GitRiver GitRiver
RU

Everything for DevOps in One Place

GitRiver combines 16 modules in a single binary: Git hosting, CI/CD, Container and Package Registry, Issues, Pull Requests, GitOps Deploy, Security - all at ~100 MB RAM

Git Hosting

Full-featured Git repository hosting with a modern web interface, built-in SSH server, and large file support

  • HTTP Smart and SSH transport (built-in SSH server)
  • Branches, tags, blame with authorship, commit comparison
  • Web editor: create, edit, multi-file batch commit
  • Releases with binary artifacts
  • Git LFS (Batch API + File Locking)
  • GPG commit signing (key upload and management)
  • Built-in Wiki with revision history
  • Import from GitHub, GitLab, Bitbucket, or arbitrary URL
  • Pull and Push mirroring with configurable interval

CI/CD Pipelines

Powerful continuous integration and delivery with built-in runner and YAML configuration

  • YAML configuration in .gitriver/workflows/
  • DAG dependencies (needs:) for parallel execution
  • Matrix builds with fail-fast and max-parallel
  • Rules (if/changes/when) with expression evaluator
  • Retry with conditions (script_failure, stuck_or_timeout, always)
  • Artifacts (paths, dotenv, JUnit, coverage reports)
  • Cache with key interpolation and push/pull/pullpush policies
  • Service containers (Docker networking, alias, env)
  • 4-level variables: Instance -> Group -> Repo -> Environment
  • Concurrency groups with auto-cancel interruptible pipelines
  • Manual jobs (play button from UI)
  • External Actions (uses: owner/action@ref)
  • Scheduled pipelines (cron expressions)
  • Web Terminal - interactive debugging (xterm.js + WebSocket + PTY)
  • Remote Runners + K8s Auto-Scaling (pod template, tolerations)
  • Docker-in-Docker (auto-detect: sysbox/rootless/privileged)
  • Secret masking in logs
  • Test and Coverage Reports (JUnit XML + Cobertura XML)

Container Registry

OCI-compatible Container Registry - built into the platform, no separate service required

  • OCI Distribution Spec v2 (monolithic + chunked upload, cross-repo mount)
  • Docker Token Auth (JWT with OCI scopes)
  • Multi-arch manifests (index/manifest list)
  • Vulnerability scanning (Trivy, SARIF)
  • Tag Immutability Rules (glob patterns)
  • Retention Policies (keep_last + max_age_days)
  • Garbage Collection (manual + scheduled)
  • Image Detail (layers, config, metadata)
  • Quota tracking per-repo
  • Storage backends: Filesystem + S3-compatible
  • Image Drift Detection (live vs desired digest)

Package Registry

Private package repositories for 6 popular package managers - free in Community

  • npm (publish, install, metadata, search)
  • PyPI (PEP 503, upload, simple index, download)
  • Cargo (publish, yank/unyank, download, index, search)
  • Maven (PUT/GET artifacts)
  • NuGet V3 (push, delete, query, search, registration)
  • Generic (upload/download arbitrary files)
  • CI/CD integration for auto-publishing

Issues & Projects

Task and project management with Kanban boards, templates, and full-text search

  • Issues with labels, assignees, and milestones
  • Kanban boards (Projects, drag-and-drop, issue linking)
  • Issue and PR templates (.gitriver/templates/)
  • Markdown comments
  • Issue relationships
  • Filtering and full-text search

Pull Requests & Code Review

Complete code review workflow with branch protection, CODEOWNERS, and automatic merging

  • Inline code comments in diff
  • Code Review: approve / request changes
  • CODEOWNERS - automatic reviewers by file paths
  • Merge Queue with CI integration and temporary branches
  • Branch protection (pattern matching, required approvals, CI checks)
  • Squash, merge, and rebase strategies
  • Cross-repo PR from forks
  • Assignees and Review Requests
  • Require signed commits
  • Require up-to-date branch

GitOps Deploy (RiverCD)

Built-in GitOps controller - Kubernetes deployment directly from GitRiver without external tools

  • Deployment, StatefulSet, DaemonSet, Job, CronJob
  • Service, ConfigMap, Secret, PVC, Ingress, HPA
  • CRD (Custom Resources, arbitrary manifests)
  • Sync Waves (resource application ordering)
  • Pre/Post Sync Hooks
  • Drift Detection (live vs desired diff)
  • Health Checks (per-resource, AppHealth)
  • Canary Deployments (weight-based traffic shift)
  • Blue-Green Deployments (service switching)
  • Rollback to previous version
  • Pod Logs and Pod Diagnostics from UI
  • Multi-cluster (add and test clusters)
  • Pull-based GitOps (auto-sync on HEAD change)

Security & Analytics

Pro

Vulnerability scanning, dependency license compliance, DORA metrics, audit log (Pro)

  • Vulnerability Scanning (SARIF Import: Semgrep, Trivy, CodeQL, OSV)
  • Custom secret scanning patterns (regex)
  • Security Findings Dashboard (severity, status, dismiss)
  • License Compliance (allowlist/denylist, SPDX, CycloneDX SBOM)
  • DORA Metrics (Deployment Frequency, Lead Time, CFR, MTTR)
  • Audit Log - complete action journal
  • IP Rules (whitelist/blacklist at instance and group level)
  • Custom Roles (custom permission sets per-group)
  • Storage Quotas (per-user, per-group)

Notifications

8 notification channels out of the box with event filtering and message templates

  • In-app notifications
  • Email (SMTP)
  • Telegram
  • Slack (Block Kit)
  • Discord (Embeds)
  • Microsoft Teams (Adaptive Cards)
  • Matrix (Element)
  • Webhooks (HMAC-SHA256, retry, delivery history)
  • Email preferences (quiet / mention / all)
  • Event filtering (branch/author glob)
  • Customizable message templates

Backup & Restore

Full backup with encryption and incremental mode - managed from UI

  • Full backup (DB + repositories + registry + CI + Pages)
  • Incremental backup (changed files only)
  • AES-256-GCM encryption
  • Selective restore (choose components)
  • Scheduled backups (cron scheduling)
  • Auto-rotation (max_backups)
  • Checksum verification (SHA256, streaming)
  • S3 streaming upload (no OOM)
  • One-time download tokens (security)

Pages & Wiki

Static site and documentation hosting directly from your repository

  • Static hosting from repository (deploy from ZIP or CI)
  • Built-in Wiki with Markdown and revision history
  • Custom domains
  • SPA fallback (index.html)
  • Auto-deploy from CI (public/ artifact)
  • Path traversal protection

Authentication & SSO

Pro

Flexible authentication with enterprise providers, 2FA, and session management

  • OAuth2 / OpenID Connect (GitHub, Google, GitLab)
  • LDAP / Active Directory (bind, search, test from UI)
  • SAML 2.0 (SP metadata, ACS, XMLDsig, SLO, user/group sync)
  • SCIM 2.0 (User/Group CRUD, membership sync)
  • Two-factor authentication (TOTP with QR, backup codes)
  • Personal Access Tokens (PAT, scopes, expiry)
  • Deploy Tokens (per-repo, scopes)
  • Custom Roles (custom permission sets per-group)
  • Session Management (active sessions, remote logout)
  • SSH and GPG keys