VCS Service Rate Limits
When Cranium connects to your Version Control System to run scans, it makes API requests on your behalf. Each VCS platform enforces rate limits on those requests, which can affect scan performance if limits are reached. The table below summarizes rate limit behavior across supported platforms.
Rate Limiting Features
GitHub
- Rate limits increase if the OAuth App is owned or approved by a GitHub Enterprise Cloud organization.
- Secondary rate limits apply: a maximum of 100 concurrent requests and 900 requests per minute to a single endpoint.
- Response headers (
x-ratelimit-limit,x-ratelimit-remaining,x-ratelimit-reset) indicate current limit status and when limits will reset.
Azure DevOps
- Response headers (
X-RateLimit-Limit,X-RateLimit-Remaining) indicate current limit status and when rate limiting will occur.
Bitbucket Data Center
- Rate limiting uses the Token Bucket Algorithm.
- Per-user rate limit settings are configurable via the Bitbucket admin API.
Bitbucket Cloud
- To avoid hitting rate limits, add delays between API calls or distribute requests across multiple user tokens.
- Response headers (
X-RateLimit-Limit,X-RateLimit-Resource,X-RateLimit-NearLimit) indicate current limit status and approaching thresholds.
GitLab
- Rate limits vary by endpoint; check GitLab documentation for the specific endpoint in use.
- Rate limits can be disabled by setting the API Rate Limit value to 0.
- The rate limit time period is configurable.
- Response headers (
RateLimit-Limit,RateLimit-Observed,RateLimit-Remaining,RateLimit-Reset,Retry-After) indicate current limit status. - Specific users can be configured to bypass authenticated request rate limits.
References
GitHub
Azure DevOps
Bitbucket Data Center
- Improving instance stability with rate limiting
- Admin rate limit settings API
- Bitbucket Data Center rate limiting
Bitbucket Cloud
GitLab
Did this answer your question?