Appearance
Connecting Your Version Control (VCA)
Eliminate manual configuration. Use a Version Control Account (VCA) to automate repository linking and enable zero-touch Pull Request analysis.
What is a VCA?
A Version Control Account (VCA) is a centralized credential store in BrowserStack Code Quality. Instead of entering credentials for every repository, you link your SCM provider (GitHub, GitLab, Bitbucket, Azure DevOps) once.
Key Benefits
- Auto-Sync: Code quality fetches the list of all repositories you have access to
- Automatic Webhooks: PRs automatically trigger scans without manual webhook setup
- PR Decoration: Results post directly to your pull requests as inline comments
- Centralized Management: Update credentials once; all repositories stay connected
1. Generate Your Access Token
IMPORTANT
Token Permissions Are Critical: Check the Full Token Permission Matrix to ensure PR and Commit scans work correctly on your first attempt.
Quick Reference
| Provider | Where to Generate | What You Need |
|---|---|---|
| GitHub | Settings > Developer settings > Personal access tokens | Classic: repo, admin:repo_hook, write:discussionFine-grained: Contents (R), PRs (R&W), Webhooks (R&W) |
| GitLab | User Settings > Access Tokens | api, read_repository, write_repository |
| Bitbucket Cloud | Personal Settings > App passwords | webhook, repository:write, pullrequest |
| Azure DevOps | User Settings > Personal access tokens | Code (R&W), Project & Team (R) |
⚠️ Important: Save tokens immediately after generation. Most SCM providers only display them once.
** View Complete Permission Details →**
2. Add the Account in BrowserStack Code Quality
Connect your VCA to enable automatic repository discovery and webhook management.
Setup Steps
- Log into BrowserStack Code Quality and navigate to Admin > Version Control Account
- Click Create New
- Select Provider: Choose your SCM:
- Cloud: GitHub, GitLab, Bitbucket Cloud, or Azure DevOps
- On-Premise: GitHub Enterprise, GitLab Self-Managed, Bitbucket Server, etc.
- Account Name: Enter a descriptive name (e.g.,
GitHub Organization,GitLab Production) - Token/Password: Paste the access token generated in Step 1
- Click Save to enable automatic repository discovery
TIP
Using a VCA is the only way to get automatic webhook creation. Manual webhook setup requires individual configuration for each repository. VCA handles this automatically for all linked repositories.
3. Next Steps
Now that your VCA is connected:
- Link a Repository – Import repositories discovered via VCA
- Enable PR Analysis – Activate automatic pull request scans
- DevOps Workflow Setup – Configure quality gates for merge approval
Troubleshooting
| Issue | Solution |
|---|---|
| Connection Test Failed | Verify token scopes are correct and the token hasn't expired. Regenerate a new token with all required permissions. |
| No Repositories Visible | Confirm your SCM account has access to the repositories you want to link. Check organization/team membership. |
| PR Decoration Not Working | Ensure VCA token includes Pull Request: Write permissions (or equivalent for your SCM). Verify webhooks are enabled in Repository Settings. |
| Token Expired | Regenerate a new token in your SCM and update it in Admin > Version Control Account > Edit. |
Security Best Practices
- Environment Variables: Never hardcode tokens in scripts or repositories
- Minimal Scopes: Grant only the permissions required (shown in the table above)
- Token Rotation: Regenerate tokens annually or when personnel change
- Monitoring: Audit VCA access in BrowserStack Code Quality Admin > Audit Logs
- On-Premise: For self-managed SCM instances, use private network access where possible
Related Documentation
- Configure Your First Scan – Import and set up repositories
- Pull Request Analysis – Enable automatic PR checks
- Quality Gates – Enforce standards before merge
- Integrations – Connect with GitHub Actions, Jenkins, GitLab CI