Skip to main content

Integrations

The One Code connects to other products in The One Stack to ensure that code intelligence flows into your ticketing, billing, asset management, and AI workflows. This page covers each integration, what data flows where, and how to configure them.

Hub (Authentication and Billing)

Hub is the foundation integration — it's not optional.

What it does:

  • All users authenticate through Hub SSO. When you navigate to app.theonecode.app, your Hub session is validated via a signed JWT. No separate login is needed.
  • Billing is reported from The One Code to Hub's billing engine daily. The metric is repos_protected — the count of active repositories in your tenant.

How it works:

  • Hub passes a signed JWT to The One Code's SSO endpoint using the PORTAL_SSO_SECRET shared key
  • The One Code creates a local session cookie (code_session) that lasts for the duration of your Hub session
  • At 01:15 UTC daily, The One Code reports the current repo count to the Hub billing API

Configuration: No configuration required. This integration is pre-configured as part of The One Code's deployment. If you see login failures, verify that your Hub session is active and that your Hub user has Code product access.

PSA (Tickets and Projects)

The PSA integration lets technicians create PSA work items directly from Code findings without leaving The One Code.

Creating Tickets from Security Findings

From any of the following in The One Code, click Create Ticket:

  • A secret detected in a repository (secret scanning result)
  • An access audit finding (permission drift, orphaned access, missing 2FA)
  • A dependency vulnerability (from the SBOM or dependency audit)

The PSA ticket is pre-populated with:

  • Finding type — vulnerability, access_issue, secret_detected, or sunset_decision
  • Severity — mapped to PSA priority (critical → P1, high → P2, medium → P3, low → P4)
  • Title and description — the finding details including file path, CVE ID (if applicable), and specific issue
  • Affected repository — which repo the finding came from
  • Remediation steps — instructions for resolving the issue
  • Repository link — URL back to the finding in The One Code

Tickets created this way are tracked as "Code-created tickets" in The One Code and appear on the Integrations → PSA page with their linked ticket IDs.

Creating PSA Projects from Migration Recommendations

From a migration recommendation in the Optimize module:

  1. Click Create PSA Project
  2. The project is created with finding type migration_recommendation
  3. All migration steps are included in the project description
  4. Effort estimate in hours is set as the project estimate

This enables billing for migration work — the hours estimated in the Code analysis become a billable project in PSA.

Viewing Linked Tickets

Navigate to Integrations → PSA to see all PSA tickets created from Code findings:

  • Ticket ID and title
  • Current PSA status
  • The Code finding that generated it
  • Created date

PSA Integration Configuration

PSA integration requires the PSA_API_URL and PSA_SERVICE_KEY environment variables to be set on the theonecode-api Function App. These are configured during platform deployment. Verify them in Integrations — if PSA is not connected, the Create Ticket button will show an error.

CRM (Opportunities)

The CRM integration lets you create sales opportunities from code insights.

Creating CRM Opportunities from Code Insights

From any significant finding in The One Code, click Create CRM Opportunity. Use cases include:

  • Migration recommendation — Large migration projects are excellent upsell opportunities
  • High technical debt — Debt reduction services are a natural professional services pitch
  • Multiple critical vulnerabilities — Security remediation as a managed service
  • Dead/sunset apps — Application modernization projects

The CRM opportunity is pre-populated with:

  • Opportunity name (auto-generated from the insight)
  • Associated client
  • Estimated value (based on effort hours × your configured hourly rate)
  • Description with the Code insight details

CRM Integration Configuration

Requires CRM_API_URL and CRM_SERVICE_KEY on the theonecode-api Function App. Check connectivity under Integrations.

CMDB (Asset Sync)

The CMDB integration syncs application profiles to CMDB asset records, giving your CMDB a live view of software assets.

What Syncs to CMDB

When enabled, The One Code syncs:

  • Repository name and URL
  • App type and tech stack
  • Health score and debt score
  • Last commit date and commit frequency
  • Hosting platform
  • Data classification

In CMDB, these appear as Software Application asset records linked to the relevant client.

CMDB Sync Configuration

The code-cmdb-sync-timer background function runs on a schedule and syncs all application profiles to CMDB. It requires:

  • CMDB_API_URL — The CMDB API endpoint
  • CMDB_SERVICE_KEY — Service-to-service authentication key

Configure these on the theonecode-background Function App. Once configured, sync runs automatically. You can also trigger a manual sync from Integrations → CMDB → Sync Now.

AI Platform (Documentation and Analysis)

The One Code uses The One AI Platform as its AI provider for all intelligent features.

What uses AI:

  • AI documentation generation (architecture, API, database, deployment, onboarding, data flow, security, handoff)
  • Tech debt analysis (categorization and remediation planning)
  • Migration path recommendations
  • Regulatory classification
  • Handoff package critical file identification
  • Application Review report narrative writing

How it works: All AI calls go through the shared @theone/ai-gateway singleton. The AI Gateway routes to Claude Sonnet (claude-sonnet-4-5) via Azure OpenAI. Each call is authenticated with AI_GATEWAY_KEY and scoped to the code feature namespace.

No configuration needed: AI Platform integration is pre-wired. If AI features return errors, verify that AI_GATEWAY_URL and AI_GATEWAY_KEY are set on the theonecode-api Function App.

The One Bus (Events)

The One Code publishes events to The One Bus (shared event mesh) for cross-product workflows.

Events Published

EventWhen It FiresPayload
code.org.connectedA new org is connectedorg_id, provider, org_login, repo_count
code.org.disconnectedAn org is disconnectedorg_id, provider, org_login
code.repo.discoveredA new repo is found in an orgrepo_id, org_id, provider, repo name
code.backup.requestedA manual backup is triggeredjob_id, repo_id, org_id
code.documentation.generatedDocumentation is generateddoc_count, repo_id
code.documentation.refreshedA document is refresheddoc_type, repo_id
code.security.new_secret_detectedA new secret is found that wasn't in the previous scanrepo_id, org_id, secret_type, severity

These events can trigger workflows in other products — for example, a code.security.new_secret_detected event could trigger a PSA ticket via automation rules.

Bus configuration: The Bus SDK is pre-wired using BUS_API_URL and BUS_INTEGRATION_KEY. No additional configuration is needed.

GitHub / GitLab / Azure DevOps

See the GitHub Integration page for full details on the source control provider connections. In brief:

  • GitHub — GitHub App (ID: 3034314) with installation-scoped tokens
  • GitLab — OAuth connection with group-level access
  • Azure DevOps — Microsoft OAuth with organization-level access

These are configured through the Connect Organization flow in The One Code UI — no manual environment variable configuration is needed for provider connections.

Integration Status

Navigate to Integrations from the left sidebar to see the connection status of all integrations:

StatusMeaning
ConnectedIntegration is configured and working
Not ConfiguredRequired environment variables are missing
ErrorIntegration is configured but returning errors

For any integration in Error state, click into it for the specific error message. Most errors are authentication-related (expired keys, wrong endpoint URL) or network-related (firewall blocking the API call).