Skip to main content
Solve problems with VCS integrations and webhooks.

VCS Connection Problems

GitHub

Connection fails:
  • Verify GitHub credentials
  • Check organization OAuth approval
  • For GitHub Enterprise, verify URL and network access
  • Try OAuth instead of PAT, or vice versa
Repositories not showing:
  • Verify admin access to repositories
  • Grant organization access (for OAuth)
  • Check repositories aren’t archived

GitLab

Connection fails:
  • Verify token scopes are correct
  • For self-hosted, check URL format and SSL certificate
  • Ensure network connectivity

Azure DevOps

Connection fails:
  • Verify PAT permissions
  • Check organization name is correct
  • Ensure PAT hasn’t expired

Bitbucket

Connection fails:
  • Verify app password permissions
  • Check username (not email)
  • For Server, verify base URL and network access

Webhook Issues

Webhooks Not Firing

Scans not triggering on push:
  1. Check webhook delivery:
    • View webhook delivery logs in VCS
    • Look for failed deliveries (non-200 responses)
  2. Verify webhook is active:
    • Ensure webhook is enabled
    • Check webhook URL is correct
  3. Test webhook manually:
    • Use VCS webhook test feature
    • Verify successful delivery
  4. Check firewall:
    • Ensure outbound HTTPS allowed from VCS to api.codethreat.com
    • Whitelist CodeThreat IP addresses if needed

Webhook Deliveries Failing

Non-200 responses:
  • Check webhook secret is correct
  • Verify payload format
  • Contact support with webhook delivery ID

PR Integration Issues

PR Checks Not Appearing

GitHub checks missing:
  • Verify GitHub App installed
  • Check auto-scan on PR is enabled
  • Ensure webhook is working
  • Wait a few minutes for check to appear

PR Comments Not Posting

Comments not appearing:
  • Verify post PR comments is enabled
  • Check GitHub App has write permissions
  • Ensure PR scanning completed successfully

API Integration Issues

Authentication Failures

401 Unauthorized:
  • Verify API key is correct
  • Check API key hasn’t expired
  • Ensure API key has required scopes
  • Regenerate API key if compromised

Rate Limiting

429 Too Many Requests:
  • Slow down request rate
  • Implement exponential backoff
  • Contact support for rate limit increase

What’s Next?

Common Issues

Back to common issues

VCS Integration

View integration guides