Overview
The Pro and Enterprise plans include a private instance of the Buf Schema Registry (BSR), SSO/SCIM for user provisioning, and several other features to address security, compliance, and automation requirements specific to larger organizations. The pages in this section describe the setup and usage of your private BSR instance and point to relevant sections of the general documentation where there are differences from the public BSR at https://buf.build.
- Setup instructions for Pro plan
- Setup instructions for Enterprise plan
Pro and Enterprise features
Private BSR and SSO/SCIM
We currently support all OIDC or SAML providers for SSO/SCIM, and have specific setup guides for these:
- SSO: GitHub/OAuth2, Google/SAML, Okta/OIDC, Okta/SAML
- SCIM: Azure/SAML, Okta/SAML
Custom plugins
Pro and Enterprise plans include the ability to upload custom plugins for logic specific to your business needs. See the custom plugins documentation for policy and implementation information.
CI/CD integration
In addition to the GitHub Actions integration for the public BSR, Pro and Enterprise plans offer access to Buf’s GitHub App. The app synchronizes your Protobuf source control with your private BSR instance, and automatically performs breaking change detection, linting, and formatting.
Pro and Enterprise plans also allow you to create bot users that can call the BSR from CI workflows without tying the actions to a specific person.
Audit logging
BSR server admins can query the private BSR instance about several types of events and actions on the server. See audit logs and the audit API documentation for more information.
Webhooks
You can enable webhooks to trigger actions in other backend services, such as CI/CD or notification workflows. They are disabled by default.
Enterprise-only features
Policy checks
On your private BSR, you can enforce a set of breaking change rules across all repositories. Once enabled, any commits with breaking changes are put into a review flow, where they can be accepted or rejected by the BSR repository owners or admins. This protects downstream consumers from breaking changes, while enabling those closest to the code to approve them when appropriate. See the overview and review commits documentation for more information.
You can also require that all Protobuf file paths and type names remain unique across modules. When the uniqueness policy check is enabled, the BSR rejects any pushes that introduce violations to this rule. See Uniqueness checks for more information.
Usage dashboard
Similar to the Average Types Usage dashboard available on the public BSR, a Maximum Types Usage dashboard is available for private instances at https://BSR_DOMAIN/admin/usage
, where BSR_DOMAIN
is your instance's domain name.
There are some differences in the way we compute types for private instances vs. the public BSR, which reflect the terms around how these contracts are billed:
- Types usage for the public BSR is computed as the average number of types over the organization's billing period.
- Private instance usage tracks the maximum number of types for all organizations on the entire instance over a calendar month.