[
StrictOps
control plane
How It WorksPricingSecurityDocs
Log InGet Started
StrictOps Docs
Getting Started

GitHub Permissions

Understand the permissions required by the StrictOps GitHub App

GitHub Permissions

The StrictOps GitHub App requires specific permissions to deploy your applications and provide feedback on pull requests. This page explains what each permission is used for and why it's needed.

Required Permissions

Repository Contents (Read & Write)

  • Read repository metadata - Access basic repository information like name, description, and settings
  • Read commits and branches - Track code changes and identify which version to deploy
  • Access strictops.yml - Read your deployment configuration file
  • Create workflow files - Generate GitHub Actions workflow files for automated deployments

Commit Statuses (Write)

  • Write deployment statuses - Show deployment progress and results directly on commits and pull requests
  • Create status checks - Report build and deployment outcomes in your GitHub workflow

Actions (Read & Write)

  • Read workflow runs - Monitor the status of GitHub Actions workflows
  • Trigger workflow runs - Automatically start deployments when you push code or merge pull requests

Why These Permissions?

StrictOps follows the principle of least privilege. We only request permissions that are necessary for the core deployment functionality:

  1. Write access is scoped - StrictOps only writes GitHub Actions workflow files to your repository; it does not modify application code
  2. No access to secrets - We don't read or store your GitHub secrets
  3. No admin access - We don't need organization or repository admin permissions

Repository Selection

When installing the StrictOps GitHub App, you can choose to grant access to:

  • All repositories - StrictOps can deploy any repository in your organization
  • Selected repositories - Limit access to specific repositories you want to deploy

You can change this selection at any time from your GitHub App installation settings.

Revoking Access

To revoke StrictOps access to your repositories:

  1. Go to your GitHub account or organization settings
  2. Navigate to Applications > Installed GitHub Apps
  3. Find StrictOps and click Configure
  4. Click Uninstall to completely remove access, or modify repository selection

Questions?

If you have concerns about the permissions we request, please contact us. We're happy to explain our security practices in more detail.

Previous

AWS Setup

Next

Core Concepts

On this page