threat-dragon icon indicating copy to clipboard operation
threat-dragon copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Too many GitHub permissions required

Open jgadsden opened this issue 4 years ago • 3 comments

This issue has been migrated from : https://github.com/mike-goodwin/owasp-threat-dragon/issues/148 and was opened by @madchap :

When wanting to try TD, it asked me for the following GitHub permissions, which in my opinion are too much:

image

As a result, I personally didn't want to grant so much.

Maybe it is possible to ask for less and achieve what is needed?

Cheers!

jgadsden avatar Jun 05 '20 06:06 jgadsden

Per-repository access is the main thing I'd look for here. I'm fine with giving this level of access to a specific repository that I've chosen, but not to all my repos.

mykter avatar Jul 07 '20 08:07 mykter

Please prioritise this! It's a hard blocker preventing the use of the project and in general sets a poor example.

agostbiro avatar Apr 27 '22 14:04 agostbiro

Hello @mykter and @agostbiro - I understand your frustration. This is specific to threat dragon version 1.x , which is the branch off main that has only security or highest priority fixes applied.

We are working on version 2.x now, and this does not have the problem described here. We expect version 2.0 to be released within a couple of months or so. Apologies for not giving the response that you were looking for

jgadsden avatar Apr 28 '22 04:04 jgadsden

Closing this as it is handled by issue #5

jgadsden avatar Jan 17 '23 05:01 jgadsden