Create GitHub App as alternative to GitHub OAuth
Gearset currently uses OAuth to connect to GitHub, and the way that works is that the OAuth connections have permissions to all repositories that my user has access to, which from a security perspective is a problem, because if the github key were ever compromised, it would provide very broad access to customers GitHub organizations.
Security teams would feel much better with the ability to limit the scope of access to just one repo instead of all the repos that my GitHub user has access to, which can be accomplished by creating a Github App which can be installed for an individual repo.
Quote from GitHub docs: "GitHub Apps are the officially recommended way to integrate with GitHub because they offer many advantages over a pure OAuth-based integration"
Austin Turner
shared this idea
We are working on this, and hope to release this shortly.
-
Anonymous commented
Good to hear that you are working on this 🚀
-
Nikhil Tyagi commented
Custom git will not allow us to setup CI jobs where source Or targets needs to be a Github repository . GitHub Apps can be a great idea to work with in these cases.
-
Thanks for the idea. Does connecting via the Custom git repository connection on the https://app.gearset.com/linked-service-connections page help address this use case?