Step 1: Connecting Code Reviews to your repository
If you are using ADO, GitLab, or Bitbucket, create a dedicated Code Reviews service user in your version control repository.
ADO/GitLab: Assign repository admin permissions to this service user
BitBucket: Assign organisation admin permissions to this service user
Create a Code Reviews account
Add a new connection to your repository (using the service user's credentials for ADO, BitBucket, and GitLab)
Depending on your version control provider, you will need to either be a repository or organisation admin to complete this step
BitBucket: a BitBucket organisation admin must create the connection
GitHub, ADO, GitLab: a repository admin must create the connection
After selecting your repository, choose the policies you would like Code Reviews to scan for violations against
While the repository is being initialised, choose the protection mode for new PRs
By default, Code Reviews will scan all PRs regardless of the target branch. If you would like Code Reviews to only scan PRs targeting specific branches, select
"Scan PRs only when the destination is a tracked branch."You can then adjust your tracked branches once set-up is complete
To see status checks reflected in the Gearset Pipeline, you must choose "Protect what's new" or above. This will not block you from merging PRs unless branch protections are also configured
If you want violations to block merging until they are fixed, configure branch protections in your version control provider
If using GitHub, you will first need to open a new PR for GitHub to recognise the policies as existing status checks for a branch protection rule
Step 2: Adding team members to Code Reviews
With Step 1 configured, users will see the results of Code Reviews scans whenever they open a PR -- both directly in the Pipeline, as well as with detailed in-line comments on the PR
In order to take advantage of all of Code Reviews features (e.g. autofixes), you will need to add each team member to your Code Reviews account
Alternatively, you can verify your Email Domain so that your team members will automatically join your account when they try and log in for the first time with their organisation email
To ensure relevant team members can interact with the project, set the visibility:
"Entire workspace"means all team members (excluding collaborators) will be able to interact with the project"Team only"means only team members explicitly added to the project will be able to interact with the project
Step 3: Team member configuration
With step 2 configured, relevant team members will now be able to view the results of PR scans directly in Code Reviews and use the autofix feature
In order for Code Reviews to analyse your team members' repository contributions, each team member must add their associated Git email address in their personal settings
After adding their Git email, team members will now be able to view their personalised insights -- showing them their open issues and bespoke learning resources
Any Code Reviews admin will also be able to view their team members' overall contributions
Step 4: Reviewing scan results
To you run your first code review can simple select your project and select the scan button. This will generate a detailed report of all the issues in your project. The report breaks down flagged issues by severity: Critical and Error issues block pull requests and should be addressed immediately, while Warning and Auto-fixes are minor issues that can be resolved with less urgency. For each issue, Code Reviews provides detailed explanations and links to trusted resources like OWASP and CWE to help developers understand and fix the problem. You can dismiss issues that are false positives or intentional, and the tool's Remediation Chart offers a visual way to manage and prioritize technical debt based on severity and estimated effort. For more information check out our guide on Understanding Code Reviews Scan results
β