Frequently Asked Questions
Find answers to common questions about Coderbuds, DORA metrics, setup, and troubleshooting.
Getting Started
How do I connect my GitHub repositories?
Navigate to your team's repositories page and click "Add Repository". You'll need GitHub admin access to the repositories you want to connect. Coderbuds will automatically set up webhooks to track pull requests and activities.
Why aren't my deployments showing up?
Deployments require GitHub Actions with proper deployment tracking. Make sure your workflow includes an environment section and the deployments: write permission. See our Setup Guide for examples.
How long does it take to see data?
Pull request data appears immediately once repositories are connected. DORA metrics typically show meaningful data after a few deployments and pull requests have been processed, usually within 24-48 hours of setup.
DORA Metrics
What are DORA metrics and why do they matter?
DORA (DevOps Research and Assessment) metrics are industry-standard measurements for software delivery performance: Deployment Frequency, Lead Time, Change Failure Rate, and Mean Time to Recovery. They help teams identify bottlenecks and improve their development practices.
How is Lead Time calculated?
Lead Time is measured from when a pull request is created until it's deployed to production. This includes code review time, merge time, and deployment pipeline duration. It reflects how quickly your team can deliver changes to users.
Can I manually mark deployments as failures?
Yes! Use the "Mark as Failure" button on deployment cards to track production issues that weren't automatically detected. You can also link recovery deployments to calculate accurate Mean Time to Recovery.
What's considered an elite-performing team?
Elite teams deploy multiple times per day, have lead times under 24 hours, change failure rates below 15%, and recover from incidents in under 1 hour. These benchmarks come from years of DevOps research across thousands of organizations.
Pull Requests
How are pull request sizes categorized?
PRs are automatically categorized by total changes: Tiny (<10 lines), Small (10-49), Medium (50-199), Large (200-999), and Oversized (1000+). Smaller PRs are generally easier to review and have lower defect rates.
What do the AI-powered quality scores mean?
AI scores analyze code structure, documentation quality, testing coverage, and adherence to best practices. Scores range from 1-10, helping teams identify PRs that might need additional review or improvements.
Can I filter pull requests by specific team members?
Currently, you can filter by repository and status. Team member filtering is on our roadmap. You can use the search functionality to find PRs by specific authors or reviewers.
Technical Questions
What GitHub permissions does Coderbuds need?
Coderbuds needs read access to repositories, pull requests, and deployment data. We also require webhook management permissions to receive real-time updates. All permissions are used only for metrics collection and analysis.
Can I use Coderbuds with private repositories?
Yes! Coderbuds fully supports private repositories. All data is encrypted in transit and at rest. We never store your actual code content, only metadata like commit SHAs, timestamps, and PR statistics.
Is Coderbuds SOC 2 ready and enterprise-grade?
Yes! Coderbuds implements enterprise-grade security: AES-256 encryption for all OAuth tokens, BitBucket webhook security (P0.1), HMAC-SHA256 validation with IP allowlisting, timing-attack protection, and comprehensive audit logging. Our security architecture resolves critical P0 vulnerabilities and meets SOC 2 requirements for enterprise deployments and regulatory compliance.
How do you secure webhook integrations?
We implement P0.1 BitBucket webhook security with HMAC-SHA256 signature validation, IP allowlisting for BitBucket Cloud ranges, and timing-attack protection using cryptographically secure comparisons. All webhook requests are validated against official provider IP ranges before processing, preventing unauthorized webhook injection and malicious attacks.
How are OAuth tokens protected?
All GitHub and BitBucket OAuth tokens are encrypted at rest using AES-256 encryption with Laravel's built-in security system. Tokens are encrypted when stored and decrypted only when needed for API requests. This protects against database breaches and meets enterprise security requirements.
Why are some of my old pull requests missing?
Coderbuds begins tracking data from the moment repositories are connected. Historical data isn't automatically imported, but you can contact support if you need specific historical analysis.
How do I remove a repository from tracking?
Go to your team's repositories page and click the remove button next to the repository. This will disable webhooks and stop new data collection. Historical data remains available for analysis.