GitHub: Access permissions

GitHub logoGitHub logo

To use Buddy with GitHub you just need to sign up with your GitHub account on our website, or add a GitHub integration if you’re hosting Buddy Enterprise on your own server.

Access to the repositories is performed via OAuth. Following scopes are required:

  1. Email address (authentication)
  2. Read and write all public and private repository data. This is used to check out the repository and write commit statutes.

GitHub integrationGitHub integration

GitHub doesn’t allow to fine-grain the permissions beyond ‘Read and write’. However, we can assure you no data is ever pushed to our repositories. You can learn more about our Privacy Policy here.

Granting access to organization repositories

During the authorization you will be asked which organizations you want to give Buddy access to:

Github Buddy authorizationGithub Buddy authorization

You can add more organizations later on by selecting Buddy from the list of Authorized OAuth Apps in your GitHub account. You will see the list of organizations to which you belong at the bottom. There are two options available:

  • Grant access (if you are an admin of the group)
  • Request access (your request will have to be approved by an admin of the group first)

OAuth for BuddyOAuth for Buddy

Once the access has been granted, you will be able to select the organization’s repositories from the repo dropdown list.

Granting access to a single repository

If you cannot give Buddy access to all repositories in your account, you can select Your Private Git Server when adding a new project and manually set a deployment key in your GitHub repo.

If you don’t have admin rights to add the web hook in your repo, you can pass it to your organization’s admin.

Granting access to another account

If you have two or more GitHub accounts, you can add them to the Integration List in your profile settings:

Integrations window in BuddyIntegrations window in Buddy

Revoking access to GitHub

You can revoke the access in two ways:

  1. Delete the integration from your Buddy profile
  2. Revoke access from your GitHub settings

Revoking access to a GitHub organization

If you’re the organization’s admin you can revoke access from Buddy’s OAuth profile

If you don’t have permissions required, you can ask your admin to revoke access at

You can use GitHub status checks for an extra layer of protection to your code.