How long does it take to set up Deviera?

Most teams are fully set up in under 5 minutes. Install the GitHub App (1 minute), connect your project management tool via OAuth (2 minutes), and enable your first automation templates (2 minutes). Your first signal typically arrives within 30 minutes of the next CI event in your repositories.

Do I need to add code or modify my CI configuration?

No. Deviera works entirely through GitHub App webhooks and GitLab OAuth — no code changes, no CI configuration modifications, and no agents to install. You install the GitHub App or connect GitLab OAuth, and Deviera starts receiving events automatically.

What GitHub permissions does the GitHub App require?

Deviera requests read access to repository metadata, commit statuses, and pull requests — and write access only for the features that require it (posting PR comments and creating GitHub issues). Deviera never requests access to your repository contents or source code.

Can I connect only specific repositories, or does it have to be the whole organization?

You can choose. When installing the GitHub App, GitHub lets you select either all repositories in the organization or a specific subset. You can change this selection at any time from your GitHub organization's installed Apps settings.

When will I see my first signal in the Signal Feed?

Typically within 30 minutes of your next GitHub or GitLab event (a CI run, a push, or a PR event). If you want to see a signal immediately, you can push a commit, open a PR, or trigger a CI run in any connected repository.

Does Deviera work with both GitHub and GitLab simultaneously?

Yes. You can connect GitHub (via the GitHub App) and GitLab (via OAuth) to the same Deviera workspace. Automations can reference triggers from either platform. Cross-provider deduplication prevents the same signal from creating duplicate tickets in your project management tools.

What happens to my data if I cancel my subscription?

Your workspace data is retained for 30 days after cancellation so you can export it or reactivate. After 30 days, all workspace data is permanently deleted. Your GitHub App installation and GitLab OAuth connection are not affected — you can reconnect without reinstalling if you reactivate within the retention window.

What is the Friction Score and how is it calculated?

The Friction Score is a real-time 0–100 metric representing your engineering team's health. Lower is better. It is computed from five signal categories, each with a weight: CI failures (×3), stale PRs (×2), deployment failures (×2), flaky test detections (×1.5), and code debt/TODO comments (×1). The score aggregates signals from the last 7 days and updates within seconds of each incoming event.

What do the Friction Score ranges mean?

0–20 is Healthy — normal background noise, no action needed. 20–50 is Moderate — some friction accumulating, worth reviewing this sprint. 50–75 is Stressed — friction is measurably slowing delivery, intervention recommended. 75–100 is Critical — engineering is under severe load, immediate action required.

Why is my Friction Score high even though we shipped a release this week?

The Friction Score measures unresolved signals, not output. A team can ship a release while carrying significant friction — CI failures that were ignored, PRs that needed multiple re-runs, deployment rollbacks that were handled manually. The score reflects the overhead your team absorbed, regardless of whether you shipped through it.

How do I reduce my Friction Score?

The fastest reductions come from resolving the highest-weighted signals first. Enable automation rules for CI failure detection (weight ×3) — these will auto-create tickets and enable structured triage. Then address stale PRs (×2) with automated reviewer reminders. Flaky test quarantine (×1.5) requires investigation of the non-determinism; the Deviera CI Intelligence panel shows which tests are alternating.

Is the Friction Score per-repository or team-wide?

The main Friction Score is team-wide — it reflects aggregate load on your team's delivery capacity across all connected repositories. Per-repository health is visible in the Repo Health table on the CI Intelligence page, which shows failure rate, flaky test count, and trend direction for each repo.

How does deduplication work to prevent duplicate tickets?

Deviera uses two layers of deduplication. Per-automation deduplication (24-hour window) prevents the same automation from firing twice for the same event within a day. Cross-provider deduplication (30-day window, title-based) prevents the same signal from creating tickets in both Linear and Jira if you have both connected. Together, these ensure each friction event generates at most one ticket across your entire toolchain.

Can I build custom automation rules, or am I limited to the 65+ templates?

Both. The 65+ templates are one-click starting points — you can enable them as-is or clone and customize them. The visual rule builder lets you create rules from scratch: pick a trigger (any GitHub, GitLab, or Vercel event type), add conditions (filter by repository, branch, label, failure threshold, or time-based criteria), and choose an action (create a Linear issue, Jira ticket, ClickUp task, GitHub issue, post a PR comment, send a Slack message, or send an email notification). Rules can have a primary and secondary action.

What trigger types are available?

There are 20+ trigger types: 11 from GitHub (CI failure, CI recovery, PR opened, PR stale, PR merged, deployment failure, deployment recovery, issue labeled, issue closed, push to main, pull request review requested), 5 from GitLab (pipeline failed, pipeline recovered, MR opened, MR stale, push event), 3 from Vercel (deployment created, deployment ready, deployment failed), and 1 CI-derived trigger (flaky test detected). There are also 3 recurring task types for scheduled scans.

What actions can automations take?

There are 11 action types: create a Linear issue, create a Jira ticket, create a GitLab issue, create a GitHub issue, create a ClickUp task, close a GitHub issue, post a PR comment, post an MR comment, send an email notification, send a Slack message, and assign a user. Each automation can chain a primary and a secondary action.

What happens if I hit my automation limit on the Free plan?

On the Free plan, you can have up to 5 active automation rules. When you reach the limit, you can deactivate existing rules to make room or upgrade to Pro (up to 50 rules). Rules above the limit are not deleted — they are paused and resume automatically if you upgrade or free up a slot.

Can automations auto-close tickets when the problem resolves?

Yes. Auto-resolution is supported for CI failures, deployment failures, and flaky tests. When a CI pipeline recovers after a failure, Deviera can automatically close the ticket created for the failure in Linear, Jira, ClickUp, or GitLab Issues. This keeps your issue tracker synchronized with actual system state without manual cleanup.

What is the difference between the GitHub App and GitHub OAuth?

The GitHub App is the recommended connection method. It operates at the organization level, uses short-lived installation tokens (not personal access tokens), supports per-repository scoping, and receives webhook events with per-installation HMAC-SHA256 signature verification. GitHub OAuth is a per-user personal access token — it works but is fragile (tokens expire, users leave organizations). Deviera supports both but recommends the GitHub App for production use.

Does Deviera support GitLab self-hosted (GitLab CE/EE), or only GitLab.com?

Both. Deviera supports GitLab.com (cloud) and GitLab self-hosted instances (Community Edition and Enterprise Edition). For self-hosted, you provide your instance URL during OAuth setup. GitLab integration requires a Team plan or higher.

Does Deviera support Jira Server (on-premise) or only Jira Cloud?

Currently Jira Cloud only (Atlassian OAuth 2.0). Jira Server and Jira Data Center use a different authentication model that is not yet supported. Jira Cloud integration is available on all plans.

How does the Vercel integration work?

The Vercel integration uses API token polling rather than inbound webhooks (Vercel's webhook delivery is not reliable enough for production use). Deviera polls the Vercel API every 5 minutes for deployment state changes. When a deployment is created, succeeds, or fails, the relevant automation rules fire. This means Vercel signals may arrive up to 5 minutes after the deployment event.

Can I connect multiple Slack channels for different signals?

Yes. Slack uses incoming webhook URLs, and each automation rule specifies its own webhook URL independently. You can route critical CI failures to an engineering-alerts channel, stale PR summaries to a team standup channel, and deployment notifications to a releases channel — all from different automation rules pointing to different webhook URLs.

Can I connect multiple GitHub organizations or GitLab groups to one Deviera workspace?

Currently, each Deviera workspace connects to one GitHub organization and one GitLab group. If you have repositories across multiple GitHub organizations, you will need separate Deviera workspaces for each.

Is there a free trial for paid plans?

Yes. All new workspaces start with a 14-day Pro trial — no credit card required. You get full access to Pro features including up to 20 automation rules and priority support. After 14 days, you are moved to the Free plan unless you upgrade.

What happens to my automations if I downgrade to a lower plan?

Your automation rules are not deleted, but they are capped at the new plan's limit. On the Free plan, only 5 rules can be active at once; others are paused. GitLab integration requires a Team plan or higher — if you were using GitLab and downgrade below Team, those automation rules will pause until you upgrade again.

Is there annual pricing?

Yes. Annual billing is available at a 2-month discount: Pro is $290/year (equivalent to $24.17/month), and Team is $250/seat/year (equivalent to $20.83/seat/month). Annual plans are billed upfront and renew annually.

What does the Team plan minimum of 5 seats mean?

The Team plan is priced per seat with a minimum of 5 seats. If your team has fewer than 5 engineers, you pay for 5 seats. For teams larger than 5, you pay per seat. Team plan features include GitLab, Slack, Public Signal Wall, and Enterprise-grade audit logging.

Does Deviera access my source code?

No. Deviera does not request source code permissions on the GitHub App or GitLab OAuth. It receives webhook events (CI run results, PR metadata, deployment statuses) and reads repository metadata (name, branch, labels). It never reads file contents, commit diffs, or code.

How are OAuth tokens stored?

OAuth access tokens and refresh tokens are encrypted at rest using AES-256 before being stored in the database. They are decrypted in memory only when making an authenticated API call. GitHub App installation tokens are short-lived (1-hour JWT) and are not stored — they are generated on demand from the App's private key.

How does webhook signature verification work?

Deviera verifies every inbound webhook using HMAC-SHA256. For the GitHub App, each installation has its own unique webhook secret, so a compromised secret for one installation does not affect others. For GitLab and other integrations, a shared workspace-level secret is used. Requests that fail signature verification are rejected with a 401 before any processing occurs.

Is Deviera SOC 2 compliant?

SOC 2 Type II certification is on the roadmap. Deviera currently implements the security controls that SOC 2 requires (access control, encryption at rest and in transit, webhook verification, audit logging on the Enterprise plan) but has not yet completed formal certification. Enterprise customers can request a security review and data processing agreement (DPA) directly.

Support

Frequently asked questions

Everything you need to know about Deviera. Can't find what you're looking for? Contact us.

Getting started Friction Score Automations Integrations Pricing & billing Security

Getting started

How long does it take to set up Deviera?: Most teams are fully set up in under 5 minutes. Install the GitHub App (1 minute), connect your project management tool via OAuth (2 minutes), and enable your first automation templates (2 minutes). Your first signal typically arrives within 30 minutes of the next CI event in your repositories.
Do I need to add code or modify my CI configuration?: No. Deviera works entirely through GitHub App webhooks and GitLab OAuth — no code changes, no CI configuration modifications, and no agents to install. You install the GitHub App or connect GitLab OAuth, and Deviera starts receiving events automatically.
What GitHub permissions does the GitHub App require?: Deviera requests read access to repository metadata, commit statuses, and pull requests — and write access only for the features that require it (posting PR comments and creating GitHub issues). Deviera never requests access to your repository contents or source code.
Can I connect only specific repositories, or does it have to be the whole organization?: You can choose. When installing the GitHub App, GitHub lets you select either all repositories in the organization or a specific subset. You can change this selection at any time from your GitHub organization's installed Apps settings.
When will I see my first signal in the Signal Feed?: Typically within 30 minutes of your next GitHub or GitLab event (a CI run, a push, or a PR event). If you want to see a signal immediately, you can push a commit, open a PR, or trigger a CI run in any connected repository.
Does Deviera work with both GitHub and GitLab simultaneously?: Yes. You can connect GitHub (via the GitHub App) and GitLab (via OAuth) to the same Deviera workspace. Automations can reference triggers from either platform. Cross-provider deduplication prevents the same signal from creating duplicate tickets in your project management tools.
What happens to my data if I cancel my subscription?: Your workspace data is retained for 30 days after cancellation so you can export it or reactivate. After 30 days, all workspace data is permanently deleted. Your GitHub App installation and GitLab OAuth connection are not affected — you can reconnect without reinstalling if you reactivate within the retention window.

Friction Score

What is the Friction Score and how is it calculated?: The Friction Score is a real-time 0–100 metric representing your engineering team's health. Lower is better. It is computed from five signal categories, each with a weight: CI failures (×3), stale PRs (×2), deployment failures (×2), flaky test detections (×1.5), and code debt/TODO comments (×1). The score aggregates signals from the last 7 days and updates within seconds of each incoming event.
What do the Friction Score ranges mean?: 0–20 is Healthy — normal background noise, no action needed. 20–50 is Moderate — some friction accumulating, worth reviewing this sprint. 50–75 is Stressed — friction is measurably slowing delivery, intervention recommended. 75–100 is Critical — engineering is under severe load, immediate action required.
Why is my Friction Score high even though we shipped a release this week?: The Friction Score measures unresolved signals, not output. A team can ship a release while carrying significant friction — CI failures that were ignored, PRs that needed multiple re-runs, deployment rollbacks that were handled manually. The score reflects the overhead your team absorbed, regardless of whether you shipped through it.
How do I reduce my Friction Score?: The fastest reductions come from resolving the highest-weighted signals first. Enable automation rules for CI failure detection (weight ×3) — these will auto-create tickets and enable structured triage. Then address stale PRs (×2) with automated reviewer reminders. Flaky test quarantine (×1.5) requires investigation of the non-determinism; the Deviera CI Intelligence panel shows which tests are alternating.
Is the Friction Score per-repository or team-wide?: The main Friction Score is team-wide — it reflects aggregate load on your team's delivery capacity across all connected repositories. Per-repository health is visible in the Repo Health table on the CI Intelligence page, which shows failure rate, flaky test count, and trend direction for each repo.

Automations

How does deduplication work to prevent duplicate tickets?: Deviera uses two layers of deduplication. Per-automation deduplication (24-hour window) prevents the same automation from firing twice for the same event within a day. Cross-provider deduplication (30-day window, title-based) prevents the same signal from creating tickets in both Linear and Jira if you have both connected. Together, these ensure each friction event generates at most one ticket across your entire toolchain.
Can I build custom automation rules, or am I limited to the 65+ templates?: Both. The 65+ templates are one-click starting points — you can enable them as-is or clone and customize them. The visual rule builder lets you create rules from scratch: pick a trigger (any GitHub, GitLab, or Vercel event type), add conditions (filter by repository, branch, label, failure threshold, or time-based criteria), and choose an action (create a Linear issue, Jira ticket, ClickUp task, GitHub issue, post a PR comment, send a Slack message, or send an email notification). Rules can have a primary and secondary action.
What trigger types are available?: There are 20+ trigger types: 11 from GitHub (CI failure, CI recovery, PR opened, PR stale, PR merged, deployment failure, deployment recovery, issue labeled, issue closed, push to main, pull request review requested), 5 from GitLab (pipeline failed, pipeline recovered, MR opened, MR stale, push event), 3 from Vercel (deployment created, deployment ready, deployment failed), and 1 CI-derived trigger (flaky test detected). There are also 3 recurring task types for scheduled scans.
What actions can automations take?: There are 11 action types: create a Linear issue, create a Jira ticket, create a GitLab issue, create a GitHub issue, create a ClickUp task, close a GitHub issue, post a PR comment, post an MR comment, send an email notification, send a Slack message, and assign a user. Each automation can chain a primary and a secondary action.
What happens if I hit my automation limit on the Free plan?: On the Free plan, you can have up to 5 active automation rules. When you reach the limit, you can deactivate existing rules to make room or upgrade to Pro (up to 50 rules). Rules above the limit are not deleted — they are paused and resume automatically if you upgrade or free up a slot.
Can automations auto-close tickets when the problem resolves?: Yes. Auto-resolution is supported for CI failures, deployment failures, and flaky tests. When a CI pipeline recovers after a failure, Deviera can automatically close the ticket created for the failure in Linear, Jira, ClickUp, or GitLab Issues. This keeps your issue tracker synchronized with actual system state without manual cleanup.

Integrations

What is the difference between the GitHub App and GitHub OAuth?: The GitHub App is the recommended connection method. It operates at the organization level, uses short-lived installation tokens (not personal access tokens), supports per-repository scoping, and receives webhook events with per-installation HMAC-SHA256 signature verification. GitHub OAuth is a per-user personal access token — it works but is fragile (tokens expire, users leave organizations). Deviera supports both but recommends the GitHub App for production use.
Does Deviera support GitLab self-hosted (GitLab CE/EE), or only GitLab.com?: Both. Deviera supports GitLab.com (cloud) and GitLab self-hosted instances (Community Edition and Enterprise Edition). For self-hosted, you provide your instance URL during OAuth setup. GitLab integration requires a Team plan or higher.
Does Deviera support Jira Server (on-premise) or only Jira Cloud?: Currently Jira Cloud only (Atlassian OAuth 2.0). Jira Server and Jira Data Center use a different authentication model that is not yet supported. Jira Cloud integration is available on all plans.
How does the Vercel integration work?: The Vercel integration uses API token polling rather than inbound webhooks (Vercel's webhook delivery is not reliable enough for production use). Deviera polls the Vercel API every 5 minutes for deployment state changes. When a deployment is created, succeeds, or fails, the relevant automation rules fire. This means Vercel signals may arrive up to 5 minutes after the deployment event.
Can I connect multiple Slack channels for different signals?: Yes. Slack uses incoming webhook URLs, and each automation rule specifies its own webhook URL independently. You can route critical CI failures to an engineering-alerts channel, stale PR summaries to a team standup channel, and deployment notifications to a releases channel — all from different automation rules pointing to different webhook URLs.
Can I connect multiple GitHub organizations or GitLab groups to one Deviera workspace?: Currently, each Deviera workspace connects to one GitHub organization and one GitLab group. If you have repositories across multiple GitHub organizations, you will need separate Deviera workspaces for each.

Pricing & billing

Is there a free trial for paid plans?: Yes. All new workspaces start with a 14-day Pro trial — no credit card required. You get full access to Pro features including up to 20 automation rules and priority support. After 14 days, you are moved to the Free plan unless you upgrade.
What happens to my automations if I downgrade to a lower plan?: Your automation rules are not deleted, but they are capped at the new plan's limit. On the Free plan, only 5 rules can be active at once; others are paused. GitLab integration requires a Team plan or higher — if you were using GitLab and downgrade below Team, those automation rules will pause until you upgrade again.
Is there annual pricing?: Yes. Annual billing is available at a 2-month discount: Pro is $290/year (equivalent to $24.17/month), and Team is $250/seat/year (equivalent to $20.83/seat/month). Annual plans are billed upfront and renew annually.
What does the Team plan minimum of 5 seats mean?: The Team plan is priced per seat with a minimum of 5 seats. If your team has fewer than 5 engineers, you pay for 5 seats. For teams larger than 5, you pay per seat. Team plan features include GitLab, Slack, Public Signal Wall, and Enterprise-grade audit logging.

Security

Does Deviera access my source code?: No. Deviera does not request source code permissions on the GitHub App or GitLab OAuth. It receives webhook events (CI run results, PR metadata, deployment statuses) and reads repository metadata (name, branch, labels). It never reads file contents, commit diffs, or code.
How are OAuth tokens stored?: OAuth access tokens and refresh tokens are encrypted at rest using AES-256 before being stored in the database. They are decrypted in memory only when making an authenticated API call. GitHub App installation tokens are short-lived (1-hour JWT) and are not stored — they are generated on demand from the App's private key.
How does webhook signature verification work?: Deviera verifies every inbound webhook using HMAC-SHA256. For the GitHub App, each installation has its own unique webhook secret, so a compromised secret for one installation does not affect others. For GitLab and other integrations, a shared workspace-level secret is used. Requests that fail signature verification are rejected with a 401 before any processing occurs.
Is Deviera SOC 2 compliant?: SOC 2 Type II certification is on the roadmap. Deviera currently implements the security controls that SOC 2 requires (access control, encryption at rest and in transit, webhook verification, audit logging on the Enterprise plan) but has not yet completed formal certification. Enterprise customers can request a security review and data processing agreement (DPA) directly.

Still have questions?

Our team responds within 24 hours. Enterprise and sales inquiries get a response within one business day.