Update to the Codefresh Permission Policy

Update to the Codefresh Permission Policy

2 min read

Here at Codefresh, the security of your code is our top priority. We are committed to not disclose your code to any 3rd party and to ask for the minimum permissions required to automate your Continuous Integration and Delivery process . Our team will not read your code unless explicitly requested by you as part of a support case. As part of our commitment, I would like to share with you the recent changes we made to the permissions required by Codefresh to build and test your application.

User first login

When users first log in to Codefresh, Codefresh will only ask permission for:

  • Personal User Data
  • Repository webhooks and service (to public repos that you have admin rights in)
  • Read/Write commit statuses (not direct code access)
  • Deployments statuses (not direct code access)
  • Organizations and teams (read)

2016-04-06_12-14-29

How to add private repos to Codefresh

As we do not ask permission to view your private repositories, when you add a new service, we offer the option to grant access to private repos and add them.

2016-04-06_12-50-24

Then Codefresh will ask for the additional permission required to add your private repos. Please note that while read/write permission is required to access and clone your private repos, Codefresh will not make any changes to your code under any circumstances, unless specifically requested by you as part of a support case.

2016-04-06_15-07-00

After doing this initially, you can always add or remove acce to private repos under User Settings.

Feedback

We take security incredibly seriously. If you have any suggestions for how we could improve our security, or improve this policy, please contact us at security@codefresh.io. We will act immediately to deal with the issue.

 

Ready to Get Started?
  • safer deployments
  • More frequent deployments
  • resilient deployments