," empowering developers to make compliant choices from the start, rather than discovering issues in production.

How It Works

Getting started with RepoGate is straightforward and designed to get your team up and running quickly. The onboarding process ensures that both administrators and developers can begin leveraging automated governance from day one.

Step 1: Request an Invite

Begin by requesting access to the RepoGate platform. Visit our website and click "Request Demo" to schedule a personalized walkthrough with our team. Once approved, you'll receive an invitation to create your organization's account on the platform.

Step 2: Set Up Your Organization

After logging in for the first time, you'll configure your organization's settings, including your company name, security policies, and governance rules. This is where you define what "approved" means for your organization—whether it's based on vulnerability thresholds, license requirements, or custom criteria.

Dashboard Setup

Step 3: Invite Your Team and Developers

From the Team page, invite your colleagues by entering their email addresses. Assign appropriate roles based on their responsibilities: Admins can approve requests and manage policies, while Developers can submit dependency requests and view their approval status. Each team member will receive an email invitation with instructions to join the platform.

Team Management

Step 4: Install the IDE Extension

Direct your developers to install the RepoGate IDE extension for their preferred development environment (VS Code, JetBrains, etc.). Once installed and configured with their API token, the extension will automatically monitor their projects for dependency changes and submit requests to the platform for approval.

Step 5: Start Governing

With your team onboarded and the extension installed, RepoGate begins working immediately. Developers continue their normal workflow while the platform captures every dependency request, evaluates it against your policies, and routes it for approval. Admins review requests from the dashboard, and the complete audit trail is automatically maintained for compliance.

Your Command Center: The Dashboard

The RepoGate dashboard provides an at-a-glance, real-time view of your organization's entire dependency landscape, risk posture, and security culture. It is the single source of truth for security leaders to monitor, manage, and report on software supply chain health.

Dashboard Overview

Live View: Real-Time Dependency Monitoring

The Live View is the central hub for monitoring all incoming dependency requests from your development teams. It provides key metrics such as pending requests, average approval times, and request volume, allowing you to identify bottlenecks and ensure SLAs are met.

Live View

Risk Intelligence: Proactive Threat Management

Move from reacting to vulnerabilities to proactively identifying and mitigating risk before it enters your ecosystem. The Risk Intelligence dashboard helps leaders understand and prioritize package-based risk through widgets for "Top Risky Packages," "Vulnerability Hotspots," and "License Risk Distribution."

Risk Intelligence

Risk & Culture: Quantifying Human Risk

RepoGate doesn't just track packages; it quantifies the risk associated with developer and project behavior. The Risk & Health Heatmap provides a visual representation of risk concentration, allowing you to identify high-risk projects and developers (the "Naughty List") who may need targeted training and support, thereby improving your organization's overall security culture.

The Core Workflow: From Request to Approval

The end-to-end workflow is designed to be frictionless for developers and efficient for admins, all while capturing a complete audit trail for compliance.

The Developer Experience: Frictionless Requests

Developers make dependency requests directly from their IDE using the RepoGate IDE extension. They are notified of the request status without ever leaving their workflow, ensuring productivity is never compromised.

The Admin Experience: Reviewing & Approving Dependencies

Admins manage all requests from the central Dependencies page. The platform provides all the context needed to make informed decisions, including vulnerability scans, license information, and policy checks. Approvals or denials are logged with review notes, ensuring a clear record of the decision-making process.

Dependencies Page

Automated Auditing: Compliance on Demand

RepoGate eliminates the manual, time-consuming process of evidence gathering for audits. You can generate comprehensive reports for standards like PCI DSS and SOC 2 with a single click.

The Reports Hub

The Reports page is your central location for all compliance and audit-related activities. Here, you can generate various report types and filter by date range, project, or developer to get the exact data you need.

Reports Hub

Generating PCI DSS & Full Audit Reports

Instantly satisfy PCI DSS 4.0 Requirement 6.3.2. The platform provides two primary views: a Summary View for a high-level overview and a Full Audit View that provides the raw, line-by-line data required by auditors. All reports can be exported to CSV or PDF with one click.

PCI Audit PDF Example

The exported PDF report provides auditors with a professional, comprehensive document that includes your organization's branding, report metadata, and a complete table of all dependency requests with their approval status, timestamps, and reviewer information.

PCI Audit Report

Integrations: Connecting to Your Ecosystem

RepoGate enhances your existing toolchain, acting as a central governance engine without requiring you to rip and replace your system of record.

ITSM Integration (ServiceNow, Jira)

Connect RepoGate to your ITSM platform to automatically create, update, and resolve tickets for dependency requests. This keeps your ITSM as the single source of truth for all ticketing and change management processes.

Administration & Team Management

Easily manage users, roles, and teams to fit your organizational structure and security requirements.

Managing Users and Roles

Assign predefined roles (User, Admin, Super Admin) to team members to enforce least-privilege access. Invite and manage all users from the central Team page.

Multi-Team Functionality

For consultants or large enterprises, users can belong to multiple teams and seamlessly switch between them using the team switcher in the header, ensuring context-specific governance is applied correctly.

Enhanced Authentication with EntraID

RepoGate now supports Microsoft Entra ID (formerly Azure Active Directory) authentication for IDE extensions, providing a seamless and secure single sign-on (SSO) experience for developers.

Authentication Options

Developers can choose between two authentication methods when connecting their IDE to RepoGate:

EntraID Authentication (Recommended)

The recommended method uses your organization's Entra ID for secure, centralized authentication. This provides:

  • Single Sign-On: Developers use their existing organizational credentials
  • Automatic Token Management: No need to manually generate or rotate API tokens
  • Enhanced Security: Multi-factor authentication and conditional access policies are enforced
  • Centralized Control: IT administrators manage access through Entra ID

API Token Authentication (Legacy)

For organizations not using Entra ID, traditional API token authentication remains available. Tokens can be generated from the RepoGate dashboard under Settings → API Tokens.