fix(vercel): tighten internal integration scopes to org:ci#113394
Open
fix(vercel): tighten internal integration scopes to org:ci#113394
Conversation
The Vercel integration creates an internal Sentry app and uses its token
to create releases via the webhook. The only token-authenticated outbound
call is to POST /api/0/organizations/{org}/releases/, which already
accepts org:ci.
The existing project:read and project:write scopes were unused by any
token-authenticated path. Project/DSN/key lookups during the wiring flow
all happen via internal services in-process and do not consume external
token scopes.
Reducing to org:ci minimizes blast radius if a Vercel-stored token is
compromised.
Refs #113391
Co-authored-by: David Cramer <dcramer@users.noreply.github.com>
github-actions
bot
added
the
Scope: Backend
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
leeandher
reviewed
Apr 20, 2026
Member
leeandher
left a comment
leeandher
left a comment
There was a problem hiding this comment.
makes sense, don't see issues here aside from the UI bit
| ) | ||
| assert response.status_code == 201, response.content | ||
| assert Release.objects.filter(organization_id=org.id, version="1.2.1").exists() | ||
|
|
Member
There was a problem hiding this comment.
this portion of the test doesn't seem necessary
| verify_install=False, | ||
| overview=internal_integration_overview.strip(), | ||
| scopes=["project:releases", "project:read", "project:write"], | ||
| scopes=["org:ci"], |
Member
There was a problem hiding this comment.
the internal integrations can always have their perms raised by the orgs themselves if they go to the edit page. this is how they currently appear after install:
We don't surface org:ci as an option here, so I think people who go to manage these new installs will see form errors if they try an edit the apps now
If there's no issue in publicizing it, we can add org:ci to SENTRY_APP_PERMISSIONS on the frontend to avoid this
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reduces the scopes on the internal Sentry app provisioned by the Vercel integration to the absolute minimum needed.
What changes
src/sentry/integrations/vercel/integration.py: replaces the internal integration scopes["project:releases", "project:read", "project:write"]with["org:ci"].Why
The Vercel integration creates an internal Sentry app (
Vercel Internal Integration) and stores the resulting auth token in Vercel as an environment variable so that Vercel-side build/deploy hooks can call back into Sentry. Tightening these scopes shrinks the blast radius if a Vercel-stored token is leaked.The only token-authenticated outbound call from the Vercel integration is the deployment webhook posting to
POST /api/0/organizations/{org}/releases/, which is guarded byOrganizationReleasePermission. That permission already acceptsorg:ci:src/sentry/api/bases/organization.py->OrganizationReleasePermissionallowsorg:cionGET/POST/PUT.src/sentry/integrations/vercel/webhook.py-> only request that uses the token isPOST {org}/releases/.The other places the integration touches project/key data (project list, default DSN/project key, log-drain URL, OTLP URL) all happen via internal services in-process during the Vercel project wiring flow, not through token-authenticated public API endpoints. Those reads do not consume token scopes, so dropping
project:readandproject:writefrom the token does not affect them.Impact
Test plan
Ran the full Vercel integration test suite locally against this change:
This includes
test_webhook.py, which exercises the release-creation flow that actually consumes the internal token.Refs #113391