The official Cortex GitHub application and custom GitHub applications have certain permission requirements to work as expected with your Cortex instance:
The table below outlines Cortex's purpose for requiring each permission:
GitHub Permission | Purpose in Cortex |
Single file, read and write to path cortex.yaml
|
Read Create |
Dependabot alerts, read-only | Read vulnerability information for Git CQL rules (Only relevant if using Dependabot) |
Actions, read-only |
Read workflow run information for Git CQL rules Artifact information for actions |
Metadata, read-only | Read associated data with repositories for populating entity Git integration and for Git CQL rules |
Code scanning alerts, read-only |
Get vulnerability information for Git CQL rules |
Administration, read and write |
Create repositories (Scaffolder) |
Checks, read and write |
Used by app linter on pull requests |
Commit statuses, read and write |
Read commits for entity Git metadata and Git CQL rules Show pending status messages on the OpenAPI incompatibility check |
Contents, read and write |
Read Read Git rules Create file contents (Scaffolder) Embed repo markdown files in entity details |
Pull requests, read and write |
Read pull request data for Git CQL rules and developer homepage My PRs tab Comment if there are breaking OpenAPI changes on a PR |
Secrets, read and write |
Optionally write repo secrets after creating new repo (Scaffolder) |
Workflows, read and write |
Write in GitHub Actions files (Scaffolder) |
Members, read-only |
Read membership information for team/ownership |
Comments
0 comments
Article is closed for comments.