Pixee Quickly Resolves App Permission Errors with Sentry

Pixee helps organizations automatically detect and fix code vulnerabilities. The company’s flagship product, Pixeebot, is a GitHub app that automatically hardens code directly in the codebase. Pixee aims to help developers spend more time creating end-user products by ensuring their code is secure and reliable​​​​.

As Pixeebot is a UI-less product, relying on customers to tell them about errors isn’t possible. They needed a solution that not only told them when an error occurred but its root cause. Sentry’s error monitoring and release tracking features have helped the Pixee engineering team ship with more confidence and resolve issues fast.

Code-level context

Prior to Sentry, the Pixee team was familiar with other application monitoring solutions but found Sentry’s code-level context to be the most complete for their engineering team. Pixee now monitors their Java and JavaScript (website) projects with Sentry. After setting up code mappings, they can see the exact line of code that threw the error by viewing their source code in an issue’s stack trace. Additionally, with custom tagging, they’re able to filter for known issues faster. Every day, this helps the team prioritize and triage issues faster.

Sentry is part of our morning coffee. It’s the easy button on what problems we should work on for our triaging and debugging process.

David Hafley - VP of Engineering

Recently, an issue in Sentry helped Pixee uncover an error related to invalid GitHub permissions. As Pixee is installed within a customer’s GitHub instance, when GitHub updated permissions for third-party extensions, the Pixeebot couldn’t access the customer’s GitHub repository.

Recently, Pixee released a new feature that required expanding the permissions needed by their GitHub App, which existing users needed to accept new permissions for. With Sentry, the engineering team found a bug related to checking if the user had accepted the permissions before exercising them. By viewing the stack trace in Sentry, the team could see which class was missing the permissions check. By looking at the user information on the issue details page, they could see which and how many users the bug was affecting. If it were a few users, they could reach out directly to the customers to accept the new permissions and not push a code change. However, in this case it was affecting a few dozen users, so they made the business decision to push a code change.

Spotting problematic releases fast

When an error happens, knowing which release and user it affected is key to understanding its impact. As Pixeebot is installed within a GitHub repository, the engineering team defined a GitHub repo as the user metadata sent to Sentry. The Pixee team ships continuously and sends their release info to Sentry via a Git hash. On the Releases tab in Sentry, they know which customer repositories an error is occurring in, issue frequency, related PRs, and the commit author. This context has helped the team better understand how a release is trending, and how to approach addressing an especially buggy release.

Less time debugging, more time building

With Sentry, Pixee has reduced the time spent identifying and resolving errors. This efficiency has translated into improved developer productivity, as the team can now focus more on feature development rather than searching through logs to understand what happened. Moreover, Sentry’s detailed error reporting and context around release health has helped Pixee ship with more confidence, and maintain high code quality.