Skip to content

Required Permissions for Software Configuration Management Apps

App permissions enable BoostSecurity to access your Software Configuration Management (SCM) Application integrations. These permissions are required for BoostSecurity to perform security checks on your projects, CI/CD security checks, apply security checks, etc.

This page provides detailed information about the required permissions for each SCM application.

GitHub

This integration enables BoostSecurity to access your GitHub organization and repositories, and apply security checks, including CI/CD supply chain security checks and Dependabot.

Permissions

The required permissions for GitHub integration to BoostSecurity includes:

  • Read access: Files located at .boostignore, .boostinclude, .github/workflows/boost.yml, Dependabot alerts, actions, administration, members, metadata, organization administration, organization hooks, organization secrets, secret scanning alerts, and security events.

  • Read and write access - Checks, Issues, Pull Requests.

GitLab

This integration enables BoostSecurity to access your GitLab groups and to apply security checks, including CI/CD supply chain security checks.

Permissions

The required permissions for GitLab integration to BoostSecurity includes:

  • Read access: Dependabot alerts, actions, administration, members, metadata, organization administration, organization hooks, organization secrets, secret scanning alerts, and security events.

  • Read & Write access - Access to the API, including all groups and projects, the container registry, and the package registry.

Bitbucket

Integration to Bitbucket allows BoostSecurity to access your Bitbucket organization and repositories, and apply security checks, including CI/CD supply chain security checks.

Permissions

The required permissions for Bitbucket integration to BoostSecurity includes:

  • Read access: Files located at .boostignore, .boostinclude, .bitbucket/workflows/boost.yml, Dependabot alerts, actions, administration, members, metadata, organization administration, organization hooks, organization secrets, secret scanning alerts, and security events.

  • Read and write access - Checks, Issues, Pull Requests.

Azure DevOps

This integration enables BoostSecurity to access your Azure DevOps projects to enable security checks, including CI/CD supply chain security checks.

Permissions

The required permissions for Azure DevOps integration to BoostSecurity includes:

  • Read access - Project and Team: Read the organization's projects and team.
  • Read access - Code: Source code, repositories, pull requests, and notifications.
  • Read access - Agent Pools: Needed to get the list of Agent pools.
  • Read & Write access - Pull Request Threads: Read and write to pull request comment threads.
  • Status access - Code: Source code, repositories, pull requests, and notifications.

Zero Touch Provisioning For Bitbucket

Zero Touch Provisioning for Bitbucket integration enables the security check workflows to be executed from the .boost repository in the Bitbucket organization.

Permissions

The required permissions for this integration to BoostSecurity includes:

  • Read access - Account, Pull Requests, Repository.
  • Read & Write access - Pipelines.

Zero Touch Provisioning For GitHub

Zero Touch Provisioning for GitHub enables the security check workflows to be executed from the .boost repository in the GitHub organization.

Permissions

The required permissions for this integration to BoostSecurity includes:

  • Read access - Actions, Dependabot alerts, webhooks, administration, metadata, secret scanning alerts, workflows, and security events.

  • Read & Write access - Checks, Issues, Pull Requests.