RepoGate is a security plugin that monitors and validates dependencies before they are added to your project. It integrates with the RepoGate platform to provide real-time security scanning and approval workflows for package dependencies.
- IntelliJ IDEA (Ultimate & Community)
- PyCharm (Professional & Community)
- WebStorm
- PhpStorm
- RubyMine
- GoLand
- CLion
- Rider
- Android Studio
- EntraID SSO Authentication - OAuth2 with PKCE flow for enterprise security
- API Token Authentication - Legacy support for simple token-based auth
- Secure Credential Storage - Uses IntelliJ PasswordSafe (encrypted)
- Automatic Token Refresh - Background token refresh for EntraID sessions
- Token Rotation - Support for refresh token rotation
- Real-time Monitoring - Watches
package.json(npm),pom.xml(Maven), andbuild.gradle/build.gradle.kts(Gradle) - Version Tracking - Treats version changes as new packages (triggers re-scan)
- Removal Detection - Notifies backend when dependencies are removed
- Git Repository Detection - Includes repository context in API calls
- Dev Dependencies - Configurable inclusion of development dependencies
- Approval Workflow - Validates dependencies against RepoGate security policies
- Status Tracking - Monitors approval status: approved, denied, pending, scanning, not_found
- Real-time Notifications - In-IDE notifications for status changes
- Automatic Polling - Polls for status updates until final decision
- Connection Retry - Automatic retry logic for service availability
- Tools Menu Integration - All actions accessible via Tools > RepoGate
- Status Notifications - Visual feedback with icons (β, β, β³, π, β)
- Account Information - View current authentication status and user info
- Connection Testing - Test API connectivity on demand
- Manual Scanning - Force re-scan of all packages
- Open your JetBrains IDE
- Go to Settings/Preferences β Plugins
- Search for "RepoGate"
- Click Install
- Restart the IDE
- Download the latest
RepoGate-2.0.0.zipfrom Releases - Open your JetBrains IDE
- Go to Settings/Preferences β Plugins
- Click the gear icon βοΈ β Install Plugin from Disk...
- Select the downloaded ZIP file
- Restart the IDE
- Go to Tools β RepoGate β Sign In with EntraID
- Enter your email address
- Browser will open for Microsoft authentication
- Complete sign-in in your browser
- Return to IDE - you're authenticated!
Features:
- Single Sign-On with your organization's Microsoft account
- Automatic token refresh (no re-authentication needed)
- Enhanced security with OAuth2 PKCE flow
- Token rotation for long-lived sessions
- Go to Tools β RepoGate β Sign In with API Token (Legacy)
- Enter your RepoGate API token
- Token is securely stored in PasswordSafe
Note: API tokens don't expire but EntraID is recommended for better security.
Settings/Preferences β Tools β RepoGate
- Enabled - Enable/disable dependency monitoring
- API URL - RepoGate API endpoint (default:
https://app.repogate.io/api/v1) - Poll Interval - Status polling interval in milliseconds (default: 10000ms)
- Include Dev Dependencies - Monitor development dependencies (default: false)
- Log Level - Logging verbosity: error, warn, info, debug (default: error)
Access all RepoGate actions via Tools β RepoGate:
- Sign In with EntraID - Authenticate using Microsoft EntraID SSO
- Sign In with API Token (Legacy) - Authenticate using API token
- Sign Out - Clear authentication and stop monitoring
- Show Account Info - View current authentication status
- Test Connection - Verify connectivity to RepoGate API
- Scan Now - Manually trigger scan of all packages
Once authenticated, RepoGate automatically:
- Monitors dependency files for changes
- Detects new dependencies and sends for validation
- Polls for approval status
- Shows notifications for status changes
- Tracks dependency removals and version changes
| Status | Icon | Description |
|---|---|---|
| Approved | β | Package is safe to use |
| Denied | β | Package has security issues - should not be used |
| Pending | β³ | Awaiting security review |
| Scanning | π | Currently being scanned for vulnerabilities |
| Not Found | β | Package not in database - submitted for review |
Problem: "Authentication Required" notification
- Solution: Sign in using Tools β RepoGate β Sign In with EntraID (or API Token)
Problem: "Authentication Error - No valid token"
- Solution: Token may have expired. Sign out and sign in again.
Problem: EntraID authentication fails
- Solution:
- Check your email address is correct
- Verify your organization uses EntraID SSO
- Check browser allows popup windows
- Try API Token authentication instead
Problem: "Waiting for RepoGate service to respond"
- Solution:
- Use Tools β RepoGate β Test Connection to verify connectivity
- Check API URL in Settings β Tools β RepoGate
- Verify RepoGate service is running
- Check network/firewall settings
# Clone repository
git clone https://github.com/SectorFlow/repogate-extension-jetbrains.git
cd repogate-extension-jetbrains
# Build plugin
./gradlew buildPlugin
# Output: build/distributions/RepoGate-2.0.0.zip# Run IDE with plugin
./gradlew runIdeThis project is licensed under the MIT License - see the LICENSE file for details.
- EntraID OAuth2 authentication with PKCE
- Dual authentication modes (EntraID + API Token)
- Secure credential storage with PasswordSafe
- Automatic token refresh
- Multi-IDE support (all JetBrains IDEs)
- Enhanced API integration
- Git repository detection
- New user actions and improved UX
- Added scanning and not_found status support
- Improved status messages with icons
- Enhanced polling for all approval states
- Initial release
- Basic dependency monitoring
- API token authentication
- npm, Maven, Gradle support
Made with β€οΈ by the RepoGate Team