Render's broad GitHub permissions

We use Render for a few private repos in our work GitHub org.

When I look at my org’s Settings → Installed GitHub Apps → Render, I see:

  • Read access to administration, code, members, metadata, organization hooks, and vulnerability alerts
  • Read and write access to actions, checks, commit statuses, deployments, environments, issues, pull requests, repository hooks, and workflows

Can I reduce the scope for features I’m not using? For example, can I remove write access to everything? And remove read access to org hooks, vulnerability alerts, actions, etc?

Hi @cakoose, at the moment, we don’t support modifying the Github permission scope on an ad-hoc basis. However, you are welcome to submit your feedback as a feature request so that it can be considered for future product iterations.

Yes, the same applies for Gitlab. As a workaround I plan to create a dedicated user per-service so that each service connection only has access to the one repo I need it to have access to. I control the permissions for that service indirectly by controlling permissions on the user. It’s an ugly workaround.