You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, Sidekick is requesting Full Permissions for read and write to all private and public repositories, and on top of that, is requesting Full Permissions for read and write to all personal information.
This is a hard no in terms of security, and under no circumstances should Sidekick have full read and write permissions on Personal information data.
In addition to the issue of requesting full permissions to personal information, it's a major security issue to request write permissions on all public and private repositories, especially when this can't be scoped to a specific repository under a specific organization.
The text was updated successfully, but these errors were encountered:
From what I can tell, Sidekick is currently using an OAuth App, which means it can't be scoped to a specific organization or repository. I would recommend moving to a GitHub App, which can be scoped and audited on an organization.
As promised we have replaced our OAuth App with a GitHub App. Now our Sidekick SaaS asks for fewer permissions and can be scoped and audited on an organization as you have mentioned.
Currently, Sidekick is requesting Full Permissions for read and write to all private and public repositories, and on top of that, is requesting Full Permissions for read and write to all personal information.
This is a hard no in terms of security, and under no circumstances should Sidekick have full read and write permissions on Personal information data.
In addition to the issue of requesting full permissions to personal information, it's a major security issue to request write permissions on all public and private repositories, especially when this can't be scoped to a specific repository under a specific organization.
The text was updated successfully, but these errors were encountered: