3 years, 1 month ago.

Could you elaborate what the requested permissions are needed for?

They appear to slightly exceed what is needed just to import and share the code?

Repository webhooks and services

  • Admin* access

This application will have *full access* to repository webhooks and services (no direct code access).

Repositories Public and *private*

This application will be able to read and *write* all public and private repository data. This includes the following:

Code Issues Pull requests Wikis Settings Webhooks and services Deploy keys Collaboration invites

Question relating to:

1 Answer

3 years, 1 month ago.

Hi Martin,

Really good question. We use the "repo" scope to be able to read information about public and private repositories. We definitely wouldn't request write if we could avoid it, but unfortunately Github does not support a read-only version of this scope.

However, we can reduce the scope we request when a user adds a public repo, and then upgrade this as appropriate if a user wishes to index a private repository.

We ask for the "admin:repo_hook" scope in order to be able to manage Github webhooks to automatically track changes to an added Github repository. We'll explore whether we can avoid requiring delete privileges, and downgrade this scope to "write:repo_hook" and "read:repo_hook" if so.

Best, Phil.