Codeup is a self-developed service on the Alibaba Cloud Apsara Devops BizDevOps platform. It provides code hosting, review, detection, and search features. Codeup protects enterprise code assets and helps manage the development process in a secure, stable, and efficient way.
Benefits
Self-developed
Codeup is based on Alibaba Cloud's self-developed code platform. It provides fine-grained access control at the enterprise, repository, and member levels. You can customize organization branch collaboration and commit specifications. Codeup supports millions of repositories and collaboration among tens of thousands of engineers.
Stable and secure
Codeup provides comprehensive security protection for data storage, backup and recovery, access control, auditing, and insights. It supports an advanced, multi-replica high availability (HA) architecture. Codeup has obtained the Classified Protection of Cybersecurity 2.0 Level 3 certification from the Ministry of Public Security, along with ISO 27001 and ISO 9001 certifications. For more information, see Security Commitment.
Efficient reviews
You can customize review rules and processes.
Built-in code detection services and continuous integration (CI) pipelines reduce manual review costs and improve review efficiency.
It intelligently detects merge conflicts and supports online resolution.
Automated detection
Built-in services detect sensitive information, dependency vulnerabilities, and source code vulnerabilities to help developers identify security risks. Codeup also includes a development specification check based on years of Alibaba Cloud's best practices. This feature helps developers continuously improve their coding skills.
Flexible and open
You can easily link requirements, tasks, and bugs.
It integrates closely with CI/CD.
It supports data insights into development efficiency.
It supports a rich set of OpenAPI. For more information, see API Overview.
Obtaining qualifications
Security certifications: Classified Protection of Cybersecurity 2.0 from the Ministry of Public Security, ISO 27001, and ISO 9001.
Trusted Cloud DevOps Platform certification: Advanced-level certification for Trusted Cloud DevOps Solutions from the China Academy of Information and Communications Technology (CAICT).
Trusted Cloud - Software R&D Efficiency Measurement Platform certification: Alibaba Cloud Apsara Devops passed the advanced-level assessment for the "Trusted Cloud - Software R&D Efficiency Measurement Platform" with a perfect score.
Apsara Devops self-developed code defect detection: The Precfix technology was accepted by the International Conference on Software Engineering (ICSE).
Features
The Basic Edition of Codeup is free to use, with no limits on users or repositories. The Basic Edition includes all fundamental features. When you purchase the Premium Edition, your service automatically upgrades to include advanced features. For more information, see Apsara Devops Pricing.
Feature classification | Name | Description | Basic Edition | Premium Edition | References |
Code hosting | Manage source files | View and manage files online |
|
| |
Manage commits | Commit and history management |
|
| ||
Manage branches | Code branch management |
|
| ||
Manage tags | Code tag management |
|
| ||
Manage distributions | Code version control. Supports uploading attachments and maintaining release logs. |
|
| ||
Push rules | The platform provides a push rule check service to standardize developer commit formats. Customize check rules to inspect unpushed commits. |
|
| ||
Repository settings | Repository settings |
|
| ||
Code group settings | A code group is a collection of repositories. Organize repositories into code groups to manage members and permissions. |
|
| ||
Platform permission settings | Multi-level permission management for organizations, code groups, and repositories. |
|
| ||
Platform key fingerprint | A key fingerprint is used to verify the authenticity of a connection to a remote server. |
|
| ||
Git LFS large file storage | Provides a standard version control solution for large files and binary files in the cloud. |
|
| ||
Git on-demand clone | Download code on demand to reduce data transfer volume, process time, and local disk space usage. |
|
| ||
Cherry-pick and Revert | Supports online Cherry-pick and Revert operations. |
|
| ||
Code review | Code review and merge | Provides custom configuration capabilities to support various code review scenarios. Automated code detection improves review efficiency. |
|
| |
Branch collaboration model | The client automatically creates a review for each push. Development is based on the main branch, which eliminates the need to maintain redundant branches. This is a centralized workflow. |
|
| AGit-Flow Alibaba centralized Git workflow (tool download required) Push-to-review model (no tool download required) | |
Code security | Code detection | Code scanning tasks can be automatically triggered on commits and merge requests. The platform provides multiple scanning capabilities. |
|
| |
Code backup | Code backup supports periodically synchronizing code data to a controllable OSS space for storage. | Public preview Trial |
| ||
Code recycle bin | Supports delayed deletion of code resources, including repositories and code groups. You can restore resources with one click from the recycle bin before they are permanently deleted, regardless of whether the deletion was malicious or accidental. |
|
| ||
Security risk control | Provides an intelligent security risk control module. Sensitive information reports and sensitive behavior monitoring services help administrators quickly and intuitively manage risks. |
|
| ||
Important operation notifications | Security notification settings support recording important-risk behaviors in repository operations within the organization and notifying the code administrator. |
|
| ||
Audit Log | Audit logs support recording operation behaviors related to repositories, which helps administrators trace and troubleshoot issues. |
|
| ||
IP address whitelist | IP address whitelists support restricting the range of accessible IP addresses to implement access control. |
|
| ||
Clone/download control | Effectively control code data downloads to reduce the risk of source code leakage. |
|
| ||
GPG signature | Use signatures for verification to ensure that commit records or tags come from a trusted source. |
|
| ||
Repository encryption | Encrypt code data in the cloud with an encryption key to ensure secure cloud storage. | Public preview Trial |
| ||
Security watermark | Supports visible and invisible security watermarks. | Public preview Trial |
| ||
Security Center | Provides data security scores and security risk event alerts. |
|
| ||
Data insights | Code insights report | Helps administrators gain insights into risks and issues in the development process, identify bottlenecks, understand member contributions, and improve organizational iteration efficiency. |
|
| |
Code search | Code search | Supports searching for code content, files, commits, merge requests, and more. | Public preview Trial |
| |
Openness and integration | OpenAPI | Open APIs that support third-party integration. |
|
| |
Webhooks | A repository's Webhook lets the server-side call a specified URL when a specific event is received. |
|
| ||
Personal access tokens | Supports access using personal access tokens. |
|
| ||
Others | Identity authentication | Configure an SSH key or HTTPS credentials. |
|
| |
Third-party repository migration | Provides a one-click import feature for third-party platforms such as GitHub and GitLab to help migrate third-party code data. |
|
| ||
Organization identifier settings | To make repository links easier to remember and share, you can map the 24-digit organization ID in the repository address to a meaningful and memorable identifier. |
|
|
References
For a quick start with Codeup, see Quick Start.
For the benefits of Apsara Devops, see Apsara Devops Benefits.
For frequently asked questions, see FAQ.