CircleCI Ideas

Granular scopes for GitHub

We would like to see CircleCI use the newer GitHub API to lessen the privileges needed for integration.

I see that when linking GitHub with CircleCI you still require write access to pretty much everything in my GitHub account.

I know, that in the past this was do to a limitation of GitHub OAuth scopes, but now that they have GitHub Apps which allows more granular permission, I would appreciate if I could specify a lower privileged access so that CircleCI cannot arbitrarily modify code in GitHub.

New API should allow much more granular access so that by default you don’t get write access. I see this as a real differentiator when picking the most secure CI SAAS.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Nov 20 2017
  • Taking votes
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    29 Mar 16:21
    Yes, please! We would like to use CircleCI but I'm not giving you write-permission to everything I have on GitHub. I don't think CircleCI is malicious, but mistakes happen and I don't see any reason for you to have write-permission in the first place.
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    19 Apr 09:52

    For what it's worth Travis CI has this already

  • Admin
    George Reyes commented
    30 Apr 17:10

    Thank you for all of your feedback. We definitely understand the value that this would give to our customers by adding this. However, supporting granular scopes is a big change for our system and requires significant engineering effort that we are not prioritising right now