Skip to content
Snippets Groups Projects
Unverified Commit 31f539b9 authored by HonkingGoose's avatar HonkingGoose Committed by GitHub
Browse files

docs(security-and-permissions): preamble, new sections (#14570)

parent b79c82e2
No related merge requests found
Hide whitespace changes
Inline Side-by-side
docs/usage/security-and-permissions.md
+ 29
3
View file @ 31f539b9
# Security and Permissions # Security and Permissions
## Global Permissions This page talks about our security stance, and explains what permissions are needed for the different ways you can run Renovate.
## Security Stance
Renovate is open source software, and comes with no guarantees or warranties of any kind.
That said, we will try to fix security problems in a reasonable timeframe if possible.
### No certifications
Renovate the Open Source project does **not** have ISO 27001 or SOC2 certifications.
WhiteSource the company, which maintains Renovate and operates the hosted Renovate App for GitHub, does have ISO 27001 and SOC2 certifications.
### Security / Disclosure
If you find any bug with Renovate that may be a security problem, then e-mail us at: [renovate-disclosure@whitesourcesoftware.com](mailto:renovate-disclosure@whitesourcesoftware.com).
This way we can evaluate the bug and hopefully fix it before it gets abused.
Please give us enough time to investigate the bug before you report it anywhere else.
Please do not create GitHub issues for security-related doubts or problems.
## Permissions
We apply the Principle of Least Privilege (PoLP) but do need substantial privileges in order for our apps to work.
### Global Permissions
These permissions are always needed to run the respective app.
| Permission | Renovate hosted app | Forking Renovate | Why | | Permission | Renovate hosted app | Forking Renovate | Why |
| ----------------- | :-----------------: | :----------------: | ------------------------------------------------------------- | | ----------------- | :-----------------: | :----------------: | ------------------------------------------------------------- |
...@@ -14,11 +40,11 @@ ...@@ -14,11 +40,11 @@
| Pull Requests | `read` and `write` | `read` and `write` | Create update PRs | | Pull Requests | `read` and `write` | `read` and `write` | Create update PRs |
| Workflows | `read` and `write` | not applicable | Explicit permission needed in order to update workflows | | Workflows | `read` and `write` | not applicable | Explicit permission needed in order to update workflows |
## User permissions ### User permissions
Renovate can also request users's permission to the following resources. Renovate can also request users's permission to the following resources.
These permissions will be requested and authorized on an individual-user basis. These permissions will be requested and authorized on an individual-user basis.
| Permission | Renovate hosted app | Forking Renovate | Why | | Permission | Renovate hosted app | Forking Renovate | Why |
| ---------- | :-----------------: | :--------------: | -------------------------------------------------------- | | ---------- | :-----------------: | :--------------: | -------------------------------------------------------- |
| email | `read` | N/A | Per-user consent requested if logging into App dashboard | | email | `read` | not applicable | Per-user consent requested if logging into App dashboard |
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment