Replies: 4 comments
-
|
Hi @sandstrom , You can see why this access is required on our https://about.codecov.io/security/ It is under the |
Beta Was this translation helpful? Give feedback.
-
|
@drazisil-codecov Ah, alright. I thought with the browser extension that one could skip giving source code access, because the extension could be setup to use it's own access token. https://docs.codecov.com/docs/the-codecov-browser-extension If you have an internal feedback system, I'd like to suggest that you should allow operation of Codecov without giving source code access. I'll keep an eye out for future changes in this area, and worst case we could try to self-host it. Have a great day! 🌞 |
Beta Was this translation helpful? Give feedback.
-
|
I'm not sure if there is a way for Codecov to function without code access, but I'll make sure that @rohan-at-sentry sees your feedback :) |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @drazisil-codecov @sandstrom , I'm converting this to a discussion so we can gauge interest from the wider user community |
Beta Was this translation helpful? Give feedback.
-
I wanted to try out Codecov for our repository. But it doesn't seem to work without giving read-access to source code.
Is it possible to use your CLI tool in our Github Actions runner, and upload reports etc. to your server, but not give Codecov source code access?
What specific functionality is it that require source code access or access to all PRs. I'm trying to read the docs, but couldn't really find anything specific that would require that type of access, and wouldn't be doable via the CLI.
As for why, you having source-code access makes you a sought-after target for hackers. If nothing else, the fact that you've already been hacked before is probably a good indication on why it's not ideal to hand out source-code read access to third-parties unless necessary.
Beta Was this translation helpful? Give feedback.
All reactions