Code hosts like GitHub & GitLab support configuring access control lists (ACLs) that define what repositories a user can and cannot see. We’ve shipped experimental support for syncing these ACLs with Sourcebot. The TL;DR is:

• Users sign into Sourcebot using OAuth connected to the code host (either GitHub or GitLab).

• Once signed in, the user will only be able to access repositories they would have access to on the code host. Specifically:

• Sourcebot periodically syncs with the configured code host to ensure what repositories the user should (or should not) have access to are up to date.

This feature is a part of our enterprise offering. If you’d like to learn more, checkout the docs.