Link service provider unsafe

earonesty · January 6, 2020, 4:30pm

Unclear what “Link service provider” is for, but certain it is unsafe

See here:

https://docs.codecov.io/docs/link-service-provider

I did get that the correct settings for gitlab.com are:

+gitlab:

client_id: xxxx
client_secret: xxx

However, it’s also clear that this is unsafe. Why would codecov require uploading app sercrets to repositories (private or otherwise). I’d be happy to paste these in at codecov.io somewhere instead!

drazisil · January 6, 2020, 4:53pm

Hi @earonesty

These settings for for Codecov Enterprise, in which case the config is only visible to you and not Codecov. If you are using that version and have concerns, please open a ticket. Otherwise, if you are trying to use these settings to sovle a problem, please let me know so we can assist.

Topic		Replies	Views
Codecov + private repo on gitlab.com getting CI Failed Support	7	966	December 17, 2022
There was a problem getting repo contents from your provider (gitlab integration broken) Support	1	234	August 16, 2023
Team Bot is missing (Gitlab) Support	2	187	November 16, 2022
No codecov comments on Merge Requests on gitlab Bug Fixes	21	819	October 21, 2021
Throw 500 when login with Gitlab CE Bug Fixes	11	779	November 1, 2019

Link service provider unsafe

Unclear what “Link service provider” is for, but certain it is unsafe

Related topics