Skip to content
Snippets Groups Projects
Unverified Commit 655e31d1 authored by HonkingGoose's avatar HonkingGoose Committed by GitHub
Browse files

docs: create security and permissions file (#13748) 


Co-authored-by: default avatarRhys Arkins <rhys@arkins.net>
parent 1b13eb67
Hide whitespace changes
Inline Side-by-side
docs/usage/security-and-permissions.md 0 → 100644
+ 24
0
View file @ 655e31d1
# Security and Permissions
## Global Permissions
| Permission | Renovate hosted app | Forking Renovate | Why |
| ----------------- | :-----------------: | :----------------: | ------------------------------------------------------------- |
| Dependabot alerts | `read` | `read` | Create vulnerability fix PRs |
| Administration | `read` | `read` | Read branch protections and to be able to assign teams to PRs |
| Metadata | `read` | `read` | Mandatory for all apps |
| Checks | `read` and `write` | not applicable | Read and write status checks |
| Code | `read` and `write` | `read` | Read for repository content and write for creating branches |
| Commit statuses | `read` and `write` | `read` and `write` | Read and write commit statuses for Renovate PRs |
| Issues | `read` and `write` | `read` and `write` | Create dependency dashboard or Config Warning issues |
| Pull Requests | `read` and `write` | `read` and `write` | Create update PRs |
| Workflows | `read` and `write` | not applicable | Explicit permission needed in order to update workflows |
## User permissions
Renovate can also request users's permission to the following resources.
These permissions will be requested and authorized on an individual-user basis.
| Permission | Renovate hosted app | Forking Renovate | Why |
| ---------- | :-----------------: | :--------------: | -------------------------------------------------------- |
| email | `read` | N/A | Per-user consent requested if logging into App dashboard |
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment