Ketryx Documentation
Book a DemoFAQTraining Videos
  • Introduction
  • 📄Manuals
    • MAN-01 Ketryx Lifecycle Management
    • MAN-02 Software Release Process
    • MAN-03 Supply Chain Management: Software Dependencies
      • Threat Modeling
      • Vulnerability Management
      • Working with CycloneDX
      • Working with SPDX
    • MAN-04 Supply Chain Management: Cloud Dependencies
    • MAN-05 Milestones
    • MAN-06 Test Management
    • MAN-07 Traceability
    • MAN-08 Risk Management
    • MAN-09 Git-Based Configuration Items
    • MAN-10 Managing items in Ketryx
    • MAN-11 Approval Rules
    • MAN-12 Computational Controls
    • MAN-13 Data Export
  • 🛠️Work Instructions
    • WI-01 Requirement
    • WI-02 Software Item Specification
    • WI-03 Task
    • WI-04 Test Case
    • WI-05 Test Execution
    • WI-06 Anomaly
    • WI-07 Complaint
    • WI-08 Change Request
    • WI-09 Corrective and Preventive Action (CAPA)
    • WI-10 Risk
    • WI-11 Document
  • 🌐Integrations
    • Jira
    • Azure DevOps
    • TestRail
    • Jama
    • Polarion
    • Chrome extension
    • Source Code
      • Azure DevOps
      • Bitbucket
      • GitHub
      • GitLab
      • Code Change Reviews
    • Release documents
      • Google Workspace
    • Authentication
  • 📚Reference
    • Ketryx Query Language
    • Advanced Settings
    • Glob Pattern Matching Algorithm
    • Traceability Configuration
    • Document Templating
    • Project Settings
    • Custom Item Types
    • Assistant
    • Agents
    • Release Notes
  • 🔃API
    • Authentication
    • Build API
    • Project API
    • Item API
    • Webhooks
Powered by GitBook

Ketryx

  • ketryx.com
  • What is Ketryx?

Resources

  • FAQ
  • Training Videos

© 2025 Ketryx Corporation

On this page
  • 1. Introduction
  • 1.1. Purpose
  • 1.2. Tools
  • 2. Supported platforms
  • 3. Setup
  • 3.1. GitHub
  • 3.2. Bitbucket access tokens
  • 4. Generating a Code Change Review report in Ketryx

Was this helpful?

Export as PDF
  1. Integrations
  2. Source Code

Code Change Reviews

Guide on recording and reporting Code Change Reviews using Ketryx

PreviousGitLabNextRelease documents

Last updated 17 days ago

Was this helpful?

1. Introduction

1.1. Purpose

Code reviews play a crucial role in the software development lifecycle as they help identify and rectify defects, security vulnerabilities, and other issues in the software code.

This guide is dedicated to providing guidance on setting up code reviews in Ketryx. It aims to address common questions and offer insights into the process of establishing code reviews.

1.2. Tools

Tools used to develop and release a product with Ketryx Lifecycle Management are provided in . The release process is described in detail in , while setting up code repositories is described in .

2. Supported platforms

Ketryx supports Code Change Review (CCR) data fetching for repositories hosted on GitHub and Bitbucket.

If you need support for other platforms like GitLab, Azure DevOps, etc., please .

3. Setup

Please see our SOUP documentation for more information about adding your repository to Ketryx:

3.1. GitHub

If you've added your GitHub repository, but still can't see the CCR Report, follow the below process to make sure you have added an authentication token for your repository in the project settings page.

  1. Open the settings area of the project

  2. Add the repository from which you want to pull the Code Change Reviews

  3. Click Enable repository authentication,

    1. set username: name of the token (just for your own reference, can be anything),

    2. set password: the actual GitHub token

  4. Click Save

For Ketryx to fetch Pull Request data from GitHub, authentication needs to happen via a Personal Access Token. Access tokens can be generated at the user level and provide authorization for specific scopes.

This Personal Access Token will serve as the authentication method to fetch both Pull Request data and the Git repository for SOUP dependency analysis from GitHub.

The Personal Access Token needs certain permissions for the Code Change Review feature to work.

For the classic Personal Access Token, the following scopes are required:

  1. repo

  2. read:user

For the fine-grained Personal Access Token, the following permissions are required:

  1. Contents

  2. Metadata

  3. Pull requests

3.2. Bitbucket access tokens

The same authentication method is used to fetch the Git repository (for SOUP dependency analysis) as well.

The repository access token needs to have at least the following permissions:

  1. Repository: Read

  2. Pull requests: Read

When entering the authentication credentials in Ketryx, set the following:

  1. Password: (the access token)

4. Generating a Code Change Review report in Ketryx

Once set up, the Code Change Review report is available on a project's Code page. To go there, navigate to the project for which a report should be generated. In the Configuration section of the sidebar, press Code. In the upper right hand corner of the page is a download button that will generate the report and initiate a download. Optionally, choose a version for which you want to generate the report for.

Additionally, the Code Change Review report can be generated and approved for a release on a version's Documents page.

There are several steps to generate a GitHub token (classic), which can be found . To enable the CCR features, the token needs specific permissions mentioned below.

To find out how to generate a classic or fine-grained Personal Access Token, please see our GitHub FAQ entry .

For Ketryx to fetch Pull Request data from Bitbucket, authentication needs to happen via a Repository Access Token. Access tokens can be defined at the repository, project, or organization level. Any of these work (just note that only the repository level is possible in the free version of Bitbucket). A guide on how to create such a token can be found .

Username: x-token-auth (as a verbatim value, as documented )

🌐
MAN-01 Ketryx Lifecycle Management
MAN-02 Software Release Process
MAN-03 Supply Chain Management
contact our support
MAN-03 Supply Chain Management
here
here
here
here