Reviewpad is distributed as a GitHub App. This means that it is installed on your GitHub account and has access to your repositories.
The repositories to which Reviewpad has access are defined at the installation time. All repositories outside of the defined list are not accessible to Reviewpad.
Reviewpad executions do not communicate between them, they are ephemeral and run in an isolated environment from other users so that there is no possibility of information leaks between environments.
Reviewpad requires the following permissions:
|Actions||Read and write|
|Checks||Read and write|
|Code scanning alerts||Read-only|
|Commit statuses||Read and write|
|Contents||Read and write|
|Issues||Read and write|
|Merge queues||Read and write|
|Pull requests||Read and write|
|Secret scanning alerts||Read-only|
|Webhooks||Read and write|
|Projects||Read and write|