What permissions does reshift gain access to?

This depends on the Git provider, since different providers have different permission models, but in general Reshift asks for the following permissions:

  • Read-Only access to account information: this is needed for authentication purposes, this is also needed to communicate important information regarding vulnerabilities found in the source code.

  • Read-Only access to organization information: this is needed to give you a complete control over the repositories that you need to scan. This is also needed to gain access to the organization permissions and model them in Reshift

  • Read-Only access to public and private repositories, this is needed to display lines of code relevant to the issues found.

For more information about the exact permissions required for GitHub, visit: Signing up Using GitHub.

For more information about the exact permissions required for Bitbucket, please visit: Signing up Using Bitbucket.

For more information about the exact permissions required for GitLab, please visit: Signing up Using GitLab.

If you have any more questions, please email us at info@reshiftsecurity.com!