Full control of private repositories

yugr · January 17, 2022, 5:22am

Today when logging into codecov.io with my Github account (yugr (Yury Gribov) · GitHub) codecov has requested “Full control of private repositories” to log me in. This sounds a bit too much for a coverage collection tool hence some questions.

Why are such extreme permissions needed?
Why only private repos are relevant?
What are the security implications for me in case codecov is hacked?

-Yuri

tom · February 8, 2022, 4:49am

Hi @yugr, thanks for the questions.

Unfortunately, this is a limitation due to GitHub and their available oauth scopes. repo scope is used on private repositories in order to overlay coverage on our site, write back statuses, and add comments onto PRs.
If you are using Codecov for public repositories only, we will not need these permissions.
You should be able to find out the answers on our security page

Topic		Replies	Views
Codecov asking for read/write access to private repos Support github	1	399	May 28, 2021
How to revoke private repo access Support	2	293	October 21, 2021
403 error when trying to view a private repo Support	13	208	March 29, 2023
My public Github repository is recognized by Codecov as private Support	9	871	October 30, 2019
Private->Public Github repo not working Support	3	934	May 24, 2019

Full control of private repositories

Related Topics