tedspare
commented
1 year ago Hey @theduke! Thanks for the thoughts on security. I'd agree the code permission would ideally be removed, but it was necessary in my latest test.
If you're uncertain, please feel free to self-host or stand it up locally and test with finer-grained permissions.
Thanks for this great tool!
I did notice though that the app requires a huge amount of permissions.
Granting all of these to a small third party app that could be compromised seems very unadvisable to me, no security-minded organization should do so.
I guess there a technical reason why this is needed? Lack of fine-grained permissions on the Github side?
Is there a way to reduce the required permissions?