Skip to content

Provider capability matrix

What each data provider supports. RepoWrangler models capabilities explicitly: where a provider can't supply something (plan, permissions, or product), the UI shows a clear capability state rather than a blank or an error. This page is the provider view; for the deployment platform matrix (features × hosting target) see deployment.md.

CapabilityGitHubGitLabMock (demo)
Repository/project discovery
Branch inventory & comparison
Pull / merge requests✅ PRs✅ MRs
Pipelines / workflow runs✅ Actions✅ CI/CD
Security findings✅ code/secret/dependency scanning⚠️ where enabled✅ sample
Budgets & usage✅ (enhanced billing)⚠️ limited✅ sample
Webhooks (near-real-time)✅ optionaln/a
Read-only guarantee✅ App, no write scopes✅ read-scoped token
Sign-in (identity)✅ user-authorizationbypassed
Self-managed instancesGitHub EnterpriseGITLAB_BASE_URLn/a

Legend: ✅ supported · ⚠️ partial/plan-dependent · — not applicable.

Capability states in the UI

For any capability, a repository/workspace shows one of:

  • available — data is present and current.
  • unavailable — the provider/plan doesn't offer it (e.g. security scanning off).
  • insufficient-permission — the App/token lacks the scope to read it.
  • not-observed-yet — not synced yet; will populate on the next sync.

This makes gaps explainable: an empty Security tab tells you why it's empty.

Notes

  • GitHub budgets & usage (FR-008) requires an organization on GitHub's enhanced billing platform; ingestion is validated against such an org.
  • GitLab is enabled by GITLAB_TOKEN + GITLAB_GROUPS; security/usage depth depends on your GitLab tier and what's enabled per project.
  • Identity is independent of data: you can monitor GitLab while signing in with GitHub or Entra ID.

Roadmap

Additional providers (Azure DevOps, Bitbucket) are on the ecosystem roadmap (ROADMAP.md, Phase 6). New providers implement the same provider-neutral port — see the developer guide.

Apache-2.0 licensed. Read-only by design.