Skip to main content
Version: 3.16.0

Security

Reviewpad is distributed as a GitHub App. This means that it is installed on your GitHub account and has access to your repositories.

The repositories to which Reviewpad has access is defined at the installation time. All repositories outside of the defined list are not accessible to Reviewpad.

Reviewpad executions do not communicate between them, they are ephemeral and run in an isolated environment from other users so that there is no possibility of information leaks between environments.

Permissions

Reviewpad requires the following permissions:

DescriptionPermissions
ActionsRead-only
AdministrationRead-only
ChecksRead and write
Code scanning alertsRead-only
Commit statusesRead and write
ContentsRead and write
Dependabot alertsRead-only
DeploymentsRead-only
IssuesRead and write
Merge queuesRead and write
MetadataRead-only
PackagesRead-only
Pull requestsRead and write
Secret scanning alertsRead-only
WebhooksRead and write