Private repositories

ZeroQuarry can clone private Git repositories using credentials saved at the account level.

Credential types

HTTPS credentials are available from Account > Git Access. Use them for GitHub, GitLab, Bitbucket, and other HTTPS Git hosts.

SSH credentials are available only on account tiers that enable SSH private repo access.

Add an HTTPS credential

Open Account > Git Access.
Add a credential name.
Enter the Git host, such as github.com.
Enter the username required by the host.
Enter a personal access token or password accepted by the host.

The credential applies to HTTPS Git URLs whose host matches the saved host.

Use the credential in a scan

In the console, select the credential from Private repo credential while creating a source scan.

In the API, include git_credential_id in the scan request.

{
  "mode": "source",
  "git_urls": ["https://github.com/example/private-repo.git"],
  "git_credential_id": "credential-uuid"
}

Operational notes

Use one host and credential per scan when possible.
Use least-privilege repository tokens.
Prefer read-only deploy tokens for CI.
Revoke credentials that are no longer used.
Rotate credentials after a suspected leak.

Credential values are stored encrypted in ZeroQuarry, but cloned repository contents are still part of the scan workspace and may be sent to the configured LLM provider during analysis.

Credential types​

Add an HTTPS credential​

Use the credential in a scan​

Operational notes​

Credential types

Add an HTTPS credential

Use the credential in a scan

Operational notes