Repository permissions

FOSSA supports several different ways of importing your code via Dashboard > Add Project:

• Github
• Bitbucket
• Gitlab

FOSSA uses the Oauth API's for each of these services in order to import, which requires users to grant certain permissions to FOSSA.

Github permissions

Cloud

To import a project from your user/organization, FOSSA will need

• Read access to code
• Read access to metadata and pull requests
• Read and write access to commit statuses, issues, and the .fossaignore file

On-prem

To import from your github, FOSSA requires the following permissions:

• repo
• user
• write:repo_hook
• read:org
• admin:org_hook

For more information on these permissions, view the Github docs

Bitbucket permissions

To import from your bitbucket, FOSSA requires the following permissions:

• Account
  • Email
  • Read
• Team membership
  • Read
• Projects
  • Read
• Repositories
  • Read
• Pull requests
  • Read
• Issues
  • Read
  • Write
• Snippets
  • Read
• Webhooks
  • Read and write
• Pipelines
  • Read

For more information on these permissions, view the Bitbucket docs

Gitlab permissions

To import from your github, FOSSA requires the following permissions:

• api

For more information on these permissions, view the Gitlab docs