Closed jgadsden closed 9 months ago
This issue has been migrated from : https://github.com/mike-goodwin/owasp-threat-dragon/issues/72 and was opened by @fadeevab :
To use the online version of application the GitHub's authentication is requested.
However a requested scope of permissions is quietly wide:
This application will be able to read and write all public repository data. This includes the following: Code Issues Pull requests Wikis Settings Webhooks and services Deploy keys
This application will be able to read and write all public repository data. This includes the following:
Code Issues Pull requests Wikis Settings Webhooks and services Deploy keys
I'm pretty sure it's enough to get an empty scope (see https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/): to read public account information. It's not clear about all other permissions.
Thank you!
Nothing can be done about this, it is provide by the GitHub OAuth Application and there is not an (obvious) way of changing it
This issue has been migrated from : https://github.com/mike-goodwin/owasp-threat-dragon/issues/72 and was opened by @fadeevab :
To use the online version of application the GitHub's authentication is requested.
However a requested scope of permissions is quietly wide:
I'm pretty sure it's enough to get an empty scope (see https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/): to read public account information. It's not clear about all other permissions.
Thank you!