Skip to main content

GitHub App Permissions

To enable Cimon's functionality, you must install our GitHub App and grant it the necessary permissions. This page explains why we require these permissions and how they are used.

Read Permissions for Repository "Contents"

Cimon requires contents read access that allows viewing information such as repository file content, commits, branches, downloads, releases, and merges. This permission is essential for Cimon to read workflows and monitor installations in real time.

By monitoring your Cimon installations, we can provide valuable insights into your security posture, showing you where you installed Cimon as a runtime security solution and where you missed it and left a security gap. Using the GitHub App, we can also get updates in real-time about workflow updates, ensuring that Cimon remains up-to-date and effective at all times.

Read Permissions for Repository "Administration"

Cimon requires administration read access to gather information related to the administration settings of your repositories. This permission allows Cimon to retrieve details such as repository creation. By having access to this information, Cimon can manage installations by monitoring the repositories in the organization effectively through webhooks.

Read Permissions for Repository "Actions"

Cimon requires actions read access to retrieve information about GitHub Actions workflows associated with your repositories. This permission allows Cimon to analyze and monitor repositories workflows so you can monitor Cimon installation in the Cycode platform.

Read Permissions for Organization "Administration"

Cimon requires organization administration read access to gather information related to the administration settings of your GitHub organization. This organization-wide permission is needed to allow the Github app correctly onboard and allow the Cycode platform fully integrate with your organization so data sync will be effective and efficient.

Read Permissions for User Email Addresses

Cimon requires read access to users' email addresses for the following purposes:

  • Authorization: By verifying users' email addresses, Cimon can authenticate and authorize user access to our platform. This ensures that only authorized users would have access to the organization's data.
  • Multi-organization Management: Many users manage multiple organizations or work with different teams on various projects. Read access to users' email addresses allows Cimon to recognize a single user across multiple organizations, streamlining the management process and making it easier for users to oversee and manage Cimon for all their projects.

Please note that Cimon only uses the granted permissions to provide its intended functionality and does not access, modify, or store any data beyond what is necessary for its operation. Your privacy and data security is of utmost importance to us.